Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Sun Apr 20, 2014 3:11 am




Post new topic Reply to topic  [ 3 posts ] 
 Can't establish a connection: Connection time out error 
Author Message
 Post subject: Can't establish a connection: Connection time out error
PostPosted: Sun Feb 10, 2013 7:04 pm 
OpenVpn Newbie

Joined: Sun Feb 10, 2013 4:29 pm
Posts: 4
Hi!
I bought a Synology NAS recently and I am trying to access is via OpenVPN only when not at home. Therefore I installed XCA and generated keys and certificated in accordance to the OpenVPN Wiki (entry in german language). After that I installed OpenVPN GUI on my notebook and used the pkcs file. Works perfectly. I then tried the official OpenVPN Connect App for my Android smartphone and it worked perfectly again. So I believe my certificates generated in XCA as well as the server setup seem to be ok.

But I cannot get OpenVPN Connect to work on my iPad (iOS 5.1, i think). I basically tried to different ways with exactly the same result.

To start, here is my server configuration file:
Code:
comp-lzo
push "route 192.168.2.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0

dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh1024.pem
pkcs12 /var/packages/VPNCenter/target/etc/openvpn/keys/server.p12

max-clients 5
persist-tun
persist-key

verb 3

#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn


This is the file Synology automatically generates when installing the VPN-package. The only thing I altered is the path to the pkcs file. It seems to work ok for my Windows notebook and Android phone as clients.

Now for my tries on the iPad
1. try with pkcs file
I opened up the client pkcs in Safari and installed the certificate on the iPad.
I then used iTunes' file exchange system to hand over my client pkcs file to the OpenVPN Connect App as well as my openvpn.ovpn file which looks like that:
Code:
dev tun
tls-client

remote my.server_address 1194
pull

proto udp
script-security 2

pkcs client.p12

comp-lzo

reneg-sec 0

auth-user-pass

Once again, this is the openvpn.ovpn file generated by Synology on which I only altered the file pathes and names.
After importing this profile and selecting the previously installed certificate in the Connect app I got an parsing error stating that the format of my pksc file is invalid. I searched the internet and came accross others with this problem. The suggested solution to this problem was to generate a sperare ca file and include this in the openvpn.opvn profile additionally to the pkcs file. So the only change to the openvpn.ovpn file was the additional line to the ca.crt next to the pkcs call:
Code:
ca ca.crt
pkcs client.p12

Of course I copied the ca.crt to the iPad previously via iTunes file exchange to OpenVPN Connect.

Now the app starts to establish a connection but it stops at the status "Pulling settings from the server" for a while then giving me an Connection Timeout error.
The app's log looks like this
Code:
Sending PUSH_REQUEST to server...
EVENT: CONNECTION_TIMEOUT [ERR]
EVENT: DISCONNECTED


2. try: no pkcs but seperate ca, cert and key files
Ok, now I started by uninstalling all previous profiles and certs as well as all files from the iPad's OpenVPN app. Instead of creating a single .p12 file from XCA, I now create seperate ca.crt, client.crt and key.crt files (all in PEM format). After that I open the openvpn.opvn and copy all the content of ca, key and client files into the .ovpn file as it is suggested in the OpenVPN Connect help.

My openvpn.ovpn file now looks like this
Code:
dev tun
tls-client

remote server_address 1194

pull

proto udp
script-security 2

<ca>
-----BEGIN CERTIFICATE-----
.... content here ....
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
.... content here ....
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
.... content here ....
-----END RSA PRIVATE KEY-----
</key>

comp-lzo
reneg-sec 0

auth-user-pass


The result is exactly the same as in my first try: connection time out error.


So, I am a little at a loss on what to do now. The setup works perfectly for OpenVPN GUI (windows) and OpenVPN Connect (Android) but it cannot connect to OpenVPN for iOS.

Any ideas?

Thank you very much


Offline
 Profile  
 
 Post subject: Re: Can't establish a connection: Connection time out error
PostPosted: Sun Feb 10, 2013 7:28 pm 
OpenVpn Newbie

Joined: Sun Feb 10, 2013 4:29 pm
Posts: 4
I just found a solution!

With the pksc approach I altered the openvpn.ovpn file to this as suggested by user gobbli (in another forum but he is around here as well)

Code:
dev tun
tls-client


remote myserver_address 1194

pull

proto udp
script-security 3

ca ca.crt
pkcs12 client_iphone.p12
comp-lzo

reneg-sec 3600

auth-user-pass
ns-cert-type server


Many thanks to gobbli! Awesome, now everything is working.


Offline
 Profile  
 
 Post subject: Re: Can't establish a connection: Connection time out error
PostPosted: Tue Mar 12, 2013 7:49 am 
OpenVpn Newbie

Joined: Fri Mar 08, 2013 11:33 am
Posts: 4
I'm facing a problem on connection timeout. here are my opvn conf:

#OpenVPN Client conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote XXXXXX
pkcs12 habibipad.p12
cipher AES-192-CBC
comp-lzo
verb 3
ns-cert-type server

<ca>
-----BEGIN CERTIFICATE-----
.... content here ...
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
.... content here ...
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
.... content here ...
-----END RSA PRIVATE KEY-----
</key>

Please help


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.206s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group