Environment:
- AWS EC2 instance using Oracle Linux 9.2 AMI
- Security group configured to allow all traffic from my IP
- Similar setup works in a different AWS account
Issue: The Pritunl client is stuck at connecting. While UDP traffic is visible in tcpdump, the server logs show no incoming connections being detected.
UDP Traffic (tcpdump):
Copy
sudo tcpdump -n -i any '(udp port 18264)'
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
09:55:09.703486 ens5 In IP my-ip.42108 > server-private-ip.18264: UDP, length 42
09:55:09.703626 ens5 Out IP server-private-ip.18264 > my-ip.42108: UDP, length 54
09:55:10.795477 ens5 In IP my-ip.42108 > server-private-ip.18264: UDP, length 42
09:55:10.795598 ens5 Out IP server-private-ip.18264 > my-ip.42108: UDP, length 54
09:55:13.049897 ens5 In IP my-ip.sis-emt > server-private-ip.18264: UDP, length 42
09:55:13.050037 ens5 Out IP server-private-ip.18264 > my-ip.sis-emt: UDP, length 54
09:55:15.526975 ens5 In IP my-ip.sis-emt > server-private-ip.18264: UDP, length 42
09:55:15.527094 ens5 Out IP server-private-ip.18264 > my-ip.sis-emt: UDP, length 54
Server Logs:
Copy
[server-id] 2025-01-13 09:48:39 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
[server-id] 2025-01-13 09:48:39 OpenVPN 2.6.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
[server-id] 2025-01-13 09:48:39 library versions: OpenSSL 3.2.2 4 Jun 2024, LZO 2.10
[server-id] 2025-01-13 09:48:39 TUN/TAP device tun0 opened
[server-id] 2025-01-13 09:48:39 net_iface_mtu_set: mtu 1500 for tun0
[server-id] 2025-01-13 09:48:39 net_iface_up: set tun0 up
[server-id] 2025-01-13 09:48:39 net_addr_v4_add: 192.168.237.1/24 dev tun0
[server-id] 2025-01-13 09:48:39 setsockopt(IPV6_V6ONLY=0)
[server-id] 2025-01-13 09:48:39 UDPv6 link local (bound): [AF_INET6][undef]:18264
[server-id] 2025-01-13 09:48:39 UDPv6 link remote: [AF_UNSPEC]
[server-id] 2025-01-13 09:48:39 Initialization Sequence Completed
[server-id] 2025-01-13 09:48:40 COM> SUCCESS: bytecount interval changed
Additional Information:
- Connection works when using private IP from a different EC2 instance
- Connection fails when using public IP from a different EC2 instance
- Installation followed standard documentation
On client side
nc -vzu server-public-ip 18264
Connection to server-public-ip port 18264 [udp/*] succeeded!
Logs
2025-01-13 15:19:12 OpenVPN 2.6.12 arm-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH/RECVDA] [AEAD]
2025-01-13 15:19:12 library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2025-01-13 15:19:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-13 15:19:12 TCP/UDP: Preserving recently used remote address: [AF_INET]server-public-ip:18264
2025-01-13 15:19:12 UDPv4 link local: (not bound)
2025-01-13 15:19:12 UDPv4 link remote: [AF_INET]server-public-ip:18264
2025-01-13 15:19:17 Server poll timeout, restarting
2025-01-13 15:19:17 SIGUSR1[soft,server_poll] received, process restarting
2025-01-13 15:19:17 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-13 15:19:17 TCP/UDP: Preserving recently used remote address: [AF_INET]server-public-ip:18264
2025-01-13 15:19:17 UDPv4 link local: (not bound)
2025-01-13 15:19:17 UDPv4 link remote: [AF_INET]server-public-ip:18264
2025-01-13 15:19:19 event_wait : Interrupted system call (fd=-1,code=4)
2025-01-13 15:19:19 SIGINT[hard,] received, process exiting
2025-01-13 15:25:09 OpenVPN 2.6.12 arm-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH/RECVDA] [AEAD]
2025-01-13 15:25:09 library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2025-01-13 15:25:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-13 15:25:09 TCP/UDP: Preserving recently used remote address: [AF_INET]server-public-ip:18264
2025-01-13 15:25:09 UDPv4 link local: (not bound)
2025-01-13 15:25:09 UDPv4 link remote: [AF_INET]server-public-ip:18264
2025-01-13 15:25:13 Server poll timeout, restarting
2025-01-13 15:25:13 SIGUSR1[soft,server_poll] received, process restarting
2025-01-13 15:25:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-13 15:25:13 TCP/UDP: Preserving recently used remote address: [AF_INET]server-public-ip:18264
2025-01-13 15:25:13 UDPv4 link local: (not bound)
2025-01-13 15:25:13 UDPv4 link remote: [AF_INET]server-public-ip:18264
2025-01-13 15:25:15 event_wait : Interrupted system call (fd=-1,code=4)
2025-01-13 15:25:15 SIGINT[hard,] received, process exiting
2025-01-13 15:51:31 OpenVPN 2.6.12 arm-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH/RECVDA] [AEAD]
2025-01-13 15:51:31 library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2025-01-13 15:51:31 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-13 15:51:31 TCP/UDP: Preserving recently used remote address: [AF_INET]server-public-ip:18264
2025-01-13 15:51:31 UDPv4 link local: (not bound)
2025-01-13 15:51:31 UDPv4 link remote: [AF_INET]server-public-ip:18264
2025-01-13 15:51:35 Server poll timeout, restarting
2025-01-13 15:51:35 SIGUSR1[soft,server_poll] received, process restarting
2025-01-13 15:51:35 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Has anyone encountered similar issues or can suggest potential solutions?