OpenVPN Port 1149 and Spark

Forums › Linux › OpenVPN Port 1149 and Spark

ackley

17 posts

Geek
+1 received by user: 1

#269847 11-Apr-2020 00:21

Hello,

I have just setup a OpenVPN server on a linux machine. I noticed that I cant access the server from outside using any port other than 443. This leads me to believe they (Spark) block all ports except 80 and 443? I looked through my firewall settings and config I just cant find anything that would stop port 1194 from working on my site.

I have it working for now but would like to use port 1194.

Anyone had similar experiences?

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#2459157 11-Apr-2020 00:24

Have you forwarded that port?

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2459175 11-Apr-2020 07:13

Spark don't block any ports except 25 as far as I am aware.

Cyril

RunningMan

9186 posts

Uber Geek
+1 received by user: 4840

#2459178 11-Apr-2020 07:37

The ports Spark block are listed here https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=250712&page_no=1#2243183

You can request an unblock of those ports here https://www.spark.co.nz/help/get-more/xtra/port-25/

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#2459278 11-Apr-2020 11:00

You still need to port forward so the traffic knows where to go.

ackley

17 posts

Geek
+1 received by user: 1

#2459286 11-Apr-2020 11:13

Thanks. It must be a router issue.

I'm doing things a bit non standard. I have a Cisco ASA5505 doing PPPoE and all the router functionality.

As far as I am aware NAT is setup correctly, have setup a access-list for udp 1194 and setup a static route to server. Needs a bit of investigation on my side.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2459315 11-Apr-2020 11:54

Sounds to me like it's your setup.

All works fine here.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

New World

Shop on-line at New World now for your groceries (affiliate link).

ackley

17 posts

Geek
+1 received by user: 1

#2459338 11-Apr-2020 13:23

My bad. Found I put the wrong port number for the access-list.

If anyone interested in using a ASA5505 or similar for a router I used the following config.

For PPPoE:

vpdn group spark_fibre request dialout pppoe
vpdn group spark_fibre localname user@spark.co.nz
vpdn group spark_fibre ppp authentication pap
vpdn username user@spark.co.nz password randompassword
dhcpd auto_config outside

interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

interface Vlan10
nameif outside
security-level 0
pppoe client vpdn group spark_fibre
ip address pppoe setroute

interface Ethernet0/0
switchport access vlan 10
switchport trunk allowed vlan 10
switchport mode trunk

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

DHCP:

dhcpd address 192.168.1.20-192.168.1.110 inside
dhcpd dns 8.8.8.8 interface inside
dhcpd enable inside

To allow a port to internal server etc: eg ssh

access-list external extended permit tcp any interface outside eq ssh

static (inside,outside) tcp interface ssh 192.168.1.69 ssh netmask 255.255.255.255

The ASA needs Security Plus Licence and unlimited inside hosts if you using it as dhcp server and got lots of devices around the house.