• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

OpenVPN connection cannot be made from some networks

A

Antoneo

Diamond Member
Hey guys, I have OpenVPN running in server configuration on a DD-WRT router and OpenVPN client on a laptop. Keys, certificates, and matching configuration files have been made. The setup does work; however on some public wireless networks, my OpenVPN client is not able to establish a connection. On the troublesome networks, I am able to browse the web and access sites requiring SSL connections (my OpenVPN server accepts requests made on port 443).

This is the part of the OpenVPN clientlog where the connection "times out":
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Wed Feb 20 09:32:15 2008 TCP/UDP: Closing socket

On other public wireless networks, the connection is made without problems and I am able to ping devices behind the router and browse network shares. I'm pretty sure that the problem is not on my side, but what is causing the problem on those other networks? I thought by configuring the VPN traffic to occur over port 443 to my OpenVPN server, it would result in conflict-free outbound connections since almost no one blocks it. Or am I overlooking something here?
 
It's probably being blocked by the owners of those networks. Many don't like people doing this kind of thing.

-edit-
quickly looking at openvpn FAQs I'm positive it's being blocked. It runs on tcp/udp port 1194. SSL/TLS is just the session layer encryption.
 
Hi spidey07, I have my OpenVPN server and client configured to use UDP on port 443, not the default port 1194. I thought by configuring OpenVPN to run over a common port, it would have the greatest chance of working on any public network.

If both OpenVPN and https uses SSL/TLS at the session layer, in this case the network firewall should not be able to detect and block the OpenVPN traffic as the ports and traffic would match. Is that incorrect?
 
Yes that is incorrect. HTTPS uses TCP port 443, not UDP. UDP 443 is probably blocked.

Also there are aways to detect if you're tunneling with SSL.
 
Oooh, good point! I forgot about https and TCP 443 part of things; that would be the most likely explanation. Hrm, time to test tunneling over TCP 443. I'll be back with the results later hehe.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top