ACCEPT vs DNAT (port forwarding) firewall rules

Maxmilian_Picmaus · December 23, 2016, 4:36pm

Guys, do you have some hints/steps to check/follow ?

I manage sshd/honeypot working correctly. (ssh is now accessible via lan(22)/wan(forwarded-port)) So i tried to make similar stuff (on firewall) for openVPN. But still having UDPv4 link remote: [undef]

1194 opened on WAN for src=’*’ , i prepare similar port-fwd rule for vpn as i have for ssh. …also based on some guides i make my tun0 in vpn0 network which is in vpn zone … forwarding between lan/vpn vpn/lan was set-up (+additionally i added wan at some point) …so all seems to be prepared.

In best scenario/configs i recieve TLS auth/decrypt failed or/and TLS handshake failed for 60 sec …

Do i need to prepare something on firewall for TLS ? (i have multi-routed-client server setup, so TLS is mandatory=to-use, as i understand from openvpn articles).