Issue connecting to openvpn on windows 2012R2

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
ghosttown
OpenVpn Newbie
Posts: 2
Joined: Tue Jan 24, 2017 6:57 pm

Issue connecting to openvpn on windows 2012R2

Post by ghosttown » Tue Jan 24, 2017 7:15 pm

I recently installed the latest openvpn server on my windows 2012R2 server and configured the server and client key. However I am trying to resolve this issue and its benn driving me crazy.

First I am using the default port 1194 on my openvpn server. I added that port on my router and also added to my Windows firewall. Whenever I tried to connect using my Andriod phone I get waiting for server response, this is after of course transferring the client keys to the phone.

I changed the port protocol to TCP from UDP and using port 443 to see if my ISP is blocking the default port. I was still getting the same error waiting for response even after updating the firewall and the router and the server and client config file. I decided to turn off the firewall on my windows server and I was able to get further but still I was not able to connect. Here is the log file from the andriod phone when it tries to connect. Weird how even though I allowed 443 to come through windows seemed to still block it.

Pretty much I am getting connection refused and not sure why. Any help will be much appreciated.

2017-01-23 15:00:46 official build 0.6.64 running on samsung SM-G935W8 (universal8890), Android 6.0.1 (MMB29K) API 23, ABI arm64-v8a, (samsung/hero2ltebmc/hero2ltebmc:6.0.1/MMB29K/G935W8VLU2APK3:user/release-keys)
2017-01-23 15:00:46 Building configuration…
2017-01-23 15:00:46 started Socket Thread
2017-01-23 15:00:46 Network Status: CONNECTED HSPA+ to MOBILE ltemobile.apn
2017-01-23 15:00:46 P:Initializing Google Breakpad!
2017-01-23 15:00:46 Current Parameter Settings:
2017-01-23 15:00:46 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2017-01-23 15:00:46 mode = 0
2017-01-23 15:00:46 show_ciphers = DISABLED
2017-01-23 15:00:46 show_digests = DISABLED
2017-01-23 15:00:46 show_engines = DISABLED
2017-01-23 15:00:46 genkey = DISABLED
2017-01-23 15:00:46 key_pass_file = '[UNDEF]'
2017-01-23 15:00:46 show_tls_ciphers = DISABLED
2017-01-23 15:00:46 connect_retry_max = 0
2017-01-23 15:00:46 Connection profiles [0]:
2017-01-23 15:00:46 proto = tcp-client
2017-01-23 15:00:46 local = '[UNDEF]'
2017-01-23 15:00:46 local_port = '[UNDEF]'
2017-01-23 15:00:46 remote = '-----serverdyndnshostname-------'
2017-01-23 15:00:46 remote_port = '443'
2017-01-23 15:00:46 remote_float = DISABLED
2017-01-23 15:00:46 bind_defined = DISABLED
2017-01-23 15:00:46 bind_local = DISABLED
2017-01-23 15:00:46 bind_ipv6_only = DISABLED
2017-01-23 15:00:46 connect_retry_seconds = 2
2017-01-23 15:00:46 connect_timeout = 120
2017-01-23 15:00:46 socks_proxy_server = '[UNDEF]'
2017-01-23 15:00:46 socks_proxy_port = '[UNDEF]'
2017-01-23 15:00:46 tun_mtu = 1500
2017-01-23 15:00:46 tun_mtu_defined = ENABLED
2017-01-23 15:00:46 link_mtu = 1500
2017-01-23 15:00:46 link_mtu_defined = DISABLED
