peasthope@shaw.ca wrote: > Bob Proulx wrote: > > But an openvpn configuration shouldn't be depending upon dynamic dns. > ... > Nevertheless, the tunnel fails. Hmm... > peter@joule:~$ grep refused /var/log/syslog > Jan 9 15:08:53 joule ovpn-myvpn[1903]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Joule on your dynamic IP address was refused connection to Dalton at the static IP address. That seems to be unrelated to dynamic DNS. > More specifically. > joule:/etc/shorewall# traceroute -p 1194 -P udp 142.103.107.137 > traceroute to 142.103.107.137 (142.103.107.137), 30 hops max, 60 byte packets > 1 * * * > 2 * * * > ... > ISP blocks tunnel datagrams? If that is the case it's a recent change. That command just flings packets at the remote target. I don't think there is a reason for there to be a response. Just to be sure tried that command here. I get the same behavior with that exact command between systems that have a working openvpn connection on port 1194 udp. Therefore I think that command doesn't do what you think it will do. I see the packets at the both ends. But there isn't any reason for the server to respond to them. > Thanks for any further ideas, Peter E. If joule is getting connection-refused from dalton then there must be a reason for it. Do the packets arrive at dalton? You should be able to see this with tcpdump. tcpdump -lni any port 1194 Bob
Attachment:
signature.asc
Description: Digital signature