1 |
On Saturday, 24 August 2019 22:58:23 BST thelma@×××××××××××.com wrote: |
2 |
> On 08/24/2019 02:03 PM, J. Roeleveld wrote: |
3 |
> > On 24 August 2019 21:47:16 CEST, thelma@×××××××××××.com wrote: |
4 |
> >> My old router Asus RT-N16 was running DD-WRT and OpenVPN passthrough |
5 |
> >> was |
6 |
> >> running perfectly. But the router went down. |
7 |
> >> |
8 |
> >> I just got a new one D-Link DIR-878 but it seem to me it does not |
9 |
> >> support OpenVPN passthrough. |
10 |
> >> I can not establish connection with a remote OpenVPN server. |
11 |
> >> |
12 |
> >> Can anybody recommend a router that will work with OpenVPN. |
13 |
> > |
14 |
> > OpenVPN works using similar connectivity as other applications. As long as |
15 |
> > the router doesn't do anything strange it should just work. |
16 |
> > |
17 |
> > I would only expect issues with ipsec and similar protocols. |
18 |
> > |
19 |
> > Has anything happened at the remote server? |
20 |
> > |
21 |
> > -- |
22 |
> > Joost |
23 |
> |
24 |
> IPSec (VPN) is enable on this router. Remote host was working OK so I |
25 |
> don't know what can be at issue. |
26 |
> |
27 |
> -- |
28 |
> Joseph |
29 |
|
30 |
IPSec (whether IKE/IPSec, or L2TP/IPSec) uses different ports and protocols |
31 |
than OpenVPN, so there should be no clash between the two. In any case, is |
32 |
there a reason you have IPSec enabled on the router? Many implementations |
33 |
leave much to be desired. |
34 |
|
35 |
Most routers allow outgoing connections to any port, thus passing-through any |
36 |
OpenVPN connections to the remote peer. Returning packets from the remote |
37 |
peer should be allowed in through your router's firewall, because they are |
38 |
replies to the initiating OpenVPN client from within your LAN. In iptables |
39 |
terms the firewall should allow NEW,ESTABLISHED packets through the INPUT |
40 |
chain, for any connections your clients have initiated. |
41 |
|
42 |
The default OpenVPN server port (UDP or TCP) is 1194, so outgoing packets from |
43 |
your client would be on 1194, unless you are using some bespoke OpenVPN |
44 |
configuration. |
45 |
|
46 |
Can you enable temporarily your router's logs and keep an eye on dropped/ |
47 |
rejected packets as you are trying to initiate an OpenVPN connection? This |
48 |
should hopefully give some indication what might be wrong. |
49 |
-- |
50 |
Regards, |
51 |
|
52 |
Mick |