trouble with openvpn

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
angelo_mcbride08
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 08, 2011 3:59 am
Location: Philippines
Contact:

trouble with openvpn

Post by angelo_mcbride08 » Fri Apr 08, 2011 4:06 am

hi there, it's my first time to use openvpn i already experienced to used it successfully. but then one time i wanted to use it again it does not work good anymore... can anyone help me with this problem... here's a log records,

-----------------------------------------
Fri Apr 08 11:52:02 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Apr 08 11:52:02 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Apr 08 11:52:02 2011 WARNING: You have disabled Replay Protection (--no-replay) which may make OpenVPN less secure
Fri Apr 08 11:52:02 2011 WARNING: You have disabled Crypto IVs (--no-iv) which may make OpenVPN less secure
Fri Apr 08 11:52:02 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Apr 08 11:52:02 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Apr 08 11:52:02 2011 ******* WARNING *******: null MAC specified, no authentication will be used
Fri Apr 08 11:52:02 2011 Control Channel MTU parms [ L:1511 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Apr 08 11:52:02 2011 Data Channel MTU parms [ L:1511 D:1450 EF:11 EB:4 ET:0 EL:0 ]
Fri Apr 08 11:52:02 2011 Local Options hash (VER=V4): '5af53619'
Fri Apr 08 11:52:02 2011 Expected Remote Options hash (VER=V4): 'acca7134'
Fri Apr 08 11:52:02 2011 Attempting to establish TCP connection with 192.40.100.20:8080
Fri Apr 08 11:52:05 2011 TCP connection established with 192.40.100.20:8080
Fri Apr 08 11:52:05 2011 Send to HTTP proxy: 'CONNECT freeopenvpn.com:443 HTTP/1.0'
Fri Apr 08 11:52:08 2011 HTTP proxy returned: 'HTTP/1.0 200 Connection Established'
Fri Apr 08 11:52:10 2011 TCPv4_CLIENT link local: [undef]
Fri Apr 08 11:52:10 2011 TCPv4_CLIENT link remote: 192.40.100.20:8080
Fri Apr 08 11:52:23 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=NewYork/O=FREEOPENVPN.COM/CN=FREEOPENVPN.COM/emailAddress=info@freeopenvpn.com
Fri Apr 08 11:52:23 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=NewYork/O=FREEOPENVPN.COM/CN=server/emailAddress=info@freeopenvpn.com
Fri Apr 08 11:52:47 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 08 11:52:47 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 08 11:52:47 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Apr 08 11:52:47 2011 [server] Peer Connection Initiated with 192.40.100.20:8080
Fri Apr 08 11:52:51 2011 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{2666D0C3-B6C0-4E63-ADA5-332EA692CD11}.tap
Fri Apr 08 11:52:51 2011 TAP-Win32 MTU=1500
Fri Apr 08 11:52:51 2011 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.60.0.0/10.60.0.97/255.255.0.0 [SUCCEEDED]
Fri Apr 08 11:52:51 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.60.0.97/255.255.0.0 on interface {2666D0C3-B6C0-4E63-ADA5-332EA692CD11} [DHCP-serv: 10.60.255.254, lease-time: 31536000]
Fri Apr 08 11:52:51 2011 Successful ARP Flush on interface [32] {2666D0C3-B6C0-4E63-ADA5-332EA692CD11}
Fri Apr 08 11:52:53 2011 Initialization Sequence Completed
-----------------------------

the initialization is completed but when i open a browser it does not load...

hoping for a help solution...
thank you.

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: trouble with openvpn

Post by maikcat » Fri Apr 08, 2011 6:55 am

hi there,

please post configs (server/client)..

you are using proxy right?
your client recieves 10.60.0.97 ip?
do you ping the server 10.60.0.1?

please post details....

michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

angelo_mcbride08
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 08, 2011 3:59 am
Location: Philippines
Contact:

Re: trouble with openvpn

Post by angelo_mcbride08 » Fri Apr 08, 2011 11:44 am

hi sir Mich,

thank you for the response.

i have here a total of 6 configurations:
since i am from Philippines these are the top 4 configs i have,
*globewwwair
*globewwwarethusa
*globewwwfreeopenvpn
*globewwwproxpn

however, i only tried using freeopenvpn. since i do not know the others even i tried using them all.. only the freeopenvpn is working. for about 48hrs. it works properly, bu then after i tried using it again it won't work anymore.. and the following logs is the result.. i was not able to browse. :(

