On 2014-08-01 18:11, Joe Patterson wrote: > Generally speaking, I'd say use a sniffer on the server (assuming > that's an option for you)
Thanks for the advice -- I was banging my head against a wall, and was getting nowhere. I can't explain how the netcat-over-UDP worked; I bumped my MTU down to 1400, and sniffed both sides -- NO exchange of anything. Finally gave up, and am going with TCP. Some days, it just ain't worth the effort. :( Thanks again! -Ken > Or, you could run netcat on each side and openvpn on the other side, > and see which one is seeing what (it'll fail still, but you should see > *something*) > > Do the server logs show anything when the client attempts to connect? > > One other possibility (though it's kind of far-out speculation, given > the limited information) is that something in between is dropping UDP > packets over a certain size. That could be a weird firewall thing, > or an MTU thing, or... I'm not sure what, and it's not something that > I've seen, but I'm just thinking of what would let pings through > (because pings are small) but would fail during negotiation (because > certificates and such can be larger) > > -Joe > > On Fri, Aug 1, 2014 at 8:18 PM, Ken D'Ambrosio <k...@jots.org> wrote: > >> Hi -- for any number of reasons, I'd prefer to use UDP for my >> OpenVPN >> setup. But a curious thing: if I fire up UDP, my handshake times >> out. >> TCP works great. "So UDP is blocked, you moron. Get over it." >> Well... >> it isn't. I opened a whole slew of ports with netcat (expecting >> I'd >> have to find an un-blocked one, like maybe TFTP), and then >> sequentially >> pinged them from my client, and to my astonishment, they all showed >> open. (And happily catted out the port number, which was my >> test.) >> >> Any ideas on what I might need to be doing here? >> >> Thanks much! >> >> -Ken >> >> > ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index >> and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds [1] >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users [2] > > > > Links: > ------ > [1] http://p.sf.net/sfu/bds > [2] https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
