Hi
Thanks.
No, there is no proxy in the middle in this testing case, I believe that's why the packets are received at port 443 on the server but then somehow dropped.
Could you check it??? iptraf or tcpdump??? (Just to get sure!)
Is there anything wrong with the iptables rules that might stop this?
I do not understand these rules:
#filter:
-A OUTPUT -d xx.xxx.xxx.199 -p tcp -m tcp --dport 1194 -m state --state NEW -j ACCEPT
-A OUTPUT -d xx.xxx.xxx.199 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
OUTPUT is generated on localhost...
Destination xx.xxx.xxx.198 and xx.xxx.xxx.199... Hmm... Do you really want to send the VPN packets back to yourself???
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
ACCEPT everything?
#nat
-A OUTPUT -d xx.xxx.xxx.199 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 1194
-A OUTPUT -d xx.xxx.xxx.199 -p udp -m udp --dport 443 -j REDIRECT --to-ports 1194
What do you expect from these rules?
It is a bit dangerous to use 443/tcp for vpn...
It was recommended by the OpenVPN users list.
Interesting... :D
But you can
set up 2 services on the same host...
Yes, I could but that makes an administration problem to do with status logs and other stuff I think.
It depends on you... I have 5 vpn services on the same host. (LDAP/PAM
authentication integrated.)
Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