2017-01-23 15:00:46 tun_mtu_extra = 0
2017-01-23 15:00:46 tun_mtu_extra_defined = DISABLED
2017-01-23 15:00:46 mtu_discover_type = -1
2017-01-23 15:00:46 fragment = 0
2017-01-23 15:00:46 mssfix = 1450
2017-01-23 15:00:46 explicit_exit_notification = 0
2017-01-23 15:00:46 Connection profiles END
2017-01-23 15:00:46 remote_random = DISABLED
2017-01-23 15:00:46 ipchange = '[UNDEF]'
2017-01-23 15:00:46 dev = 'tun'
2017-01-23 15:00:46 dev_type = '[UNDEF]'
2017-01-23 15:00:46 dev_node = '[UNDEF]'
2017-01-23 15:00:46 lladdr = '[UNDEF]'
2017-01-23 15:00:46 topology = 1
2017-01-23 15:00:46 ifconfig_local = '[UNDEF]'
2017-01-23 15:00:46 ifconfig_remote_netmask = '[UNDEF]'
2017-01-23 15:00:46 ifconfig_noexec = DISABLED
2017-01-23 15:00:46 ifconfig_nowarn = ENABLED
2017-01-23 15:00:46 ifconfig_ipv6_local = '[UNDEF]'
2017-01-23 15:00:46 ifconfig_ipv6_netbits = 0
2017-01-23 15:00:46 ifconfig_ipv6_remote = '[UNDEF]'
2017-01-23 15:00:46 shaper = 0
2017-01-23 15:00:46 mtu_test = 0
2017-01-23 15:00:46 mlock = DISABLED
2017-01-23 15:00:46 keepalive_ping = 0
2017-01-23 15:00:46 keepalive_timeout = 0
2017-01-23 15:00:46 inactivity_timeout = 0
2017-01-23 15:00:46 ping_send_timeout = 0
2017-01-23 15:00:46 ping_rec_timeout = 0
2017-01-23 15:00:46 ping_rec_timeout_action = 0
2017-01-23 15:00:46 ping_timer_remote = DISABLED
2017-01-23 15:00:46 remap_sigusr1 = 0
2017-01-23 15:00:46 persist_tun = DISABLED
2017-01-23 15:00:46 persist_local_ip = DISABLED
2017-01-23 15:00:46 persist_remote_ip = DISABLED
2017-01-23 15:00:46 persist_key = DISABLED
2017-01-23 15:00:46 passtos = DISABLED
2017-01-23 15:00:46 resolve_retry_seconds = 60
2017-01-23 15:00:46 resolve_in_advance = DISABLED
2017-01-23 15:00:46 username = '[UNDEF]'
2017-01-23 15:00:46 groupname = '[UNDEF]'
2017-01-23 15:00:46 chroot_dir = '[UNDEF]'
2017-01-23 15:00:46 cd_dir = '[UNDEF]'
2017-01-23 15:00:46 writepid = '[UNDEF]'
2017-01-23 15:00:46 up_script = '[UNDEF]'
2017-01-23 15:00:46 down_script = '[UNDEF]'
2017-01-23 15:00:46 down_pre = DISABLED
2017-01-23 15:00:46 up_restart = DISABLED
2017-01-23 15:00:46 up_delay = DISABLED
2017-01-23 15:00:46 daemon = DISABLED
2017-01-23 15:00:46 inetd = 0
2017-01-23 15:00:46 log = DISABLED
2017-01-23 15:00:46 suppress_timestamps = DISABLED
2017-01-23 15:00:46 machine_readable_output = ENABLED
2017-01-23 15:00:46 nice = 0
2017-01-23 15:00:46 verbosity = 4
2017-01-23 15:00:46 mute = 0
2017-01-23 15:00:46 gremlin = 0
2017-01-23 15:00:46 status_file = '[UNDEF]'
2017-01-23 15:00:46 status_file_version = 1
2017-01-23 15:00:46 status_file_update_freq = 60
2017-01-23 15:00:46 occ = ENABLED
2017-01-23 15:00:46 rcvbuf = 0
2017-01-23 15:00:46 sndbuf = 0
2017-01-23 15:00:46 sockflags = 0
2017-01-23 15:00:46 fast_io = DISABLED
2017-01-23 15:00:46 comp.alg = 0
2017-01-23 15:00:46 comp.flags = 0
2017-01-23 15:00:46 route_script = '[UNDEF]'
2017-01-23 15:00:46 route_default_gateway = '[UNDEF]'
2017-01-23 15:00:46 route_default_metric = 0
2017-01-23 15:00:46 route_noexec = DISABLED
2017-01-23 15:00:46 route_delay = 0
2017-01-23 15:00:46 route_delay_window = 30