*VIEW LOG*--------
Fri Apr 08 19:29:44 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Fri Apr 08 19:29:44 2011 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Apr 08 19:29:44 2011 WARNING: You have disabled Replay Protection (--no-replay) which may make OpenVPN less secure
Fri Apr 08 19:29:44 2011 WARNING: You have disabled Crypto IVs (--no-iv) which may make OpenVPN less secure
Fri Apr 08 19:29:44 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Apr 08 19:29:44 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Apr 08 19:29:44 2011 ******* WARNING *******: null MAC specified, no authentication will be used
Fri Apr 08 19:29:44 2011 Control Channel MTU parms [ L:1511 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Apr 08 19:29:44 2011 Data Channel MTU parms [ L:1511 D:1450 EF:11 EB:4 ET:0 EL:0 ]
Fri Apr 08 19:29:44 2011 Local Options hash (VER=V4): '5af53619'
Fri Apr 08 19:29:44 2011 Expected Remote Options hash (VER=V4): 'acca7134'
Fri Apr 08 19:29:44 2011 Attempting to establish TCP connection with 203.177.42.214:8080
Fri Apr 08 19:29:44 2011 TCP connection established with 203.177.42.214:8080
Fri Apr 08 19:29:44 2011 Send to HTTP proxy: 'CONNECT freeopenvpn.com:443 HTTP/1.0'
Fri Apr 08 19:29:48 2011 HTTP proxy returned: 'HTTP/1.0 200 Connection Established'
Fri Apr 08 19:29:50 2011 TCPv4_CLIENT link local: [undef]
Fri Apr 08 19:29:50 2011 TCPv4_CLIENT link remote: 203.177.42.214:8080
Fri Apr 08 19:30:00 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=NewYork/O=FREEOPENVPN.COM/CN=FREEOPENVPN.COM/emailAddress=info@freeopenvpn.com
Fri Apr 08 19:30:00 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=NewYork/O=FREEOPENVPN.COM/CN=server/emailAddress=info@freeopenvpn.com
Fri Apr 08 19:30:16 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 08 19:30:16 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 08 19:30:16 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Apr 08 19:30:16 2011 [server] Peer Connection Initiated with 203.177.42.214:8080
Fri Apr 08 19:30:20 2011 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{613E0A30-C0B6-4120-9538-7FAF8B0DE83B}.tap
Fri Apr 08 19:30:20 2011 TAP-Win32 MTU=1500
Fri Apr 08 19:30:20 2011 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.60.0.0/10.60.0.82/255.255.0.0 [SUCCEEDED]
Fri Apr 08 19:30:20 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.60.0.82/255.255.0.0 on interface {613E0A30-C0B6-4120-9538-7FAF8B0DE83B} [DHCP-serv: 10.60.255.254, lease-time: 31536000]
Fri Apr 08 19:30:20 2011 Successful ARP Flush on interface [30] {613E0A30-C0B6-4120-9538-7FAF8B0DE83B}
OK!
OK!
OK!
Fri Apr 08 19:30:23 2011 Initialization Sequence Completed
Fri Apr 08 19:31:34 2011 [server] Inactivity timeout (--ping-restart), restarting
Fri Apr 08 19:31:34 2011 TCP/UDP: Closing socket
Fri Apr 08 19:31:34 2011 SIGUSR1[soft,ping-restart] received, process restarting
Fri Apr 08 19:31:39 2011 WARNING: You have disabled Replay Protection (--no-replay) which may make OpenVPN less secure
Fri Apr 08 19:31:39 2011 WARNING: You have disabled Crypto IVs (--no-iv) which may make OpenVPN less secure
Fri Apr 08 19:31:39 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Apr 08 19:31:39 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Apr 08 19:31:39 2011 Re-using SSL/TLS context
Fri Apr 08 19:31:39 2011 Control Channel MTU parms [ L:1511 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Apr 08 19:31:39 2011 Data Channel MTU parms [ L:1511 D:1450 EF:11 EB:4 ET:0 EL:0 ]
Fri Apr 08 19:31:39 2011 Local Options hash (VER=V4): '5af53619'
Fri Apr 08 19:31:39 2011 Expected Remote Options hash (VER=V4): 'acca7134'
Fri Apr 08 19:31:39 2011 Attempting to establish TCP connection with 203.177.42.214:8080
Fri Apr 08 19:31:43 2011 TCP connection established with 203.177.42.214:8080
Fri Apr 08 19:31:43 2011 Send to HTTP proxy: 'CONNECT freeopenvpn.com:443 HTTP/1.0'
Fri Apr 08 19:31:44 2011 HTTP proxy returned: 'HTTP/1.0 200 Connection Established'
Fri Apr 08 19:31:46 2011 TCPv4_CLIENT link local: [undef]
Fri Apr 08 19:31:46 2011 TCPv4_CLIENT link remote: 203.177.42.214:8080
Fri Apr 08 19:31:57 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=NewYork/O=FREEOPENVPN.COM/CN=FREEOPENVPN.COM/emailAddress=info@freeopenvpn.com
Fri Apr 08 19:31:57 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=NewYork/O=FREEOPENVPN.COM/CN=server/emailAddress=info@freeopenvpn.com
Fri Apr 08 19:32:14 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 08 19:32:14 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 08 19:32:14 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Apr 08 19:32:14 2011 [server] Peer Connection Initiated with 203.177.42.214:8080
Fri Apr 08 19:32:18 2011 Preserving previous TUN/TAP instance: Local Area Connection 4
Fri Apr 08 19:32:18 2011 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
OK!
OK!
OK!
Fri Apr 08 19:32:18 2011 Closing TUN/TAP interface
Fri Apr 08 19:32:19 2011 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{613E0A30-C0B6-4120-9538-7FAF8B0DE83B}.tap
Fri Apr 08 19:32:19 2011 TAP-Win32 MTU=1500
Fri Apr 08 19:32:19 2011 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.60.0.0/10.60.0.111/255.255.0.0 [SUCCEEDED]
Fri Apr 08 19:32:19 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.60.0.111/255.255.0.0 on interface {613E0A30-C0B6-4120-9538-7FAF8B0DE83B} [DHCP-serv: 10.60.255.254, lease-time: 31536000]
Fri Apr 08 19:32:19 2011 Successful ARP Flush on interface [30] {613E0A30-C0B6-4120-9538-7FAF8B0DE83B}
OK!
OK!
OK!
Fri Apr 08 19:32:22 2011 Initialization Sequence Completed
Fri Apr 08 19:33:25 2011 [server] Inactivity timeout (--ping-restart), restarting
Fri Apr 08 19:33:25 2011 TCP/UDP: Closing socket
Fri Apr 08 19:33:25 2011 SIGUSR1[soft,ping-restart] received, process restarting
Fri Apr 08 19:33:30 2011 WARNING: You have disabled Replay Protection (--no-replay) which may make OpenVPN less secure
Fri Apr 08 19:33:30 2011 WARNING: You have disabled Crypto IVs (--no-iv) which may make OpenVPN less secure
Fri Apr 08 19:33:30 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Apr 08 19:33:30 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Apr 08 19:33:30 2011 Re-using SSL/TLS context
Fri Apr 08 19:33:30 2011 Control Channel MTU parms [ L:1511 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Apr 08 19:33:30 2011 Data Channel MTU parms [ L:1511 D:1450 EF:11 EB:4 ET:0 EL:0 ]
Fri Apr 08 19:33:30 2011 Local Options hash (VER=V4): '5af53619'
Fri Apr 08 19:33:30 2011 Expected Remote Options hash (VER=V4): 'acca7134'
Fri Apr 08 19:33:30 2011 Attempting to establish TCP connection with 203.177.42.214:8080
Fri Apr 08 19:33:35 2011 TCP connection established with 203.177.42.214:8080
Fri Apr 08 19:33:35 2011 Send to HTTP proxy: 'CONNECT freeopenvpn.com:443 HTTP/1.0'
Fri Apr 08 19:33:40 2011 recv_line: TCP port read timeout expired
Fri Apr 08 19:33:40 2011 TCP/UDP: Closing socket
OK!
OK!
OK!
Fri Apr 08 19:33:40 2011 Closing TUN/TAP interface
Fri Apr 08 19:33:40 2011 SIGTERM[soft,init_instance] received, process exiting


---------------------*end*

and here's the configuration of the following:
(globewwwfreeopenvpn)


client
dev tun
proto tcp-client
remote-random

<connection>
remote freeopenvpn.com 443
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote freeopenvpn.com 443
http-proxy 192.40.100.20 8080
</connection>

resolv-retry infinite
nobind
ca ca.crt
cert client.crt
key client.key
verb 2
mute 20
no-replay
no-iv
cipher BF-CBC
dhcp-option DNS 8.8.8.8
dhcp-option DNS 208.67.220.220
auth none


ping 10 ping-restart 60
route-method exe
route-delay 2
reneg-sec 0

redirect-gateway def1 bypass-dhcp

for (globewwwproxpn)

client
dev tun
proto tcp
remote-random

<connection>
remote miami.proxpn.com 443
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote miami.proxpn.com 443
http-proxy 192.40.100.20 8080
</connection>

<connection>
remote miami.proxpn.com 8080
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote miami.proxpn.com 8080
http-proxy 192.40.100.20 8080
</connection>

<connection>
remote miami.proxpn.com 80
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote miami.proxpn.com 80
http-proxy 192.40.100.20 8080
</connection>

<connection>
remote 213.179.212.5 443
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote 213.179.212.5 443
http-proxy 192.40.100.20 8080
</connection>

<connection>
remote 213.179.212.5 8080
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote 213.179.212.5 8080
http-proxy 192.40.100.20 8080
</connection>

<connection>
remote 213.179.212.5 80
http-proxy 203.177.42.214 8080
</connection>

<connection>
remote 213.179.212.5 80
http-proxy 192.40.100.20 8080
</connection>

resolv-retry infinite
nobind
persist-key
persist-tun
ca ssl/ca.crt
cert ssl/client.crt
key ssl/client.key
cipher BF-CBC
keysize 512
comp-lzo
verb 4
dhcp-option DNS 8.8.8.8
dhcp-option DNS 208.67.220.220
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass proxpn.bin


ping 10 ping-restart 60
route-method exe
route-delay 2
reneg-sec 0


redirect-gateway def1 bypass-dhcp



sir, thank so much for response..

:) miguel

Post Reply