Chad Z. Hower
2009-05-30 09:33:22 UTC
I often travel to places where my connections are port blocked. Saudi
Arabia, etc. I have a service that provides OpenVPN but over UDP.
Problem now is I'm in France for 2 months with a really idiotic ISP that
has blocked nearly all ports including UDP. Strangely enough they left
open 25 and 110, but blocked 466 and 995, the secure versions which
generally cannot be used for spam but 25 can. So you get the idea what
kind of idiots set this system up.
I cannot connect to my openvpn service over udp. I can ssh out on 21 and
set up socks locally over ssh, but I really need transparency for all
may apps to work properly.
I've been setting up openvpn on my own server, but I cannot enable IP
forwarding because the server host has MAC filtering on the interface.
So if I have to go this route I have to set up a VM to run OpenVPN and
the host is already running 6 VMs and a bit tight on RAM.
Because of these restrictions I've now bridged the TAP on the host to a
NIC that has access and routing. I'm trying to run dev TAP over TCP.
However when I try to connect the client I get:
WARNING: Bad encapsulated packet length from peer (18516), which must be
attack on the TCP link -- [Attemping restart...]
I added:
link-mtu 1500
In both server and client configurations however I'm still getting the
exact same error.
Arabia, etc. I have a service that provides OpenVPN but over UDP.
Problem now is I'm in France for 2 months with a really idiotic ISP that
has blocked nearly all ports including UDP. Strangely enough they left
open 25 and 110, but blocked 466 and 995, the secure versions which
generally cannot be used for spam but 25 can. So you get the idea what
kind of idiots set this system up.
I cannot connect to my openvpn service over udp. I can ssh out on 21 and
set up socks locally over ssh, but I really need transparency for all
may apps to work properly.
I've been setting up openvpn on my own server, but I cannot enable IP
forwarding because the server host has MAC filtering on the interface.
So if I have to go this route I have to set up a VM to run OpenVPN and
the host is already running 6 VMs and a bit tight on RAM.
Because of these restrictions I've now bridged the TAP on the host to a
NIC that has access and routing. I'm trying to run dev TAP over TCP.
However when I try to connect the client I get:
WARNING: Bad encapsulated packet length from peer (18516), which must be
0 and <= 1576 -- please ensure that --tun-mtu or --link-mtu is equal
on both peers -- this condition could also indicate a possible activeattack on the TCP link -- [Attemping restart...]
I added:
link-mtu 1500
In both server and client configurations however I'm still getting the
exact same error.