On Saturday, 24 August 2019 22:58:23 BST the...@sys-concept.com wrote:
> On 08/24/2019 02:03 PM, J. Roeleveld wrote:
> > On 24 August 2019 21:47:16 CEST, the...@sys-concept.com wrote:
> >> My old router Asus RT-N16 was running DD-WRT and OpenVPN passthrough
> >> was
> >> running perfectly. But the router went down.
> >>
> >> I just got a new one D-Link DIR-878 but it seem to me it does not
> >> support OpenVPN passthrough.
> >> I can not establish connection with a remote OpenVPN server.
> >>
> >> Can anybody recommend a router that will work with OpenVPN.
> >
> > OpenVPN works using similar connectivity as other applications. As long as
> > the router doesn't do anything strange it should just work.
> >
> > I would only expect issues with ipsec and similar protocols.
> >
> > Has anything happened at the remote server?
> >
> > --
> > Joost
>
> IPSec (VPN) is enable on this router. Remote host was working OK so I
> don't know what can be at issue.
>
> --
> Joseph
IPSec (whether IKE/IPSec, or L2TP/IPSec) uses different ports and protocols
than OpenVPN, so there should be no clash between the two. In any case, is
there a reason you have IPSec enabled on the router? Many implementations
leave much to be desired.
Most routers allow outgoing connections to any port, thus passing-through any
OpenVPN connections to the remote peer. Returning packets from the remote
peer should be allowed in through your router's firewall, because they are
replies to the initiating OpenVPN client from within your LAN. In iptables
terms the firewall should allow NEW,ESTABLISHED packets through the INPUT
chain, for any connections your clients have initiated.
The default OpenVPN server port (UDP or TCP) is 1194, so outgoing packets from
your client would be on 1194, unless you are using some bespoke OpenVPN
configuration.
Can you enable temporarily your router's logs and keep an eye on dropped/
rejected packets as you are trying to initiate an OpenVPN connection? This
should hopefully give some indication what might be wrong.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
