OpenVPN-Windowz>Zerina-Lunix: connection impossible!!!!

[swap1984]

hi, is one month I try to configure a VPN between two offices but I can not.

This is my situation:

OFFICE A
IPCop Linux computer with software installed Zerina
Nat: static IP
Red Card: 192.168.1.3
Green Card: 192.168.2.1

OFFICE B
Windowz XP Client Computer
Nat: static IP
Ip: 192.168.1.5

Since I created the certificates Zerina software base and a wireless Net to Net Connection status and control; client1.zip I saved the file and I unzipped the folder config Windowz OpenVPN installed on the machine.

A NAT on the office I have the virual server addressed with the 1194 open on Red Card 192.168.1.3.

When I launch the connection with OpenVPN by calling the static IP address of my NAT nothing happens, I can not tell if it is an issue of certificates or firewall or data connection.

Help me please

thanks

[maikcat]

hi there,

please post your configs,logs,detail info about server/client if you want to get help..

michael.

ps:why dont you try to setup openvpn server service on to a pc first,then on ipcop.

[swap1984]

I opened in 1194 on the virtual server NAT 192.168.1.3 telecom directed to the Red Card

STEP 1
creating root and host certificates on Zerina (IPCOP) ... What are these?


STEP 2
Creating "Net to Net Connection":


STEP3
certificate creation


STEP4
save certificate


STEP5
Unzipedd certificate in OpenVPN config folder on a Windows PC and rename connectionvpn.conf in connectionvpn.

STEP6
Run connection

results log file OpenVPN Windows PC:
Thu Mar 31 12:26:29 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Thu Mar 31 12:26:29 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Mar 31 12:26:29 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 31 12:26:29 2011 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Thu Mar 31 12:26:29 2011 Control Channel MTU parms [ L:1441 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 12:26:29 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Mar 31 12:26:29 2011 ROUTE default_gateway=192.168.1.1
Thu Mar 31 12:26:29 2011 TAP-WIN32 device [Connessione alla rete locale (LAN) 3] opened: \\.\Global\{49D679C8-667D-4A38-AC3D-0414DC24765F}.tap
Thu Mar 31 12:26:29 2011 TAP-Win32 Driver Version 9.7
Thu Mar 31 12:26:29 2011 TAP-Win32 MTU=1500
Thu Mar 31 12:26:29 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.167.194.2/255.255.255.252 on interface {49D679C8-667D-4A38-AC3D-0414DC24765F} [DHCP-serv: 10.167.194.1, lease-time: 31536000]
Thu Mar 31 12:26:29 2011 Successful ARP Flush on interface [3] {49D679C8-667D-4A38-AC3D-0414DC24765F}
Thu Mar 31 12:26:29 2011 Data Channel MTU parms [ L:1441 D:1441 EF:41 EB:4 ET:0 EL:0 ]
Thu Mar 31 12:26:29 2011 Local Options hash (VER=V4): '85aa8baa'
Thu Mar 31 12:26:29 2011 Expected Remote Options hash (VER=V4): '4226e0f8'
Thu Mar 31 12:26:29 2011 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 12:26:29 2011 UDPv4 link remote: 79.15.141.212:1194

I can not connect ...

Help me please

[swap1984]

Log Zerina IpCop Office A
12:33:33 OVPN_connectionvpn [UNDEF] Inactivity timeout (--ping-restart), restarting
12:33:33 OVPN_connectionvpn TCP/UDP: Closing socket
12:33:33 OVPN_connectionvpn Closing TUN/TAP interface
12:33:33 OVPN_connectionvpn SIGUSR1[soft,ping-restart] received, process restarting
12:33:33 OVPN_connectionvpn Restart pause, 2 second(s)
12:33:35 OVPN_connectionvpn Diffie-Hellman initialized with 1024 bit key
12:33:35 OVPN_connectionvpn WARNING: normally if you use --mssfix and/or --fragment, you should also set --t un-mtu 1500 (currently it is 1400)
12:33:35 OVPN_connectionvpn Control Channel MTU parms [ L:1441 D:138 EF:38 EB:0 ET:0 EL:0 ]
12:33:35 OVPN_connectionvpn TUN/TAP device tun0 opened
12:33:35 OVPN_connectionvpn /sbin/ifconfig tun0 10.167.194.1 pointopoint 10.167.194.2 mtu 1400
12:33:35 OVPN_connectionvpn /sbin/route add -net 192.168.1.5 netmask 255.255.255.0 gw 10.167.194.2
12:33:35 OVPN_connectionvpn ERROR: Linux route add command failed: shell command exited with error status: 4
12:33:35 OVPN_connectionvpn Data Channel MTU parms [ L:1441 D:1441 EF:41 EB:4 ET:0 EL:0 ]
12:33:35 OVPN_connectionvpn Local Options hash (VER=V4): '4226e0f8'
12:33:35 OVPN_connectionvpn Expected Remote Options hash (VER=V4): '85aa8baa'
12:33:35 OVPN_connectionvpn UDPv4 link local (bound): [undef]:1194
12:33:35 OVPN_connectionvpn UDPv4 link remote: 87.23.254.3:1194

