2

I need to test whether an OpenVPN Service (ssl-vpn) is listening on a specific IP address and port from a linux box. I'd like to do that with a bash script or some code in python or c/c++ but that's not the problem - I can implement it as soon as I know how UDP works here.

My problem is: the VPN service on the remote machine is configured to use UDP and since UDP isn't a protocoll that supports connections like TCP I assume that any answer to a message/package that I sent to the remote machine is answered to another port on my local machine.

I know netcat but obviously I won't receive an answer using the connectionless UDP protocoll, so checking with nc -u ip port won't work.

So, how do I check if VPN is really up and running behind an IP address and port.

Edit:
Is it possible to emulate the VPN with a bash script? Something like connecting with a HELO like in SMTP and checking if the VPN server sent an answer back? I'd know how this works with tcp but I have no clue how to do that with UDP.

Edit2:
I just found this answer. So, how do I listen to ICMP packages that should be answered when the remote server isn't available? Is that possible with bash/python/c/c++ or netcat? How do I know if the server is there, listening to requests (there shouldn't be an ICMP response then, right?)?

Community
  • 1
wullxz
  • 1,073
  • 2
  • 16
  • 29

2 Answers2

0

The only way I think you can reliably test this would be to simply establish a connectionto the VPN.

As you said OpenVPN while using TCP cannot be tested using a simple TCP connect. I suspect the only way to test is by speaking the OpenVPN protocol.

I soppose it could be possible to modify the client to test while not fully connecting.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • I also thought about sending some kind of HELO like in SMTP and check if I get an answer. But since the answer doesn't seem to come back at the same connection (for the lack of a connection), I don't know how to do this. – wullxz Dec 25 '12 at 21:33
  • I suspect you would need to examine the OpenVPN source. I am not sure if there are any methods available as part of the protocol. I doubt you can test with bash, and you would need to learn C. – Zoredache Dec 26 '12 at 07:37
  • the programming part is not the problem. I just don't know how to handle the UDP "connection" (which isn't a connection as in TCP). – wullxz Dec 26 '12 at 09:20
  • It is possible to test udp ports with nmap (parameter -sU). However, our problem is (I didn't know that when I asked this question), that some packets are dumped at the firewall. To test if this is the case, we have to try to connect to our VPN server. – wullxz Jan 03 '13 at 05:55
0

This is from my previous answer to a similar question.
How to check that an OpenVPN server is listening on a remote port without using OpenVPN client?
If you are using tls authentication (tls-auth configuration line) this is not working, but you can get the idea of UDP conversation.

import socket
senddata= "\x38\x01\x00\x00\x00\x00\x00\x00\x00"

def checkserver(ip,port):
   print('Checking %s:%s' %(ip,port)) 
   sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
   sock.settimeout(5) # in seconds
   sock.connect((ip, port))
   print("Sending request...")
   sock.send(senddata)
   try:
      dta=sock.recv(100)
      print("Server reply: %s" %(dta))
   except:
      print("Server not responding")
   sock.close()
   print("###########################################################")

def main():
   checkserver("addr.of.server1",1194)
   checkserver("addr.of.server2",1195)

if __name__ == "__main__":
   main()
Community
  • 1
babbler
  • 81
  • 1
  • 2