Just no connection

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kkaal
OpenVpn Newbie
Posts: 2
Joined: Sat Oct 02, 2010 11:13 pm

Just no connection

Post by kkaal » Sun Oct 03, 2010 2:10 am

I have set up a Suse server and installed openVPN according to http://www.komaii.com/linux/openvpn-on-SuSE10.0/

This is the server config file:

Code: Select all

port 1194
dev tun
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/server.crt
key /etc/openvpn/ssl/server.key
dh /etc/openvpn/ssl/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status
tls-server
I start the openVPN server on the linux on the command line. This is the output:

Code: Select all

xxxxx:/usr/local/src/openvpn-2.0.9/easy-rsa # openvpn /etc/openvpn/server.conf
Sun Oct  3 12:42:41 2010 OpenVPN 2.0.9 i686-suse-linux [SSL] [LZO] [EPOLL] built on Oct  2 2010
Sun Oct  3 12:42:41 2010 Diffie-Hellman initialized with 1024 bit key
Sun Oct  3 12:42:41 2010 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct  3 12:42:41 2010 TUN/TAP device tun0 opened
Sun Oct  3 12:42:41 2010 /sbin/ip link set dev tun0 up mtu 1500
Sun Oct  3 12:42:41 2010 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sun Oct  3 12:42:41 2010 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sun Oct  3 12:42:41 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct  3 12:42:41 2010 UDPv4 link local (bound): [undef]:1194
Sun Oct  3 12:42:41 2010 UDPv4 link remote: [undef]
Sun Oct  3 12:42:41 2010 MULTI: multi_init called, r=256 v=256
Sun Oct  3 12:42:41 2010 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Oct  3 12:42:41 2010 IFCONFIG POOL LIST
Sun Oct  3 12:42:41 2010 Initialization Sequence Completed
This seems to be ok. I checked it by sending a ping to 10.8.0.1. That works.

I try to connect from a openVPNGUI on a Windows 7.

Config file on the Windows7 client:

Code: Select all

client
dev tun
proto udp
remote www.myserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
When I try to connect, I get this output:

Code: Select all

Sun Oct 03 14:00:21 2010 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Sun Oct 03 14:00:21 2010 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 03 14:00:21 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Oct 03 14:00:21 2010 LZO compression initialized
Sun Oct 03 14:00:21 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 03 14:00:21 2010 Socket Buffers: R=[8192->8192] S=[32768->32768]
Sun Oct 03 14:00:21 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 03 14:00:21 2010 Local Options hash (VER=V4): '41690919'
Sun Oct 03 14:00:21 2010 Expected Remote Options hash (VER=V4): '530fdded'
Sun Oct 03 14:00:21 2010 UDPv4 link local: [undef]
Sun Oct 03 14:00:21 2010 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
When I try to ping the server (10.8.0.1), I get no answer back.

The firewalls on the server and the client are switched off temporarily.

What am I doing wrong?

kkaal
OpenVpn Newbie
Posts: 2
Joined: Sat Oct 02, 2010 11:13 pm

Re: Just no connection

Post by kkaal » Wed Oct 06, 2010 11:43 am

I am serious, I need to make this setup fly.

Are there no gurus who could at least tell me what and how I could test??

george
Forum Team
Posts: 117
Joined: Tue Jun 09, 2009 4:25 pm
Location: St. Louis, MO USA

Re: Just no connection

Post by george » Thu Oct 07, 2010 5:10 am

It looks like you may be missing some things in your config.

Compare to my working server.conf:

Code: Select all

local 192.168.xxx.xxx #LAN IP
port 1194
proto udp
dev tun0 #static device to iptables rule sets
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ifconfig 10.8.0.1 10.8.0.2 #server tun0 ip
push "route 192.168.x.0 255.255.255.0"
push "route 192.168.x.0 255.255.255.0"
push "route 192.168.x.0 255.255.255.0"
push "route 192.168.x.0 255.255.255.0"
push "route 192.168.x.0 255.255.255.0"
push "route 192.168.x.0 255.255.255.0"
push "route 192.168.xx.0 255.255.255.0"
push "route 192.168.xx.0 255.255.255.0"
push "route 192.168.xx.0 255.255.255.0"
push "route 192.168.xx.0 255.255.255.0"
push "route 192.168.xx.0 255.255.255.0"
push "route 192.168.xxx.0 255.255.255.0"
push "dhcp-option DNS 192.168.xxx.xx"
keepalive 10 120
comp-lzo
daemon
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log 5
status-version 2
log-append  /etc/openvpn/openvpn.log
verb 4
management localhost 7505
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login

route 10.8.1.0 255.255.255.0
route 10.8.2.0 255.255.255.0
route 10.8.3.0 255.255.255.0
route 10.8.4.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
Also, make sure you are getting the routes from the server on the client.

Douglas
Forum Team
Posts: 285
Joined: Wed Aug 27, 2008 2:41 am

Re: Just no connection

Post by Douglas » Fri Oct 08, 2010 11:55 am

Sun Oct 03 14:00:21 2010 UDPv4 link local: [undef]
Sun Oct 03 14:00:21 2010 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
If it ends here, it's not connecting. Firewalls?

User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: Just no connection

Post by krzee » Fri Oct 08, 2010 12:43 pm

double check that your firewalls are not dropping anything.
if your server is behind a NAT, double check your port forwarding for the right ip/port/protocol.
make sure that your clients are using the correct ip/port/protocol

Your client is not reaching the openvpn process on your server, basic networking issue.

Post Reply