[eduVPN-deploy] Using only TCP?
François Kooman
fkooman at tuxed.net
Tue Apr 21 17:28:22 CEST 2020
On 4/21/20 5:11 PM, Marc Langer via eduVPN-deploy wrote:
> Hi,
Hi Marc!
> I often have problems connecting to the eduVPN server on UDP ports. I am
> then getting timeouts, OpenVPN switches to TCP automatically after some
> time, and it works. I am not sure about the cause yet.
Usually it is a "bad" network where UDP is blocked or otherwise not
working...
> I first thought
> about the state module in iptables, as "service iptables restart" helped
> sometimes. But I have removed the state-config from the
> UDP-iptables-rules, and now a restart does not help any more.
Can you share the output of "iptables -S" and "ip6tables -S", possibly
off-list, to rule out firewall issues and which ports you use for the
server? i.e. 'vpnProtoPorts' and `exposedVpnProtoPorts` from
/etc/vpn-server-api/config.php. Are you sure you ran "apply_changes.sh"?
You can also use e.g. "netstat -anp | grep openvpn" (as root) to see all
ports used by the OpenVPN processes to make sure they are actually all
listening on the expected ports...
> Would it be a problem to use only TCP-ports?
No that will work as well! You can even in the eduVPN/Let's Connect!
applications use the setting "Force TCP" to always use TCP, or change
the server configuration to only use TCP. However, I'd recommend fixing
UDP as it is more performant and most clients can connect perfectly fine
over UDP is our experience, see e.g. [1].
Regards,
François
[1]
https://argon.tuxed.net/fkooman/img/port_usage_nl.eduvpn.org_20200420.png
More information about the eduVPN-deploy
mailing list