I am unable to connect to my recently configured VPN Server with OpenVPN. I configured openvpn.ovpn file to connect using the dynamic public IP address assigned by my ISP (TimeWarner Cable) to my router (172.XXX.XXX.XXX). I am using the config and ca certificate files generated by my VPN Server (Synology DiskStation - Linux based I believe). I opened port 1194 on my router. I am on Windows 7.
What am I doing wrong? Please help. Below is the info provided by OpenVPN's dialogue box after attempting to connect.
---------------------------
Thu Apr 12 09:16:56 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Thu Apr 12 09:17:00 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Apr 12 09:17:00 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Apr 12 09:17:00 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Apr 12 09:17:00 2012 LZO compression initialized
Thu Apr 12 09:17:00 2012 UDPv4 link local (bound): [undef]:1194
Thu Apr 12 09:17:00 2012 UDPv4 link remote: 172.XXX.XXX.XXX:1194
Thu Apr 12 09:18:00 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 12 09:18:00 2012 TLS Error: TLS handshake failed
Thu Apr 12 09:18:00 2012 SIGUSR1[soft,tls-error] received, process restarting
Connection Problems - Please Help
-
- OpenVpn Newbie
- Posts: 15
- Joined: Wed Apr 11, 2012 7:26 pm
-
- OpenVPN User
- Posts: 34
- Joined: Thu Apr 12, 2012 12:12 pm
Re: Connection Problems - Please Help
You might wan't to check your config file on client and server to see if the tls-auth key file is matching ?
Also, seeking info in the server log while connecting might help.
Frank
Also, seeking info in the server log while connecting might help.
Frank
Kind regards,
Frank Uittenbosch
Frank Uittenbosch
-
- OpenVpn Newbie
- Posts: 15
- Joined: Wed Apr 11, 2012 7:26 pm
Re: Connection Problems - Please Help
Thanks. It turns out that the VPN Server, which is part of an NAS built by Synology, doesn't automatically open the 1194 port in the NAS firewall when installed.
Once I figured that out I was home free.
My VPN server sits behind a dynamic public IP address. I wish there was a way to get an email everytime the public IP changes, else I presume I will not be able to connect with the client. I am using Time Warner Cable broadband.
Once I figured that out I was home free.
My VPN server sits behind a dynamic public IP address. I wish there was a way to get an email everytime the public IP changes, else I presume I will not be able to connect with the client. I am using Time Warner Cable broadband.
-
- OpenVPN User
- Posts: 34
- Joined: Thu Apr 12, 2012 12:12 pm
Re: Connection Problems - Please Help
This script could do that:My VPN server sits behind a dynamic public IP address. I wish there was a way to get an email everytime the public IP changes, else I presume I will not be able to connect with the client. I am using Time Warner Cable broadband.
Code: Select all
#!/bin/bash
INTERFACE=eth1
SOMEBODY=your.email@adress.net
OLDIP=`cat /tmp/last-ip`
CURRENTIP=`ifconfig $INTERFACE |grep "inet addr"|awk {'print $2'}|cut -d ":" -f2`
echo $CURRENTIP >/tmp/last-ip
if [ "$OLDIP" != "$CURRENTIP" ];then
echo "$SOMEBODY: my new ip-address is $CURRENTIP"
fi
and set this into your server's crontab like:
Code: Select all
echo "* * * * * root /data/script/checkip" >>/etc/crontab
When it changes, it will send an email to the cron user who was running it (root in this case)
You could also change the
Code: Select all
echo "$SOMEBODY: my new ip-address is $CURRENTIP"
Code: Select all
mail $SOMEBODY -s "my new ip-address is $CURRENTIP"
Kind regards,
Frank Uittenbosch
Frank Uittenbosch