I recently installed the latest openvpn server on my windows 2012R2 server and configured the server and client key. However I am trying to resolve this issue and its benn driving me crazy.
First I am using the default port 1194 on my openvpn server. I added that port on my router and also added to my Windows firewall. Whenever I tried to connect using my Andriod phone I get waiting for server response, this is after of course transferring the client keys to the phone.
I changed the port protocol to TCP from UDP and using port 443 to see if my ISP is blocking the default port. I was still getting the same error waiting for response even after updating the firewall and the router and the server and client config file. I decided to turn off the firewall on my windows server and I was able to get further but still I was not able to connect. Here is the log file from the andriod phone when it tries to connect. Weird how even though I allowed 443 to come through windows seemed to still block it.
Pretty much I am getting connection refused and not sure why. Any help will be much appreciated.
2017-01-23 15:00:46 official build 0.6.64 running on samsung SM-G935W8 (universal8890), Android 6.0.1 (MMB29K) API 23, ABI arm64-v8a, (samsung/hero2ltebmc/hero2ltebmc:6.0.1/MMB29K/G935W8VLU2APK3:user/release-keys)
2017-01-23 15:00:46 Building configuration…
2017-01-23 15:00:46 started Socket Thread
2017-01-23 15:00:46 Network Status: CONNECTED HSPA+ to MOBILE ltemobile.apn
2017-01-23 15:00:46 P:Initializing Google Breakpad!
2017-01-23 15:00:46 Current Parameter Settings:
2017-01-23 15:00:46 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2017-01-23 15:00:46 mode = 0
2017-01-23 15:00:46 show_ciphers = DISABLED
2017-01-23 15:00:46 show_digests = DISABLED
2017-01-23 15:00:46 show_engines = DISABLED
2017-01-23 15:00:46 genkey = DISABLED
2017-01-23 15:00:46 key_pass_file = '[UNDEF]'
2017-01-23 15:00:46 show_tls_ciphers = DISABLED
2017-01-23 15:00:46 connect_retry_max = 0
2017-01-23 15:00:46 Connection profiles [0]:
2017-01-23 15:00:46 proto = tcp-client
2017-01-23 15:00:46 local = '[UNDEF]'
2017-01-23 15:00:46 local_port = '[UNDEF]'
2017-01-23 15:00:46 remote = '-----serverdyndnshostname-------'
2017-01-23 15:00:46 remote_port = '443'
2017-01-23 15:00:46 remote_float = DISABLED
2017-01-23 15:00:46 bind_defined = DISABLED
2017-01-23 15:00:46 bind_local = DISABLED
2017-01-23 15:00:46 bind_ipv6_only = DISABLED
2017-01-23 15:00:46 connect_retry_seconds = 2
2017-01-23 15:00:46 connect_timeout = 120
2017-01-23 15:00:46 socks_proxy_server = '[UNDEF]'
2017-01-23 15:00:46 socks_proxy_port = '[UNDEF]'
2017-01-23 15:00:46 tun_mtu = 1500
2017-01-23 15:00:46 tun_mtu_defined = ENABLED
2017-01-23 15:00:46 link_mtu = 1500
2017-01-23 15:00:46 link_mtu_defined = DISABLED
2017-01-23 15:00:46 tun_mtu_extra = 0
2017-01-23 15:00:46 tun_mtu_extra_defined = DISABLED
2017-01-23 15:00:46 mtu_discover_type = -1
2017-01-23 15:00:46 fragment = 0
2017-01-23 15:00:46 mssfix = 1450
2017-01-23 15:00:46 explicit_exit_notification = 0
2017-01-23 15:00:46 Connection profiles END
2017-01-23 15:00:46 remote_random = DISABLED
2017-01-23 15:00:46 ipchange = '[UNDEF]'
2017-01-23 15:00:46 dev = 'tun'
2017-01-23 15:00:46 dev_type = '[UNDEF]'
2017-01-23 15:00:46 dev_node = '[UNDEF]'
2017-01-23 15:00:46 lladdr = '[UNDEF]'
2017-01-23 15:00:46 topology = 1
2017-01-23 15:00:46 ifconfig_local = '[UNDEF]'
2017-01-23 15:00:46 ifconfig_remote_netmask = '[UNDEF]'
2017-01-23 15:00:46 ifconfig_noexec = DISABLED
2017-01-23 15:00:46 ifconfig_nowarn = ENABLED
2017-01-23 15:00:46 ifconfig_ipv6_local = '[UNDEF]'
2017-01-23 15:00:46 ifconfig_ipv6_netbits = 0
2017-01-23 15:00:46 ifconfig_ipv6_remote = '[UNDEF]'
2017-01-23 15:00:46 shaper = 0
2017-01-23 15:00:46 mtu_test = 0
2017-01-23 15:00:46 mlock = DISABLED
2017-01-23 15:00:46 keepalive_ping = 0
2017-01-23 15:00:46 keepalive_timeout = 0
2017-01-23 15:00:46 inactivity_timeout = 0
2017-01-23 15:00:46 ping_send_timeout = 0
2017-01-23 15:00:46 ping_rec_timeout = 0
2017-01-23 15:00:46 ping_rec_timeout_action = 0
2017-01-23 15:00:46 ping_timer_remote = DISABLED
2017-01-23 15:00:46 remap_sigusr1 = 0
2017-01-23 15:00:46 persist_tun = DISABLED
2017-01-23 15:00:46 persist_local_ip = DISABLED
2017-01-23 15:00:46 persist_remote_ip = DISABLED
2017-01-23 15:00:46 persist_key = DISABLED
2017-01-23 15:00:46 passtos = DISABLED
2017-01-23 15:00:46 resolve_retry_seconds = 60
2017-01-23 15:00:46 resolve_in_advance = DISABLED
2017-01-23 15:00:46 username = '[UNDEF]'
2017-01-23 15:00:46 groupname = '[UNDEF]'
2017-01-23 15:00:46 chroot_dir = '[UNDEF]'
2017-01-23 15:00:46 cd_dir = '[UNDEF]'
2017-01-23 15:00:46 writepid = '[UNDEF]'
2017-01-23 15:00:46 up_script = '[UNDEF]'
2017-01-23 15:00:46 down_script = '[UNDEF]'
2017-01-23 15:00:46 down_pre = DISABLED
2017-01-23 15:00:46 up_restart = DISABLED
2017-01-23 15:00:46 up_delay = DISABLED
2017-01-23 15:00:46 daemon = DISABLED
2017-01-23 15:00:46 inetd = 0
2017-01-23 15:00:46 log = DISABLED
2017-01-23 15:00:46 suppress_timestamps = DISABLED
2017-01-23 15:00:46 machine_readable_output = ENABLED
2017-01-23 15:00:46 nice = 0
2017-01-23 15:00:46 verbosity = 4
2017-01-23 15:00:46 mute = 0
2017-01-23 15:00:46 gremlin = 0
2017-01-23 15:00:46 status_file = '[UNDEF]'
2017-01-23 15:00:46 status_file_version = 1
2017-01-23 15:00:46 status_file_update_freq = 60
2017-01-23 15:00:46 occ = ENABLED
2017-01-23 15:00:46 rcvbuf = 0
2017-01-23 15:00:46 sndbuf = 0
2017-01-23 15:00:46 sockflags = 0
2017-01-23 15:00:46 fast_io = DISABLED
2017-01-23 15:00:46 comp.alg = 0
2017-01-23 15:00:46 comp.flags = 0
2017-01-23 15:00:46 route_script = '[UNDEF]'
2017-01-23 15:00:46 route_default_gateway = '[UNDEF]'
2017-01-23 15:00:46 route_default_metric = 0
2017-01-23 15:00:46 route_noexec = DISABLED
2017-01-23 15:00:46 route_delay = 0
2017-01-23 15:00:46 route_delay_window = 30
2017-01-23 15:00:46 route_delay_defined = DISABLED
2017-01-23 15:00:46 route_nopull = DISABLED
2017-01-23 15:00:46 route_gateway_via_dhcp = DISABLED
2017-01-23 15:00:46 allow_pull_fqdn = DISABLED
2017-01-23 15:00:46 route 0.0.0.0/0.0.0.0/vpn_gateway/default (not set)
2017-01-23 15:00:46 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2017-01-23 15:00:46 management_port = 'unix'
2017-01-23 15:00:46 management_user_pass = '[UNDEF]'
2017-01-23 15:00:46 management_log_history_cache = 250
2017-01-23 15:00:46 management_echo_buffer_size = 100
2017-01-23 15:00:46 management_write_peer_info_file = '[UNDEF]'
2017-01-23 15:00:46 management_client_user = '[UNDEF]'
2017-01-23 15:00:46 management_client_group = '[UNDEF]'
2017-01-23 15:00:46 management_flags = 4390
2017-01-23 15:00:46 shared_secret_file = '[UNDEF]'
2017-01-23 15:00:46 key_direction = (null)
2017-01-23 15:00:46 ciphername = 'BF-CBC'
2017-01-23 15:00:46 ncp_enabled = ENABLED
2017-01-23 15:00:46 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2017-01-23 15:00:46 authname = 'SHA1'
2017-01-23 15:00:46 prng_hash = 'SHA1'
2017-01-23 15:00:46 prng_nonce_secret_len = 16
2017-01-23 15:00:46 keysize = 0
2017-01-23 15:00:46 engine = DISABLED
2017-01-23 15:00:46 replay = ENABLED
2017-01-23 15:00:46 mute_replay_warnings = DISABLED
2017-01-23 15:00:46 replay_window = 64
2017-01-23 15:00:46 replay_time = 15
2017-01-23 15:00:46 packet_id_file = '[UNDEF]'
2017-01-23 15:00:46 use_iv = ENABLED
2017-01-23 15:00:46 test_crypto = DISABLED
2017-01-23 15:00:46 tls_server = DISABLED
2017-01-23 15:00:46 tls_client = ENABLED
2017-01-23 15:00:46 key_method = 2
2017-01-23 15:00:46 ca_file = '[[INLINE]]'
2017-01-23 15:00:46 ca_path = '[UNDEF]'
2017-01-23 15:00:46 dh_file = '[UNDEF]'
2017-01-23 15:00:46 cert_file = '[[INLINE]]'
2017-01-23 15:00:46 extra_certs_file = '[UNDEF]'
2017-01-23 15:00:46 priv_key_file = '[[INLINE]]'
2017-01-23 15:00:46 pkcs12_file = '[UNDEF]'
2017-01-23 15:00:46 cipher_list = '[UNDEF]'
2017-01-23 15:00:46 tls_verify = '[UNDEF]'
2017-01-23 15:00:46 tls_export_cert = '[UNDEF]'
2017-01-23 15:00:46 verify_x509_type = 2
2017-01-23 15:00:46 verify_x509_name = '-----serverdyndnshostname-------'
2017-01-23 15:00:46 crl_file = '[UNDEF]'
2017-01-23 15:00:46 ns_cert_type = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_ku[i] = 0
2017-01-23 15:00:46 remote_cert_eku = '[UNDEF]'
2017-01-23 15:00:46 ssl_flags = 0
2017-01-23 15:00:46 tls_timeout = 2
2017-01-23 15:00:46 renegotiate_bytes = -1
2017-01-23 15:00:46 renegotiate_packets = 0
2017-01-23 15:00:46 renegotiate_seconds = 3600
2017-01-23 15:00:46 handshake_window = 60
2017-01-23 15:00:46 transition_window = 3600
2017-01-23 15:00:46 single_session = DISABLED
2017-01-23 15:00:46 push_peer_info = DISABLED
2017-01-23 15:00:46 tls_exit = DISABLED
2017-01-23 15:00:46 tls_auth_file = '[UNDEF]'
2017-01-23 15:00:46 tls_crypt_file = '[UNDEF]'
2017-01-23 15:00:46 client = ENABLED
2017-01-23 15:00:46 pull = ENABLED
2017-01-23 15:00:46 auth_user_pass_file = '[UNDEF]'
2017-01-23 15:00:46 OpenVPN 2.5-icsopenvpn [git:icsopenvpn-3bb5086974d443b6] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 9 2017
2017-01-23 15:00:46 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
2017-01-23 15:00:46 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2017-01-23 15:00:46 MANAGEMENT: CMD 'hold release'
2017-01-23 15:00:46 MANAGEMENT: CMD 'bytecount 2'
2017-01-23 15:00:46 MANAGEMENT: CMD 'proxy NONE'
2017-01-23 15:00:46 MANAGEMENT: CMD 'state on'
2017-01-23 15:00:47 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2017-01-23 15:00:47 MANAGEMENT: >STATE:1485201647,RESOLVE,,,,,,
2017-01-23 15:00:47 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2017-01-23 15:00:47 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2017-01-23 15:00:47 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2017-01-23 15:00:47 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x.x:443
2017-01-23 15:00:47 Socket Buffers: R=[734003->734003] S=[192239->192239]
2017-01-23 15:00:47 Attempting to establish TCP connection with [AF_INET]x.x.x.x.x:443 [nonblock]
2017-01-23 15:00:47 MANAGEMENT: >STATE:1485201647,TCP_CONNECT,,,,,,
2017-01-23 15:00:48 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2017-01-23 15:00:50 TCP: connect to [AF_INET]x.x.x.x.x:443 failed: Connection refused
2017-01-23 15:00:50 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2017-01-23 15:00:50 MANAGEMENT: >STATE:1485201650,RECONNECTING,init_instance,,,,,
2017-01-23 15:00:52 MANAGEMENT: CMD 'hold release'
2017-01-23 15:00:52 MANAGEMENT: CMD 'proxy NONE'
2017-01-23 15:00:52 MANAGEMENT: CMD 'bytecount 2'
2017-01-23 15:00:52 MANAGEMENT: CMD 'state on'
2017-01-23 15:00:53 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2017-01-23 15:00:53 MANAGEMENT: >STATE:1485201653,RESOLVE,,,,,,
2017-01-23 15:00:53 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2017-01-23 15:00:53 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2017-01-23 15:00:53 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2017-01-23 15:00:53 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x.x:443
2017-01-23 15:00:53 Socket Buffers: R=[734003->734003] S=[192239->192239]
Issue connecting to openvpn on windows 2012R2
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jan 24, 2017 6:57 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Issue connecting to openvpn on windows 2012R2
ghosttown wrote:I changed the port protocol to TCP from UDP and using port 443
Just check your setting again .. if in doubt sniff for ICMP and you will see what is refused ..ghosttown wrote:2017-01-23 15:00:50 TCP: connect to [AF_INET]x.x.x.x.x:443 failed: Connection refused
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jan 24, 2017 6:57 pm
Re: Issue connecting to openvpn on windows 2012R2
I took a capture using wireshark when trying to connect and it seems there is a problem, wireshark is showing a red line for port 443. When I dig down further it seems the Reset Flag gets set when a TCP/ACK happens, not sure why. Any info will be much appreciated
https://www.dropbox.com/s/jsts7tohvjfg9 ... 1.jpg?dl=0
https://www.dropbox.com/s/q3mno7dk0f8qm ... 2.jpg?dl=0
Thanks
https://www.dropbox.com/s/jsts7tohvjfg9 ... 1.jpg?dl=0
https://www.dropbox.com/s/q3mno7dk0f8qm ... 2.jpg?dl=0
Thanks