openVPN via Port 53 doesn't get any connection

[Norrodar]

Hey,
I'm using NAT for my VMs and anything is working fine.
Even openVPN on Port 1194 or any other port works great. Just bring up a machine, forward the source- to the destination-port, finish.
Now I want to run a openVPN server which is listening on port 53 udp. But it always get the following error:

Wed Jan 16 01:31:03 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 16 01:31:03 2019 TLS Error: TLS handshake failed

​

It seems that something is still blocking port 53, but I can't find any listening service on my host-machine (which did the forwarding). On the CT itself only openVPN is installed. If I'm switching another uncommon port openVPN works.
I'm using this rule:

iptables -t nat -A PREROUTING -i $WAN_IF -p udp --dport 53 -j DNAT --to $LAN_IP.20:53

​

netstat -tupln | grep 53 and lsof -i :53 are still empty on my host.

I don't know how I can find the problem or what's wrong. Maybe someone has a solution?
Cheers

 

[LnxBil]

Maybe someone has a solution?

Why don't you just redirect like this:

iptables -t nat -A PREROUTING -i $WAN_IF -d $WAN_IP -p udp --dport 53 -j DNAT --to $LAN_IP.20:1194

 

[Norrodar]

Why don't you just redirect like this:

iptables -t nat -A PREROUTING -i $WAN_IF -d $WAN_IP -p udp --dport 53 -j DNAT --to $LAN_IP.20:1194

After my post I did some further tests. The problem isn't the openvpn-CT. If I use a NAT-intern machine to connect via openvpn port53 everything works like a charm.
The packages are lost on the host itself by using port 53. If I redirect 1194 (ext) to port 53 (int) it works.