[maikcat]

hi there,

first i have never used ipcop...
second try to setup openvpn into a vpn,learn to configure it first and then try to set it up on ipcop..

now from your logs i see:

Log Zerina IpCop Office A
UDPv4 link remote: 87.23.254.3:1194

results log file OpenVPN Windows PC:
UDPv4 link remote: 79.15.141.212:1194

they both try to connect to each other.. (?).

one end needs to be server and other client,
for lan-2-lan setup you simply configure routing inside openvpn (2 statements needed actually).

my advise
read about openvpn first then try to use it inside ipcop.

EDIT

didnt notice this..

remote lan and red interface have 192.168.1.x subnet?
i think you will have routing problems....



michael.

[swap1984]

You were right, wrong configuration Zerina.

Now I have created a connection Roadwarriors, I downloaded and unzipped the certificates in OpenVPN config folder.
After that I connected to both my office machine is a machine of 'remote office firewall both on the server and everything seems to go well, exchange certificate, recognition and assignment of ip everything perfect: this is the class assigned addresses: 10,224. 246.0/255.255.255.0

Now I ask? How come I can not see the shared network resources by typing the ip of my computer? How come I can not ping any machine?

It can be caused by the IPCop firewall?

Thanks

Have a nice day

[maikcat]

hi there,

if i understand correctly ,you still using ipcop..right?

did you setup openvpn server to push to your clients a static route for
your lan subnet?

if yes,check your client if it updates his routing table..

ps:i dont know if ipcop automatic configures firewall as well..

michael.

[swap1984]

ERROR CONNECTION
Wed Apr 06 11:52:30 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Apr 06 11:52:30 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 06 11:52:30 2011 LZO compression initialized
Wed Apr 06 11:52:30 2011 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Wed Apr 06 11:52:30 2011 Control Channel MTU parms [ L:1442 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Apr 06 11:52:30 2011 TAP-WIN32 device [OpenVpn] opened: \\.\Global\{AA82BD3C-5D91-4C89-9BAD-C0AA53D0FE53}.tap
Wed Apr 06 11:52:30 2011 TAP-Win32 Driver Version 8.4
Wed Apr 06 11:52:30 2011 TAP-Win32 MTU=1500
Wed Apr 06 11:52:30 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.67.232.2/255.255.255.252 on interface {AA82BD3C-5D91-4C89-9BAD-C0AA53D0FE53} [DHCP-serv: 10.67.232.1, lease-time: 31536000]
Wed Apr 06 11:52:30 2011 Successful ARP Flush on interface [3] {AA82BD3C-5D91-4C89-9BAD-C0AA53D0FE53}
Wed Apr 06 11:52:30 2011 Data Channel MTU parms [ L:1442 D:1442 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr 06 11:52:30 2011 Local Options hash (VER=V4): '2a744c45'
Wed Apr 06 11:52:30 2011 Expected Remote Options hash (VER=V4): '874cf535'
Wed Apr 06 11:52:30 2011 UDPv4 link local (bound): [undef]:1194
Wed Apr 06 11:52:30 2011 UDPv4 link remote: 87.6.197.75:1194
Wed Apr 06 11:52:30 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Apr 06 11:52:32 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Apr 06 11:52:33 2011 TCP/UDP: Closing socket
Wed Apr 06 11:52:33 2011 Closing TUN/TAP interface
Wed Apr 06 11:52:33 2011 SIGTERM[hard,] received, process exiting

hlep me please

[maikcat]

hi there,

read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

looks like a firewall is blocking you..(maybe firewall on server side).

cheers,

michael.

[swap1984]

solved ... was necessary to remove the bridge that I've created ... more I put in the routing table entry by setting the clinet a gateway as the server's IP VPN.

Thanks for the help

[maikcat]

>solved ...

ok then,

closing topic.

Michael