OpenVPN Support Forum

Hello, I've been using OpenVPN Gui for a week, and everything worked perfectly until today. So, um the problem is whenever I try to connect it doesn't connect it only says "Restart pause, 5 seconds (s), I'll post the log here



Sat Jul 30 03:36:29 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Jul 30 03:36:29 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Jul 30 03:36:29 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jul 30 03:36:29 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 30 03:36:29 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 30 03:36:29 2011 LZO compression initialized
Sat Jul 30 03:36:29 2011 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sat Jul 30 03:36:29 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 30 03:36:29 2011 Local Options hash (VER=V4): 'ee93268d'
Sat Jul 30 03:36:29 2011 Expected Remote Options hash (VER=V4): 'bd577cd1'
Sat Jul 30 03:36:29 2011 Attempting to establish TCP connection with 76.10.222.65:44
Sat Jul 30 03:36:29 2011 TCP connection established with 76.10.222.65:44
Sat Jul 30 03:36:29 2011 TCPv4_CLIENT link local: [undef]
Sat Jul 30 03:36:29 2011 TCPv4_CLIENT link remote: 76.10.222.65:44
Sat Jul 30 03:36:30 2011 TLS: Initial packet from 76.10.222.65:44, sid=9efbbb32 3c4e0770
Sat Jul 30 03:36:32 2011 VERIFY OK: depth=1, /C=US/ST=OH/L=Columbus/O=Hostizzle/CN=Hostizzle_CA/emailAddress=hostizzle@gmail.com
Sat Jul 30 03:36:32 2011 VERIFY OK: nsCertType=SERVER
Sat Jul 30 03:36:32 2011 VERIFY OK: depth=0, /C=US/ST=OH/L=Columbus/O=Hostizzle/CN=server/emailAddress=hostizzle@gmail.com
Sat Jul 30 03:36:35 2011 Connection reset, restarting [0]
Sat Jul 30 03:36:35 2011 TCP/UDP: Closing socket
Sat Jul 30 03:36:35 2011 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jul 30 03:36:35 2011 Restart pause, 5 second(s)

Would be AWESOME if you can help me about this, I really need this program.


Kindly Regards; Bethery.

Hello.

It seems your certificate expired. Your client are disconnected on certificate verifying. You have to ask for a new certificate or renew it mannualy at server's side. It may be certificat problem on server side OpenVPN.

please post server logs as well
also post configs for client/server.

i dont think there is a prob with certs

logs say VERIFY OK...


Michael.

Oh, I see. There must be after VERIFY OK log about Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key. So yes, needing servers config.

Thanks alot for all of your replies on this topic & but can you exactly tell me what to do? Because I'm really new into this.

Cheers!

Yes, find install directory on your client and there find a file *.ovpn and post it here as client's configuration file. It might be in C:\Program Files\OpenVPN\config.

Then remote to 76.10.222.65 (not using VPN) and find same *.ovpn file on that server and type it here as server's configuration file. Also from server show the log, as you did for client.

Hm, there's sample.ovpn only as an .ovpn file. I'll still post it below & did do nothing to server's configuration file either the client, I have to admit that I did not edited something I've just downloaded it and it perfectly worked until today, thanks a lot for your reply!


Edit: Should I install certificates from OpenVPN > Config > 367e72599173fcead76730fb20fa1e17 ? (Sorry if it looked spammy.) Because they're not installed at the moment.

When you installed your OpenVPN, you just edited sample.ovpn?

Logs for server are really needed. And configs, because without them there no help.

Nope, I haven't edited sample.ovpn. I just don't know where the configs. There's only sample.ovpn in OpenVPN > Config.

From command line run: and you will find path where your config is read from.

How abou log from server?

C:\Users\Kara>reg query HKLM\software\openvpn /v config_dir
ERROR: The system was unable to find the specified registry key or value.

Hm, I'll post the sample.opvn here maybe it could help.



# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.

# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.
remote myremote

# Uncomment this line to use a different
# port number than the default of 5000.
; port 5000

# Choose one of three protocols supported by
# OpenVPN. If left commented out, defaults
# to udp.
; proto [tcp-server | tcp-client | udp]

# You must specify one of two possible network
# protocols, 'dev tap' or 'dev tun' to be used
# on both sides of the connection. 'tap' creates
# a VPN using the ethernet protocol while 'tun'
# uses the IP protocol. You must use 'tap'
# if you are ethernet bridging or want to route
# broadcasts. 'tun' is somewhat more efficient
# but requires configuration of client software
# to not depend on broadcasts. Some platforms
# such as Solaris, OpenBSD, and Mac OS X only
# support 'tun' interfaces, so if you are
# connecting to such a platform, you must also
# use a 'tun' interface on the Windows side.

# Enable 'dev tap' or 'dev tun' but not both!
dev tap

# This is a 'dev tap' ifconfig that creates
# a virtual ethernet subnet.
# 10.3.0.1 is the local VPN IP address
# and 255.255.255.0 is the VPN subnet.
# Only define this option for 'dev tap'.
ifconfig 10.3.0.1 255.255.255.0

# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address.
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
;tun-mtu 1500
;ifconfig 10.3.0.1 10.3.0.2

# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
;fragment 1300
;mssfix

# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
;dev-node my-tap

# You can generate a static OpenVPN key
# by selecting the Generate Key option
# in the start menu.
#
# You can also generate key.txt manually
# with the following command:
# openvpn --genkey --secret key.txt
#
# key must match on both ends of the connection,
# so you should generate it on one machine and
# copy it to the other over a secure medium.
# Place key.txt in the same directory as this
# config file.
secret key.txt

# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400

# keep-alive ping
ping 10

# enable LZO compression
comp-lzo

# moderate verbosity
verb 4
mute 10

This sample.ovpn is only as example. I think it it not used.
Ok. for OpenVPN GUI its: Can you remotely access server? RDP or SSH.

Nope. Whenever I try it, ERROR: The system was unable to find the specified registry key or value. < it says & I've tried reinstalling.

Browse to where your OpenVPN GUI folder and look what you have there. May be you give some hints of the OpenVPN folder structure you have. Do you run on Win7? Did you try to run as elevated user?

Okay, here's the picture what I got in the directory. & yes I'm using windows 7, I've runned it as an administrator.

Thanks alot for your help.

See in the config folder any file woth *.ovpn extension.
Start OpenVPN gui and before connecting, right click on OpenVPN gui in tray and select "Edit Config".

There I found it! When I click on edit config it gives me those letters via notepad: client
dev tun
proto tcp

#Change my.publicdomain.com to your public domain or IP address
remote 76.10.222.65 80
remote 76.10.222.65 1194
remote 76.10.222.65 443
remote 76.10.222.65 35
remote 76.10.222.65 36
remote 76.10.222.65 37
remote 76.10.222.65 38
remote 76.10.222.65 39
remote 76.10.222.65 40
remote 76.10.222.65 41
remote 76.10.222.65 42
remote 76.10.222.65 43
remote 76.10.222.65 44
remote 76.10.222.65 45
remote 76.10.222.65 46
remote 76.10.222.65 47
remote 76.10.222.65 48
remote 76.10.222.65 49
remote 76.10.222.65 50
remote 76.10.222.65 51
remote 76.10.222.65 52
remote 76.10.222.65 119
remote 76.10.222.65 563

remote-random

resolv-retry infinite
nobind
persist-key
persist-tun


tls-auth ta.key 1

ca ca.crt
cert client.crt
key client.key

ns-cert-type server

#DNS Options here, CHANGE THESE !!
#push "dhcp-option DNS 10.8.0.1"

comp-lzo

verb 3

ping-restart 10

And I think I'm using the SSL thingy. Thanks again!

Now find where this file is located and you'll know in future.

Why someone configured OpenVPN client to connect to server on so much port numbers?

You have to get your hands on OpenVPN server's config and log. From client it seems normal.

Okay, silly me. I found it on OpenVPN > Config. I thought it would be a notepad thingy so I didn't checked it. So now do I need to replace it with something?

Thank you very much, Betty.

Little bump out here. Can someone tell me what to do next? Because I need OpenVPN badly.