2017-01-23 15:00:46 route_delay_defined = DISABLED
2017-01-23 15:00:46 route_nopull = DISABLED
2017-01-23 15:00:46 route_gateway_via_dhcp = DISABLED
2017-01-23 15:00:46 allow_pull_fqdn = DISABLED
2017-01-23 15:00:46 route 0.0.0.0/0.0.0.0/vpn_gateway/default (not set)
2017-01-23 15:00:46 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2017-01-23 15:00:46 management_port = 'unix'
2017-01-23 15:00:46 management_user_pass = '[UNDEF]'
2017-01-23 15:00:46 management_log_history_cache = 250
2017-01-23 15:00:46 management_echo_buffer_size = 100
2017-01-23 15:00:46 management_write_peer_info_file = '[UNDEF]'
2017-01-23 15:00:46 management_client_user = '[UNDEF]'
2017-01-23 15:00:46 management_client_group = '[UNDEF]'
2017-01-23 15:00:46 management_flags = 4390
2017-01-23 15:00:46 shared_secret_file = '[UNDEF]'
2017-01-23 15:00:46 key_direction = (null)
2017-01-23 15:00:46 ciphername = 'BF-CBC'
2017-01-23 15:00:46 ncp_enabled = ENABLED
2017-01-23 15:00:46 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2017-01-23 15:00:46 authname = 'SHA1'
2017-01-23 15:00:46 prng_hash = 'SHA1'
2017-01-23 15:00:46 prng_nonce_secret_len = 16
2017-01-23 15:00:46 keysize = 0
2017-01-23 15:00:46 engine = DISABLED
2017-01-23 15:00:46 replay = ENABLED
2017-01-23 15:00:46 mute_replay_warnings = DISABLED
2017-01-23 15:00:46 replay_window = 64
2017-01-23 15:00:46 replay_time = 15
2017-01-23 15:00:46 packet_id_file = '[UNDEF]'
2017-01-23 15:00:46 use_iv = ENABLED
2017-01-23 15:00:46 test_crypto = DISABLED
2017-01-23 15:00:46 tls_server = DISABLED
2017-01-23 15:00:46 tls_client = ENABLED
2017-01-23 15:00:46 key_method = 2
2017-01-23 15:00:46 ca_file = '[[INLINE]]'
2017-01-23 15:00:46 ca_path = '[UNDEF]'
2017-01-23 15:00:46 dh_file = '[UNDEF]'
2017-01-23 15:00:46 cert_file = '[[INLINE]]'
2017-01-23 15:00:46 extra_certs_file = '[UNDEF]'
2017-01-23 15:00:46 priv_key_file = '[[INLINE]]'
2017-01-23 15:00:46 pkcs12_file = '[UNDEF]'
2017-01-23 15:00:46 cipher_list = '[UNDEF]'
2017-01-23 15:00:46 tls_verify = '[UNDEF]'
2017-01-23 15:00:46 tls_export_cert = '[UNDEF]'
2017-01-23 15:00:46 verify_x509_type = 2
2017-01-23 15:00:46 verify_x509_name = '-----serverdyndnshostname-------'
2017-01-23 15:00:46 crl_file = '[UNDEF]'
2017-01-23 15:00:46 ns_cert_type = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_eku = '[UNDEF]'
2017-01-23 15:00:46 ssl_flags = 0
2017-01-23 15:00:46 tls_timeout = 2
2017-01-23 15:00:46 renegotiate_bytes = -1
2017-01-23 15:00:46 renegotiate_packets = 0
2017-01-23 15:00:46 renegotiate_seconds = 3600
2017-01-23 15:00:46 handshake_window = 60
2017-01-23 15:00:46 transition_window = 3600
2017-01-23 15:00:46 single_session = DISABLED
2017-01-23 15:00:46 push_peer_info = DISABLED
2017-01-23 15:00:46 tls_exit = DISABLED
2017-01-23 15:00:46 tls_auth_file = '[UNDEF]'
2017-01-23 15:00:46 tls_crypt_file = '[UNDEF]'
2017-01-23 15:00:46 client = ENABLED
2017-01-23 15:00:46 pull = ENABLED
2017-01-23 15:00:46 auth_user_pass_file = '[UNDEF]'
2017-01-23 15:00:46 OpenVPN 2.5-icsopenvpn [git:icsopenvpn-3bb5086974d443b6] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 9 2017
