VPN, UDP, and DMZ

[ymangolds]

Here's my network seup:

                     Cable Modem
                             |
                             |
              Linksys WRT54GS Router
                      IP:10.0.0.1
                  DMZ:10.0.0.254
                             |
                             |
                         Ebox
             External NIC:10.0.0.254
               Internal NIC1:10.10.2.1
               Internal NIC2:10.5.1.1
              VPN network:10.10.5.x
                   /                   \
                  /                     \
     Switch for LAN           Wireless router
                                     (different then the one between the ebox and the modem)

We've more or less gotten VPN to work using TCP 1194 but it's too slow to do the things we need it for.

After reading this post: http://forum.ebox-platform.com/index.php?topic=675.0 I tried recreating the VPN server using UDP 1194. But when remote clients try to connect they get this:

Code: [Select]

Sun Sep 06 15:22:54 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Sun Sep 06 15:22:54 2009 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sun Sep 06 15:22:54 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 06 15:22:54 2009 LZO compression initialized
Sun Sep 06 15:22:54 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Sep 06 15:22:54 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Sep 06 15:22:54 2009 Local Options hash (VER=V4): 'd79ca330'
Sun Sep 06 15:22:54 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sun Sep 06 15:22:54 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Sep 06 15:22:54 2009 UDPv4 link local: [undef]
Sun Sep 06 15:22:54 2009 UDPv4 link remote: XX.XXX.XXX.XXX:1194
Sun Sep 06 15:22:55 2009 TCP/UDP: Incoming packet rejected from XX.XXX.XXX.XXX:1024[2], expected peer address: XX.XXX.XXX.XXX:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Sep 06 15:22:56 2009 TCP/UDP: Incoming packet rejected from XX.XXX.XXX.XXX:1024[2], expected peer address: XX.XXX.XXX.XXX:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Sep 06 15:22:57 2009 TCP/UDP: Incoming packet rejected from XX.XXX.XXX.XXX:1024[2], expected peer address: XX.XXX.XXX.XXX:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Sep 06 15:22:58 2009 TCP/UDP: Incoming packet rejected from XX.XXX.XXX.XXX:1024[2], expected peer address: XX.XXX.XXX.XXX:1194 (allow this incoming source address/port by removing --remote or adding --float)

The last line continues to loop...

I tried adding "float" to the client's config file and it appears to work, except that it reconnects every 5 minutes interrupting whatever the user was doing over the vpn.
I also tried putting the client on a computer that's part of the internal LAN and everything worked fine, which leads me to believe that the router with DMZ set to the ebox is culprit. So I'm assuming that it should work fine if the ebox can be used as the router but after reading http://forum.ebox-platform.com/index.php?topic=33.0 I'm guessing that's not possible.

I've also tried adding port forwarding on 1194 to 10.0.0.254 on the router but with no luck.

Any ideas?