Sign in to follow this  
Followers 0
wilo300zx

Problems with openvpn

4 posts in this topic

I am trying to connect my Vista laptop across the internet to a openvpn server.

I have openvpn server installed and running on my Ubuntu server.

I have openvpn client running on my laptop.

I have enabled port forwarding from WAN to LAN on port 1194 on my router

I have disabled my firewall on my laptop

I cant work out why my client wont connect to my server, i have tried windows vpn client and open vpn client.

I have followed these instructions from Ubuntu help:

https://help.ubuntu.com/community/OpenVPN

This is the log file from my server: ( /var/log/openvpn.log)

Options error: --client-config-dir/--ccd-exclusive requires --mode server
Use --help for more information.
Thu Jun 25 16:27:24 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Thu Jun 25 16:27:24 2009 WARNING: --keepalive option is missing from server config
Thu Jun 25 16:27:24 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jun 25 16:27:24 2009 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Jun 25 16:27:25 2009 TUN/TAP device tun0 opened
Thu Jun 25 16:27:25 2009 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Thu Jun 25 16:27:25 2009 GID set to nogroup
Thu Jun 25 16:27:25 2009 UID set to nobody
Thu Jun 25 16:27:25 2009 Listening for incoming TCP connection on [undef]:1194
Thu Jun 25 16:27:25 2009 TCPv4_SERVER link local (bound): [undef]:1194
Thu Jun 25 16:27:25 2009 TCPv4_SERVER link remote: [undef]
Thu Jun 25 16:27:25 2009 Initialization Sequence Completed

This is the log file from my openvpn client:

Thu Jun 25 16:20:23 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Thu Jun 25 16:20:23 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Jun 25 16:20:23 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 25 16:20:23 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Jun 25 16:20:23 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 25 16:20:23 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 25 16:20:23 2009 Control Channel MTU parms [ L:1573 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 25 16:20:23 2009 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Thu Jun 25 16:20:23 2009 Local Options hash (VER=V4): '1a647362'
Thu Jun 25 16:20:23 2009 Expected Remote Options hash (VER=V4): '47de3ccc'
Thu Jun 25 16:20:23 2009 UDPv4 link local: [undef]
Thu Jun 25 16:20:23 2009 UDPv4 link remote: x.x.x.x:1194
Thu Jun 25 16:20:23 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Jun 25 16:20:25 2009 TCP/UDP: Closing socket
Thu Jun 25 16:20:25 2009 SIGTERM[hard,] received, process exiting


Thu Jun 25 16:20:32 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Thu Jun 25 16:20:32 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Jun 25 16:20:32 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 25 16:20:32 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Jun 25 16:20:32 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 25 16:20:32 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 25 16:20:32 2009 Control Channel MTU parms [ L:1573 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 25 16:20:32 2009 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Thu Jun 25 16:20:32 2009 Local Options hash (VER=V4): '1a647362'
Thu Jun 25 16:20:32 2009 Expected Remote Options hash (VER=V4): '47de3ccc'
Thu Jun 25 16:20:32 2009 UDPv4 link local: [undef]
Thu Jun 25 16:20:32 2009 UDPv4 link remote: x.x.x.x:1194
Thu Jun 25 16:20:32 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Jun 25 16:20:35 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Jun 25 16:20:37 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Jun 25 16:20:39 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

Any ideas whats going on here? I have googled "ead UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)" and found a few hits about UDP flooding, and i have tried using tcp on the server and client to counteract that, no such luck. I have restarted both machines and servcies. Still no luck.

Can anyone else think of anything im doing wrong?

Also this is my server conf file:

dev tun
proto tcp
port 1194

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0/24 255.255.255.0

keepalive 10 120

persist-key
persist-tun

#status openvpn-status.log
#verb 3
client-to-client

push "redirect-gateway def1"

log-append /var/log/openvpn.log
comp-lzo

0

Share this post


Link to post
Share on other sites

Been a few years, but I seem to recall having more success with TCP instead of UDP. I guess it slowed it down a teeny bit, but I didn't really notice most of the time. Was significantly better at maintaining the connection, though.

Not sure if that's what the problem is, but you might give it a shot just to see.

0

Share this post


Link to post
Share on other sites

I have no problem with UDP. It looks like your client is trying to connect via UDP when your server is listening on TCP. Please paste your client config file.

0

Share this post


Link to post
Share on other sites
Thu Jun 25 16:27:24 2009 WARNING: --keepalive option is missing from server config

This probably has something to do with it.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0