Unable to complete TLS handshake inside public network (OpenVPN)

[DMiller657]

To give you guys a little bit of background as to why I am asking this question...

I am trying to create a VPN tunnel between my system and an external VPN Server. This this case I am using OpenVPN. I am sitting on a public network in a public building. The connection always fails with the error that it cannot complete the TLS handshake. As I'm sure some people will have figured out just by reading what I have put so far, the packets from the client are being blocked somewhere along the network and I'm therefore it cannot complete the authentication process. I am able to connect to this external server via putty (from within this network) and so I can change the configuration of the external server if necessary. The sever is currently accepting connections of port 443.

My question to you guys is, how can I find out where in the network the packets are being either dropped, filtered out, rejected or blocked?

 I know that this network has multiple switches and firewalls, and so to try and find a way around the problem it would help me a lot to know which device is blocking the connection. I've tried connecting using both UDP and TCP and both fail.

Thanks,
Dan

[_Enigma]

Have you tried running wireshark to see if thatll shed some light in how the conversation goes specifically? Also when you connect with putty what port are you using (assuming 22)?

[0E 800]

Pretty sure server side needs have the openvpn default port of 1194 UDP open.

Do a port scan on your remote server to see what ports are open. You used putty so we know 22 is probably open.

Server side might also have hardware firewall or local OS firewall blocking too.

[_Enigma]

Pretty sure server side needs have the openvpn default port of 1194 UDP open.

Do a port scan on your remote server to see what ports are open. You used putty so we know 22 is probably open.

This might sound silly, but I remember using an ssh tunnel to pivot a remote desktop connection through another machine. Could he tunnel his openvpn connection through port 22 if its not getting blocked, and the firewall on the remote server can redirect traffic from 22 to whatever port openvpn intended to use?

[0E 800]

Review: http://superuser.com/questions/822161/openvpn-wont-connect-from-remote-location

Think its the same issue OP has.

If u use a different port on the server side, then you'll
need to force it by adding these two lines to your client/server
config files:

Code: [Select]

proto udp
port 1194

Change them to what u want them to be.

[DMiller657]

Sorry, I probably should have mentioned this at the start. When I connect to the VPN server from a private network (eg: my home) then it connects and works perfectly, it's only when connected to this public network that it doesn't work - hence how I know that the issue is not server side (connects fine on 443).

This might sound silly, but I remember using an ssh tunnel to pivot a remote desktop connection through another machine. Could he tunnel his openvpn connection through port 22 if its not getting blocked, and the firewall on the remote server can redirect traffic from 22 to whatever port openvpn intended to use?

I will look into pivoting through ssh...