Connection Problems - Please Help

[widmark]

I am unable to connect to my recently configured VPN Server with OpenVPN. I configured openvpn.ovpn file to connect using the dynamic public IP address assigned by my ISP (TimeWarner Cable) to my router (172.XXX.XXX.XXX). I am using the config and ca certificate files generated by my VPN Server (Synology DiskStation - Linux based I believe). I opened port 1194 on my router. I am on Windows 7.

What am I doing wrong? Please help. Below is the info provided by OpenVPN's dialogue box after attempting to connect.

---------------------------
Thu Apr 12 09:16:56 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Thu Apr 12 09:17:00 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Apr 12 09:17:00 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Apr 12 09:17:00 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Apr 12 09:17:00 2012 LZO compression initialized
Thu Apr 12 09:17:00 2012 UDPv4 link local (bound): [undef]:1194
Thu Apr 12 09:17:00 2012 UDPv4 link remote: 172.XXX.XXX.XXX:1194
Thu Apr 12 09:18:00 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 12 09:18:00 2012 TLS Error: TLS handshake failed
Thu Apr 12 09:18:00 2012 SIGUSR1[soft,tls-error] received, process restarting

[frankuit]

You might wan't to check your config file on client and server to see if the tls-auth key file is matching ?
Also, seeking info in the server log while connecting might help.

Frank

[widmark]

Thanks. It turns out that the VPN Server, which is part of an NAS built by Synology, doesn't automatically open the 1194 port in the NAS firewall when installed.

Once I figured that out I was home free.

My VPN server sits behind a dynamic public IP address. I wish there was a way to get an email everytime the public IP changes, else I presume I will not be able to connect with the client. I am using Time Warner Cable broadband.

[frankuit]

My VPN server sits behind a dynamic public IP address. I wish there was a way to get an email everytime the public IP changes, else I presume I will not be able to connect with the client. I am using Time Warner Cable broadband.

This script could do that:

Code: Select all

#!/bin/bash

INTERFACE=eth1
SOMEBODY=your.email@adress.net
OLDIP=`cat /tmp/last-ip`
CURRENTIP=`ifconfig $INTERFACE |grep "inet addr"|awk {'print $2'}|cut -d ":" -f2`

echo $CURRENTIP >/tmp/last-ip

if [ "$OLDIP" != "$CURRENTIP" ];then
        echo "$SOMEBODY: my new ip-address is $CURRENTIP"
fi

Now, if you insert this script in for instance /data/script/checkip
and set this into your server's crontab like:

Code: Select all

echo "* * * * * root /data/script/checkip" >>/etc/crontab

then the script will check your ip every minute.
When it changes, it will send an email to the cron user who was running it (root in this case)
You could also change the

Code: Select all

echo "$SOMEBODY: my new ip-address is $CURRENTIP"

rule into something like:

Code: Select all

mail $SOMEBODY -s "my new ip-address is $CURRENTIP"

but that syntax depends on your linux distro more.