uniquethis
New Around Here
Hello,
I have asus rt-ac68u with asuswrt-merlin 380.57. OpenVpn server is enabled and works fine with TCP protocol and custom port number. DDNS is enabled (via jffs and 'custom' ddns server name option in GUI), client machine is located inside routers LAN (connected via WiFi). But, as soon as I change protocol to UDP (on server and in client config) vpn client fails to establish connection:
server logs
client logs:
It looks like that outgoing connection reaches external IP (xxx.x.xx.xx:3145), but response comes from inside LAN... For TCP protocol (leaving all other parameters the same) everything works fine:
Adding float option to client config solves connection problem. Connecting from outside routers LAN (another network) via UDP also works ok.
But I'd like to know why it works out of the box for TCP but not UDP inside routers LAN?
P.S. I am new to networking and probably missing some simple detail or fact here (probably it works as expected in this scenario).
I have asus rt-ac68u with asuswrt-merlin 380.57. OpenVpn server is enabled and works fine with TCP protocol and custom port number. DDNS is enabled (via jffs and 'custom' ddns server name option in GUI), client machine is located inside routers LAN (connected via WiFi). But, as soon as I change protocol to UDP (on server and in client config) vpn client fails to establish connection:
server logs
Code:
Jan 4 22:30:27 openvpn[1514]: 192.168.1.250:39950 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 4 22:30:27 openvpn[1514]: 192.168.1.250:39950 TLS Error: TLS handshake failed
Jan 4 22:30:27 openvpn[1514]: 192.168.1.250:39950 SIGUSR1[soft,tls-error] received, client-instance restarting
client logs:
Code:
Mon Jan 4 22:29:27 2016 UDPv4 link local: [undef]
Mon Jan 4 22:29:27 2016 UDPv4 link remote: [AF_INET]xxx.x.xx.xx:3145
Mon Jan 4 22:29:27 2016 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:3145[2], expected peer address: [AF_INET]xxx.x.xx.xx:3145 (allow this incoming source address/port by removing --remote or adding --float)
Mon Jan 4 22:29:29 2016 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:3145[2], expected peer address: [AF_INET]xxx.x.xx.xx:3145 (allow this incoming source address/port by removing --remote or adding --float)
Mon Jan 4 22:29:29 2016 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:3145[2], expected peer address: [AF_INET]xxx.x.xx.xx:3145 (allow this incoming source address/port by removing --remote or adding --float)
It looks like that outgoing connection reaches external IP (xxx.x.xx.xx:3145), but response comes from inside LAN... For TCP protocol (leaving all other parameters the same) everything works fine:
Code:
Mon Jan 4 22:52:44 2016 TCP connection established with [AF_INET]xxx.x.xx.xx:3145
Mon Jan 4 22:52:44 2016 TCPv4_CLIENT link local: [undef]
Mon Jan 4 22:52:44 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.xx.xx:3145
Mon Jan 4 22:52:44 2016 TLS: Initial packet from [AF_INET]xxx.x.xx.xx:3145, sid=...
Mon Jan 4 22:52:44 2016 VERIFY OK: ...
Adding float option to client config solves connection problem. Connecting from outside routers LAN (another network) via UDP also works ok.
But I'd like to know why it works out of the box for TCP but not UDP inside routers LAN?
P.S. I am new to networking and probably missing some simple detail or fact here (probably it works as expected in this scenario).
Last edited: