Re: [Openvpn-users] Checking OpenVPN connectivity
Hi, On 29/04/20 03:26, Erich Titl wrote: Hi Am 29.04.2020 um 00:45 schrieb Leroy Tennison via Openvpn-users: I had a situation today where i was asked "telnet to the port, see if it connects" to check their firewall configuration. I realize this isn't going to work because telnet is tcp and the configuration is udp but it caused me to wonder "Is there a way to test protocol connectivity (are udp packets from a source making it to a destination) without actually trying to make a connection?" The reason I ask is that an existing 1024 bit connection is being replaced by a 4096 bit one and I would prefer to know that the firewall configuration (over which I have no visibility or control) was "in place" before attempting to do so. Why don't you just use an openvpn client with a known working connection and read its log file. Eric is fully correct - depending on your setup, that is about the *only* way you ever will get a useful answer over UDP; if you have set up tls-auth or tls-crypt then 'netcat -u' will not work, as the OpenVPN server will/should drop all packets immediately that are not signed using the right key. HTH, JJK ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Checking OpenVPN connectivity
On Tue, Apr 28, 2020 at 10:45:03PM +, Leroy Tennison via Openvpn-users wrote: > udp packets from a source making it to a destination) without actually trying > to make a connection You can try netcat, with the -u option. Now, if you have a real powerful firewall it may see this is not legitimate OpenVPN traffic and block it. Wonder if this exists. ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Checking OpenVPN connectivity
Hi, On 29/04/2020 02:26, Erich Titl wrote: Hi Am 29.04.2020 um 00:45 schrieb Leroy Tennison via Openvpn-users: The reason I ask is that an existing 1024 bit connection is being replaced by a 4096 bit one and I would prefer to know that the firewall configuration (over which I have no visibility or control) was "in place" before attempting to do so. Why don't you just use an openvpn client with a known working connection and read its log file. If you are "*replacing* a 1024b VPN with a 4096b VPN" then you already know the firewall is configured to accept it. cheers ET ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Checking OpenVPN connectivity
Hi Am 29.04.2020 um 00:45 schrieb Leroy Tennison via Openvpn-users: > I had a situation today where i was asked "telnet to the port, see if it > connects" to check their firewall configuration. I realize this isn't > going to work because telnet is tcp and the configuration is udp but it > caused me to wonder "Is there a way to test protocol connectivity (are > udp packets from a source making it to a destination) without actually > trying to make a connection?" The reason I ask is that an existing 1024 > bit connection is being replaced by a 4096 bit one and I would prefer to > know that the firewall configuration (over which I have no visibility or > control) was "in place" before attempting to do so. > Why don't you just use an openvpn client with a known working connection and read its log file. cheers ET smime.p7s Description: S/MIME Cryptographic Signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] Checking OpenVPN connectivity
I had a situation today where i was asked "telnet to the port, see if it connects" to check their firewall configuration. I realize this isn't going to work because telnet is tcp and the configuration is udp but it caused me to wonder "Is there a way to test protocol connectivity (are udp packets from a source making it to a destination) without actually trying to make a connection?" The reason I ask is that an existing 1024 bit connection is being replaced by a 4096 bit one and I would prefer to know that the firewall configuration (over which I have no visibility or control) was "in place" before attempting to do so.___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users