openVPN via Port 53 doesn't get any connection


New Member
Dec 24, 2018
I'm using NAT for my VMs and anything is working fine.
Even openVPN on Port 1194 or any other port works great. Just bring up a machine, forward the source- to the destination-port, finish.
Now I want to run a openVPN server which is listening on port 53 udp. But it always get the following error:
Wed Jan 16 01:31:03 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 16 01:31:03 2019 TLS Error: TLS handshake failed

It seems that something is still blocking port 53, but I can't find any listening service on my host-machine (which did the forwarding). On the CT itself only openVPN is installed. If I'm switching another uncommon port openVPN works.
I'm using this rule:
iptables -t nat -A PREROUTING -i $WAN_IF -p udp --dport 53 -j DNAT --to $LAN_IP.20:53

netstat -tupln | grep 53 and lsof -i :53 are still empty on my host.

I don't know how I can find the problem or what's wrong. Maybe someone has a solution?
Last edited:
Why don't you just redirect like this:

iptables -t nat -A PREROUTING -i $WAN_IF -d $WAN_IP -p udp --dport 53 -j DNAT --to $LAN_IP.20:1194

After my post I did some further tests. The problem isn't the openvpn-CT. If I use a NAT-intern machine to connect via openvpn port53 everything works like a charm.
The packages are lost on the host itself by using port 53. If I redirect 1194 (ext) to port 53 (int) it works.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!