2017-01-23 15:00:46 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
2017-01-23 15:00:46 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2017-01-23 15:00:46 MANAGEMENT: CMD 'hold release'
2017-01-23 15:00:46 MANAGEMENT: CMD 'bytecount 2'
2017-01-23 15:00:46 MANAGEMENT: CMD 'proxy NONE'
2017-01-23 15:00:46 MANAGEMENT: CMD 'state on'
2017-01-23 15:00:47 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2017-01-23 15:00:47 MANAGEMENT: >STATE:1485201647,RESOLVE,,,,,,
2017-01-23 15:00:47 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2017-01-23 15:00:47 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2017-01-23 15:00:47 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2017-01-23 15:00:47 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x.x:443
2017-01-23 15:00:47 Socket Buffers: R=[734003->734003] S=[192239->192239]
2017-01-23 15:00:47 Attempting to establish TCP connection with [AF_INET]x.x.x.x.x:443 [nonblock]
2017-01-23 15:00:47 MANAGEMENT: >STATE:1485201647,TCP_CONNECT,,,,,,
2017-01-23 15:00:48 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2017-01-23 15:00:50 TCP: connect to [AF_INET]x.x.x.x.x:443 failed: Connection refused
2017-01-23 15:00:50 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2017-01-23 15:00:50 MANAGEMENT: >STATE:1485201650,RECONNECTING,init_instance,,,,,
2017-01-23 15:00:52 MANAGEMENT: CMD 'hold release'
2017-01-23 15:00:52 MANAGEMENT: CMD 'proxy NONE'
2017-01-23 15:00:52 MANAGEMENT: CMD 'bytecount 2'
2017-01-23 15:00:52 MANAGEMENT: CMD 'state on'
2017-01-23 15:00:53 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2017-01-23 15:00:53 MANAGEMENT: >STATE:1485201653,RESOLVE,,,,,,
2017-01-23 15:00:53 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2017-01-23 15:00:53 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2017-01-23 15:00:53 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2017-01-23 15:00:53 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x.x:443
2017-01-23 15:00:53 Socket Buffers: R=[734003->734003] S=[192239->192239]

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Issue connecting to openvpn on windows 2012R2

Post by TinCanTech » Tue Jan 24, 2017 8:59 pm

ghosttown wrote:I changed the port protocol to TCP from UDP and using port 443
ghosttown wrote:2017-01-23 15:00:50 TCP: connect to [AF_INET]x.x.x.x.x:443 failed: Connection refused
Just check your setting again .. if in doubt sniff for ICMP and you will see what is refused ..

ghosttown
OpenVpn Newbie
Posts: 2
Joined: Tue Jan 24, 2017 6:57 pm

Re: Issue connecting to openvpn on windows 2012R2

Post by ghosttown » Fri Jan 27, 2017 12:34 am

I took a capture using wireshark when trying to connect and it seems there is a problem, wireshark is showing a red line for port 443. When I dig down further it seems the Reset Flag gets set when a TCP/ACK happens, not sure why. Any info will be much appreciated

https://www.dropbox.com/s/jsts7tohvjfg9 ... 1.jpg?dl=0
https://www.dropbox.com/s/q3mno7dk0f8qm ... 2.jpg?dl=0

Thanks

Post Reply