OPNsense Forum
English Forums => Virtual private networks => Topic started by: errored out on May 15, 2021, 08:14:00 am
-
I have created an openvpn server and configured it for WAN port 1194. The FW rules have been setup and in testing, the client is able to connect fine.
Once I change the openvpn server to use WAN port 53 and the FW rules for port 53, the client is not able to maintain a connection. It is able to communicate, however, it looks like something is interfering with the traffic. I can't figure out what it is. BTW, DNS is not configured on this interface.
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:36220: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1030
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 UDPv4 WRITE [1128] to [AF_INET]84.25.30.98:36220: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1030
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 UDPv4 READ [363] from [AF_INET]84.25.30.98:36220: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=277
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 UDPv4 READ [94] from [AF_INET]84.25.30.98:36220: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 UDPv4 WRITE [98] to [AF_INET]84.25.30.98:36220: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 TLS: Initial packet from [AF_INET]84.25.30.98:36220, sid=b17d5146 05abbd85
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 UDPv4 READ [86] from [AF_INET]84.25.30.98:36220: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
2021-05-14T23:01:30 openvpn[23633] 84.25.30.98:36220 Re-using SSL/TLS context
2021-05-14T23:01:30 openvpn[23633] MULTI: multi_create_instance called
2021-05-14T23:01:28 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:01:26 openvpn[23633] 84.25.30.98:49400 SIGUSR1[soft,tls-error] received, client-instance restarting
2021-05-14T23:01:26 openvpn[23633] 84.25.30.98:49400 TLS Error: TLS handshake failed
2021-05-14T23:01:26 openvpn[23633] 84.25.30.98:49400 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-05-14T23:01:18 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:01:08 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:00:59 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #16 ] [ ] pid=6 DATA len=1030
2021-05-14T23:00:58 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:00:48 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:00:43 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #15 ] [ ] pid=6 DATA len=1030
2021-05-14T23:00:38 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:00:35 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #14 ] [ ] pid=6 DATA len=1030
2021-05-14T23:00:31 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #13 ] [ ] pid=6 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #11 ] [ 9 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #10 ] [ 8 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #9 ] [ 7 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [101] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=9 DATA len=15
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #8 ] [ 5 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=8 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #7 ] [ 4 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=7 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #6 ] [ 3 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=6 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=5 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=4 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=3 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=2 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [1128] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #4 ] [ 1 ] pid=1 DATA len=1030
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [363] from [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=277
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [94] to [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #3 ] [ 0 ]
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [98] from [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ 0 ] pid=0 DATA len=0
2021-05-14T23:00:28 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [86] to [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
2021-05-14T23:00:27 openvpn[48602] User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 UDPv4 WRITE [98] to [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 TLS: Initial packet from [AF_INET]84.25.30.98:49400, sid=feaecab0 420d0d44
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 UDPv4 READ [86] from [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
2021-05-14T23:00:26 openvpn[23633] 84.25.30.98:49400 Re-using SSL/TLS context
2021-05-14T23:00:26 openvpn[23633] MULTI: multi_create_instance called
-
OpenVPN has a feature to share a port with a daemon on the same machine. It will accept all packets on the port and forward the non-VPN ones over the loopback interface. The other daemon will need to either listen only on loopback, or use a different port.
https://www.vpntutorials.com/tutorials/openvpn-sharing-a-port-with-a-webserver-on-port-80-443/
If your aim is to bypass restrictive firewalls on the client side, then consider 443 over 53. Organisations are typically more restrictive in the DNS traffic they allow compared to HTTPS.
Bart...
-
Thank you, but this does not help with my issue. The problem is that the corrupted traffic for port 53 is not identified nor what is causing the corruption. So, we can proxy the port with another service since we have not set one up for 53 on that interface.
We'll keep it in mind if it turns out to be the issue.
Thank you.
-
It's possible that your ISP is bumping inbound traffic with destination port 53 to prevent misconfigured systems from being used in DNS amplification attacks.
-
Thanks for the help. I just quit trying to get this to work.