I am working in my home lab trying to get OpenVPN working with Vyos. I googled and followed an online step by step here OpenVPN HowTo. However when I try to connect noting. I did a wireshark trace and I see a 0011 1… = Opcode: P_CONTROL_HARD_RESET_CLIENT_V2 (0x07). Searching it appears traffic is getting rejected. In the lab my wan is 192.168.88.0/24 and lan in 192.168.1.0/24. I was able to send other traffic through the firewall like iperf and SSH. Just not sure why this is failing. Any troubleshooting tips would be greatly appreciated. I am sure there is a way to log and view traffic I come up empty with searches.
my config
firewall {
name OUTSIDE-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
destination {
address 192.168.1.106
port 5201
}
protocol tcp
state {
new enable
}
}
rule 40 {
action accept
destination {
port openvpn
}
protocol udp
}
}
name OUTSIDE-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
rule 30 {
action drop
destination {
port 22
}
protocol tcp
recent {
count 4
time 60
}
state {
new enable
}
}
rule 31 {
action accept
destination {
port 22
}
protocol tcp
state {
new enable
}
}
}
}
interfaces {
ethernet eth1 {
address dhcp
description OUTSIDE
firewall {
in {
name OUTSIDE-IN
}
local {
name OUTSIDE-LOCAL
}
}
hw-id 00:e8:4c:68:48:56
}
ethernet eth2 {
address 192.168.1.254/24
description INSIDE
hw-id 00:e8:4c:68:48:57
}
loopback lo {
}
openvpn vtun0 {
mode server
openvpn-option "--user nobody --group nogroup"
openvpn-option --comp-lzo
openvpn-option "--persist-key --persist-tun"
openvpn-option "--status openvpn-status.log"
openvpn-option "--verb 3"
openvpn-option "--mute 10"
openvpn-option "--dev vtun0"
server {
domain-name photis.net
name-server 192.168.1.254
push-route 192.168.1.0/24
subnet 10.10.2.0/24
}
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/vyosOpenVPN.crt
dh-file /config/auth/dh2048.pem
key-file /config/auth/vyosOpenVPN.key
}
}
wireless wlan0 {
hw-id 00:24:d6:92:a6:94
physical-device phy0
}
}
nat {
destination {
rule 10 {
description "Port Forward: iperf to 192.168.1.106"
destination {
port 5201
}
inbound-interface eth1
protocol tcp
translation {
address 192.168.1.106
}
}
}
source {
rule 100 {
outbound-interface eth1
source {
address 192.168.1.0/24
}
translation {
address masquerade
}
}
rule 110 {
description "NAT Reflection INSIDE"
destination {
address 192.168.1.0/24
}
outbound-interface eth2
source {
address 192.168.1.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name LAN {
subnet 192.168.1.0/24 {
default-router 192.168.1.254
dns-server 192.168.1.254
domain-name photis.net
lease 3600
start 192.168.1.106 {
stop 192.168.1.160
}
}
}
}
dns {
forwarding {
cache-size 0
listen-on eth2
listen-on vtun0
name-server 192.168.1.254
name-server 8.8.8.8
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 115200
}
}
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
repository community {
components main
distribution helium
url http://packages.vyos.net/vyos
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
}