Firewall at cloud provider
First check that your cloud provider and its firewall allow connections to the 1194 TCP/UDP port of your server. You might need to open it from your cloud provider’s panel.
We will open the UDP port 1194. The easiest way is to have a file with the rules for iptables:
/etc/iptables.up.rules: ----------------------- *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -P INPUT DROP -P FORWARD DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT -A INPUT -j DROP COMMIT
You can set these rules with the following command line:
_$: iptables-apply /etc/iptables.up.rules
First we will use
nmap to see if the port is actually open:
_$: sudo nmap -sU -p U:1194 example.com Starting Nmap 6.40 ( http://nmap.org ) at 2017-03-19 17:37 CET Nmap scan report for ... Host is up (0.030s latency). PORT STATE SERVICE 1194/udp open|filtered openvpn Nmap done: 1 IP address (1 host up) scanned in 1.41 seconds
So it seems it is.
We will start a server that listens in the UDP port 1194. After that we will connect from our client and write things.
(server)_$: nc -u -l 1194
(client)_$: nc -u <IP servidor> 1194
Check that the things you write in the client reach the server. And viceversa. Note that you will have to start writing on the client first.
(server)_$: iptables -nvL
(client)_$: nmap -Pn -sU -p1194 <server IP> ... open|filtered # This is OK for UDP
(server)_$: nmap -Pn -sU -p1194 localhost ... open|filtered # This is OK for UDP