| 1 |
On Saturday, 24 August 2019 22:58:23 BST thelma@×××××××××××.com wrote: |
| 2 |
> On 08/24/2019 02:03 PM, J. Roeleveld wrote: |
| 3 |
> > On 24 August 2019 21:47:16 CEST, thelma@×××××××××××.com wrote: |
| 4 |
> >> My old router Asus RT-N16 was running DD-WRT and OpenVPN passthrough |
| 5 |
> >> was |
| 6 |
> >> running perfectly. But the router went down. |
| 7 |
> >> |
| 8 |
> >> I just got a new one D-Link DIR-878 but it seem to me it does not |
| 9 |
> >> support OpenVPN passthrough. |
| 10 |
> >> I can not establish connection with a remote OpenVPN server. |
| 11 |
> >> |
| 12 |
> >> Can anybody recommend a router that will work with OpenVPN. |
| 13 |
> > |
| 14 |
> > OpenVPN works using similar connectivity as other applications. As long as |
| 15 |
> > the router doesn't do anything strange it should just work. |
| 16 |
> > |
| 17 |
> > I would only expect issues with ipsec and similar protocols. |
| 18 |
> > |
| 19 |
> > Has anything happened at the remote server? |
| 20 |
> > |
| 21 |
> > -- |
| 22 |
> > Joost |
| 23 |
> |
| 24 |
> IPSec (VPN) is enable on this router. Remote host was working OK so I |
| 25 |
> don't know what can be at issue. |
| 26 |
> |
| 27 |
> -- |
| 28 |
> Joseph |
| 29 |
|
| 30 |
IPSec (whether IKE/IPSec, or L2TP/IPSec) uses different ports and protocols |
| 31 |
than OpenVPN, so there should be no clash between the two. In any case, is |
| 32 |
there a reason you have IPSec enabled on the router? Many implementations |
| 33 |
leave much to be desired. |
| 34 |
|
| 35 |
Most routers allow outgoing connections to any port, thus passing-through any |
| 36 |
OpenVPN connections to the remote peer. Returning packets from the remote |
| 37 |
peer should be allowed in through your router's firewall, because they are |
| 38 |
replies to the initiating OpenVPN client from within your LAN. In iptables |
| 39 |
terms the firewall should allow NEW,ESTABLISHED packets through the INPUT |
| 40 |
chain, for any connections your clients have initiated. |
| 41 |
|
| 42 |
The default OpenVPN server port (UDP or TCP) is 1194, so outgoing packets from |
| 43 |
your client would be on 1194, unless you are using some bespoke OpenVPN |
| 44 |
configuration. |
| 45 |
|
| 46 |
Can you enable temporarily your router's logs and keep an eye on dropped/ |
| 47 |
rejected packets as you are trying to initiate an OpenVPN connection? This |
| 48 |
should hopefully give some indication what might be wrong. |
| 49 |
-- |
| 50 |
Regards, |
| 51 |
|
| 52 |
Mick |
Archives