Passing OpenVPN through ER-X

Dashrender

@scottalanmiller said in Passing OpenVPN through ER-X:

@Dashrender said in Passing OpenVPN through ER-X:

They aren't touching my firewall. I own the first firewall that traffic flows through.

But you should just port forward whatever port they request, right? Or tell them to choose an alternative if you are already using one. But other than port forwarding, isnt' that it?

That was/is the entire point of my OP. Do I need anything more than 1194/UDP (for default OpenVPN)?

Sure, they could tell me - but we already discussed that - they are seemingly clueless as they are only telling me - hey I need a static Ip and I need VPN access.
/sigh.

scottalanmiller

@Dashrender said in Passing OpenVPN through ER-X:

Sure, they could tell me - but we already discussed that - they are seemingly clueless as they are only telling me - hey I need a static Ip and I need VPN access.

Well just pass that off to them, have them make a list of what you need. Make them figure it out

scottalanmiller

@Dashrender said in Passing OpenVPN through ER-X:

That was/is the entire point of my OP. Do I need anything more than 1194/UDP (for default OpenVPN)?

UDP and TCP are both default. They have to coordinate with you.

1194 is default, but you OR they can change that.

wrx7m

@scottalanmiller The other port is TCP 943. They allow for UDP or TCP connection. UDP 1194 is default. At least, on Access Server.

scottalanmiller

@wrx7m said in Passing OpenVPN through ER-X:

The other port is TCP 943.

IANA doesn't have that port registered. But Apple uses it for ipcserver.

scottalanmiller

I can't find any references to OpenVPN using 943/TCP. You sure that that isn't a custom setting somewhere?

1337

@scottalanmiller said in Passing OpenVPN through ER-X:

I can't find any references to OpenVPN using 943/TCP. You sure that that isn't a custom setting somewhere?

It has to be.

From OpenVPN project doc:
The official OpenVPN port number is 1194, but any port number between 1 and 65535 will work. If you don't provide the 'port' option, 1194 will be used.

I always use another port, something non-standard. You have to when you have more than one tunnel on the same IP. Anyway, OpenVPN is as simple as http when it comes to what you have to do in the firewall and how you can route it - contrary to something like IPSEC.

Clients use a config file (*.opvn), so they don't have to worry about ports, IPs and whatnot.

scottalanmiller

@Pete-S said in Passing OpenVPN through ER-X:

It has to be.

That's what I thought.

wrx7m

@scottalanmiller said in Passing OpenVPN through ER-X:

I can't find any references to OpenVPN using 943/TCP. You sure that that isn't a custom setting somewhere?

https://openvpn.net/vpn-server-resources/how-to-configure-the-openvpn-access-server/

It must just be access server.

scottalanmiller

@wrx7m said in Passing OpenVPN through ER-X:

@scottalanmiller said in Passing OpenVPN through ER-X:

I can't find any references to OpenVPN using 943/TCP. You sure that that isn't a custom setting somewhere?

https://openvpn.net/vpn-server-resources/how-to-configure-the-openvpn-access-server/

It must just be access server.

"TCP port 943 is the port where the web server interface is listening by default."

Yeah, no web server in OpenVPN itself.