Join Log in
Score:1
Raakh avatar Server

Openvpn port is not acessible from outside server

br flag
Raakh

Reference that I used: https://www.cyberciti.biz/faq/centos-7-0-set-up-openvpn-server-in-5-minutes/

I configured OPENVPN server on CentOS7. It seems up

[root@linux ~]# nmap -sU linux.domain.com -p 1194

Starting Nmap 6.40 ( http://nmap.org ) at 2023-05-16 18:34 CEST
Nmap scan report for linux.domain.com (163.179.xxx.xxx)
Host is up.
PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds
[root@linux ~]#

When I check as following its active as [email protected]:

[root@linux ~]# systemctl status [email protected]
â [email protected] - OpenVPN service for server
   Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-05-16 17:42:29 CEST; 45min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 18917 (openvpn)
   Status: "Initialization Sequence Completed"
   CGroup: /system.slice/system-openvpn\x2dserver.slice/[email protected]
           ââ18917 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf

And when I check as [email protected]

[root@linux ~]# sudo systemctl status [email protected]
â [email protected] - OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2023-05-16 18:22:50 CEST; 3min 23s ago
  Process: 22518 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
 Main PID: 22518 (code=exited, status=1/FAILURE)
   Status: "Pre-connection initialization successful"

I am checking the process and it says:

[root@linux ~]# netstat -tulp | grep openvpn
udp        0      0 0.0.0.0:openvpn         0.0.0.0:*                           18917/openvpn

I am checking its port https://ping.eu/port-chk/ says: Closed whereas I added it in my iptables:

iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT

Here is my server.conf file:

port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.xxx.xxx.xxx"
push "dhcp-option DNS 94.xxx.xxx.xxx"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt /etc/openvpn/tls-crypt.key
crl-verify /etc/openvpn/crl.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server_szio3MfsApd8cnHE.crt
key /etc/openvpn/server_szio3MfsApd8cnHE.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

Please advise why its not working

Best regards

130
1 + 2
vpn
ws flag
symcbean
You didn't say why you think its not working. Most likely the traffic is blocked by a firewall between where you tested it from and the server (including host firewalls at each end)
0
Reply
Raakh avatar
br flag
Raakh
I added firewall rules and 1194 UDP port is accessible from outside world. What else I should check?
0
Reply
Score:0
Alberto Castillo G avatar Server
gg flag
Alberto Castillo G

There's many factors that could be affecting here and server configuration is just one part of it. For instance, the site used to check the port (https://ping.eu/port-chk/) is for TCP, while OpenVPN is listening through UDP. Try using nmap from a remote computer in order to test specifically for UDP.

Other elements like external firewalls should also be taken into consideration.

You're using a third party script to set up OpenVPN. The first systemctl status looks like the correct one according to the script. I'd suggest asking directly in the script repository for more specific details if other tests fail and point towards an error in configuration (https://github.com/Angristan/openvpn-install).

+ 2
Raakh avatar
br flag
Raakh
@Aberto I removed all configuration and reinstalled from your referred link but same position not able to connect.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.