I have successfully established an openvpn connection between a RUT955 device and an openvpn linux server. Now I try to figure out why firewall rules rejects the traffic from devices in the openvpn network to the router. If i run /etc/init.d/firewall stop ping from clients in openvpn network work. But with firewall running i get "destination port unreachable". How do I configure firewall rules to make sure that tcp traffic can flow from openvpn clients to router?
root@Teltonika-RUT955:~# ifconfig
...
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.40 P-t-P:10.8.0.40 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:81158 errors:0 dropped:0 overruns:0 frame:0
TX packets:81648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4862648 (4.6 MiB) TX bytes:7314626 (6.9 MiB)
...
root@Teltonika-RUT955:~# tcpdump -i tun0 -vv
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
23:53:34.765248 IP (tos 0x0, ttl 128, id 9213, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.24 > 10.8.0.40: ICMP echo request, id 1, seq 153, length 40
23:53:34.765441 IP (tos 0x0, ttl 64, id 8347, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.40 > 10.8.0.24: ICMP echo reply, id 1, seq 153, length 40
23:53:34.963312 IP (tos 0x0, ttl 64, id 19301, offset 0, flags [DF], proto TCP (6), length 60)
10.8.0.40.43243 > 10.8.0.1.5123: Flags [S], cksum 0x9d4a (correct), seq 323831374, win 29200, options [mss 1460,sackOK,TS val 11996459 ecr 0,nop,wscale 8], length 0
23:53:34.990849 IP (tos 0x0, ttl 64, id 15720, offset 0, flags [DF], proto TCP (6), length 40)
10.8.0.1.5123 > 10.8.0.40.43243: Flags [R.], cksum 0x850d (correct), seq 0, ack 323831375, win 0, length 0
23:53:35.766489 IP (tos 0x0, ttl 128, id 9214, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.24 > 10.8.0.40: ICMP echo request, id 1, seq 154, length 40
23:53:35.766651 IP (tos 0x0, ttl 64, id 8444, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.40 > 10.8.0.24: ICMP echo reply, id 1, seq 154, length 40
23:53:36.767990 IP (tos 0x0, ttl 128, id 9215, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.24 > 10.8.0.40: ICMP echo request, id 1, seq 155, length 40
23:53:36.768148 IP (tos 0x0, ttl 64, id 8477, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.40 > 10.8.0.24: ICMP echo reply, id 1, seq 155, length 40
23:53:37.771806 IP (tos 0x0, ttl 128, id 9216, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.24 > 10.8.0.40: ICMP echo request, id 1, seq 156, length 40
23:53:37.771961 IP (tos 0x0, ttl 64, id 8478, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.40 > 10.8.0.24: ICMP echo reply, id 1, seq 156, length 40
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
root@Teltonika-RUT955:~# /etc/init.d/firewall start
Warning: Unable to locate ipset utility, disabling ipset support
...
! Skipping due to path error: No such file or directory
root@Teltonika-RUT955:~# tcpdump -i tun0 -vv
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
23:54:16.348815 IP (tos 0x0, ttl 128, id 9220, offset 0, flags [none], proto ICMP (1), length 60)
10.8.0.24 > 10.8.0.40: ICMP echo request, id 1, seq 160, length 40
23:54:16.349050 IP (tos 0xc0, ttl 64, id 10260, offset 0, flags [none], proto ICMP (1), length 88)
10.8.0.40 > 10.8.0.24: ICMP 10.8.0.40 protocol 1 port 19643 unreachable, length 68
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel