I have an Ubuntu 20.04 LTS instance running in the Oracle Cloud “free tier”. I set up OpenVPN on this VM following this guide (it’s in German). Firewall port 1194/UDP open, IPv4 forwarding configured correctly (both in
/etc/sysctl.conf and in
/etc/default/ufw, UFW also does forwarding in
/etc/ufw/before.rules with this magic incantation:
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT (0:0) # Allow traffic from OpenVPN client to ens3 -A POSTROUTING -s 10.27.0.0/8 -o ens3 -j MASQUERADE COMMIT # END OPENVPN RULES
ifconfig output on the server:
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000 inet 10.0.0.4 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::200:17ff:fe02:52db prefixlen 64 scopeid 0x20<link> ether 00:00:17:02:52:db txqueuelen 1000 (Ethernet) (....) tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.27.0.1 netmask 255.255.255.0 destination 10.27.0.1 inet6 fe80::b07f:586a:c721:fddb prefixlen 64 scopeid 0x20<link>
Looks good. The problem is that the client cannot connect to the server, the log says “TLS Error: TLS key negotiation failed to occur within 60 seconds”.
When I run
sudo tcpdump -ni ens3 udp and port 1194, I can see that the packets do arrive from the client (IP address “X.X.X.X”):
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 14:18:08.024761 IP X.X.X.X.20800 > 10.0.0.4.1194: UDP, length 54
I suspect the problem is related to how virtual networks are configured on the Oracle Cloud. My VM has an IP 10.0.0.4, therefore the OpenVPN server config contains an entry
listen 10.0.0.4. Most likely some routing setting is missing so the server can’t answer the client’s connection request.
My question is: has someone set up an OpenVPN server on Oracle’s cloud successfully? And if yes, what was the extra configuration step that had to be performed?
FWIW, I checked the box “Skip source/destination check” in Instance Details > Attached VNICs > Edit in the Oracle Cloud web management GUI. Otherwise the networking setup is “standard”.