Network (I)

Firewall at cloud provider

First check that your cloud provider and its firewall allow connections to the 1194 TCP/UDP port of your server. You might need to open it from your cloud provider’s panel.

Iptables

We will open the UDP port 1194. The easiest way is to have a file with the rules for iptables:

/etc/iptables.up.rules:
-----------------------
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-P INPUT DROP
-P FORWARD DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22    -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1194  -j ACCEPT
-A INPUT -j DROP
COMMIT

You can set these rules with the following command line:

_$: iptables-apply /etc/iptables.up.rules

Check

Use `nmap`

First we will use nmap to see if the port is actually open:

_$: sudo nmap -sU -p U:1194 example.com

Starting Nmap 6.40 ( http://nmap.org ) at 2017-03-19 17:37 CET
Nmap scan report for ...
Host is up (0.030s latency).
PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Nmap done: 1 IP address (1 host up) scanned in 1.41 seconds

So it seems it is.

Use `nc`

We will start a server that listens in the UDP port 1194. After that we will connect from our client and write things.

(server)_$: nc -u -l 1194

(client)_$: nc -u <IP servidor> 1194

Check that the things you write in the client reach the server. And viceversa. Note that you will have to start writing on the client first.

Troubleshooting

Iptables

(server)_$: iptables -nvL

Connectivity

(client)_$: nmap -Pn -sU -p1194 <server IP>
...
open|filtered   # This is OK for UDP

(server)_$: nmap -Pn -sU -p1194 localhost
...
open|filtered   # This is OK for UDP

Firewall at cloud provider

Iptables

Check

Use nmap

Use nc

Troubleshooting

Iptables

Connectivity

Use `nmap`

Use `nc`