Hi, On Thu, Feb 23, 2023 at 09:04:13AM +0100, Bo Berglund wrote: > But now when I connect on 1194 or 1195 from a remote location nothing happens > whereas on 1198 or 1199 I get instant connection.
Basically there's two reasons why "nothing" could happen - one is
"packets never make it to the server" (Firewall/NAT box being confused),
the other is "something cert has expired, so the server does not want
to talk to you".
To see if something comes in, ssh to the non-working server, and run
tcpdump / wireshark ("tcpdump -n -s0 -i <lan-interface> 'udp port 1194'")
and see if anything moves when you try to connect. If you see nothing
happen, debug firewall/NAT box. If you see packets come in, and no
reaction, debug OpenVPN server.
For debugging the OpenVPN server, you need to find out where it logs
to - usually the OpenVPN server log is pretty clear on "I do not like
this client because..."
With Systemd, "where do things log to" all get a bit murky (could be
in the systemd journal, could be in syslog, could be in a file) - I can't
help with *that* part, sorry.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
