Client can't connect to server

JNZ · Post by **JNZ** » Thu Sep 01, 2011 9:15 pm

Hi,

i just configured the vpn-server on dd-wrt.

Somehow, the client cannot connect to the server.

Maybe someone can find what went wrong

Server.conf

Code: Select all

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 4
mute 5
log-append /var/log/openvpn
tls-server
management 127.0.0.1 5002
management-log-cache 50
mtu-disc yes
topology subnet
client-config-dir /tmp/openvpn/peers
script-security 2
port 1194
proto udp
cipher aes-512-cbc
auth sha512
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
fast-io
tun-mtu 1500
server 192.168.1.0 255.255.255.0
dev tun0
port 1194
proto udp
dev tun0
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
dh /tmp/openvpn/dh.pem
server 192.168.1.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

Client.conf

Code: Select all

client
dev tun
proto udp
remote <server> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:/ca.crt
cert C:/Zertifikat1.crt
key C:/Zertifikat1.pem
ns-cert-type server
comp-lzo
verb 3

Server-log

Code: Select all

Thu Sep  1 22:21:49 2011 OpenVPN 2.2.0 mipsel-linux [SSL] [LZO2] built on Jun 14 2011
Thu Sep  1 22:21:49 2011 MANAGEMENT: TCP Socket listening on 127.0.0.1:5002
Thu Sep  1 22:21:49 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Sep  1 22:21:49 2011 Diffie-Hellman initialized with 1024 bit key
Thu Sep  1 22:21:49 2011 WARNING: file '/tmp/openvpn/key.pem' is group or others accessible
Thu Sep  1 22:21:49 2011 TLS-Auth MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Sep  1 22:21:49 2011 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Sep  1 22:21:49 2011 TUN/TAP device tun0 opened
Thu Sep  1 22:21:49 2011 TUN/TAP TX queue length set to 100
Thu Sep  1 22:21:49 2011 /sbin/ifconfig tun0 192.168.1.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
Thu Sep  1 22:21:49 2011 /tmp/openvpn/route-up.sh tun0 1500 1602 192.168.1.1 255.255.255.0 init
Thu Sep  1 22:21:49 2011 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep  1 22:21:49 2011 UDPv4 link local (bound): [undef]:1194
Thu Sep  1 22:21:49 2011 UDPv4 link remote: [undef]
Thu Sep  1 22:21:49 2011 MULTI: multi_init called, r=256 v=256
Thu Sep  1 22:21:49 2011 IFCONFIG POOL: base=192.168.1.2 size=252
Thu Sep  1 22:21:49 2011 IFCONFIG POOL LIST
Thu Sep  1 22:21:49 2011 Initialization Sequence Completed

Client-log

Code: Select all

Thu Sep 01 22:58:01 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul  1 2011
Thu Sep 01 22:58:01 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Sep 01 22:58:02 2011 LZO compression initialized
Thu Sep 01 22:58:02 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Sep 01 22:58:02 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Sep 01 22:58:02 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 01 22:58:02 2011 Local Options hash (VER=V4): '41690919'
Thu Sep 01 22:58:02 2011 Expected Remote Options hash (VER=V4): '530fdded'
Thu Sep 01 22:58:02 2011 UDPv4 link local: [undef]
Thu Sep 01 22:58:02 2011 UDPv4 link remote: <resolved server>:1194
Thu Sep 01 22:59:02 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Sep 01 22:59:02 2011 TLS Error: TLS handshake failed
Thu Sep 01 22:59:02 2011 TCP/UDP: Closing socket
Thu Sep 01 22:59:02 2011 SIGUSR1[soft,tls-error] received, process restarting
Thu Sep 01 22:59:02 2011 Restart pause, 2 second(s)
Thu Sep 01 22:59:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Sep 01 22:59:04 2011 Re-using SSL/TLS context
Thu Sep 01 22:59:04 2011 LZO compression initialized
Thu Sep 01 22:59:04 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Sep 01 22:59:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Sep 01 22:59:04 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 01 22:59:04 2011 Local Options hash (VER=V4): '41690919'
Thu Sep 01 22:59:04 2011 Expected Remote Options hash (VER=V4): '530fdded'
Thu Sep 01 22:59:04 2011 UDPv4 link local: [undef]
Thu Sep 01 22:59:04 2011 UDPv4 link remote: <resolved server>:1194
Thu Sep 01 22:59:04 2011 TCP/UDP: Closing socket
Thu Sep 01 22:59:04 2011 SIGTERM[hard,] received, process exiting

Thx
JNZ

Post by **Mimiko** » Fri Sep 02, 2011 5:10 am

Your server's config is a mess. Give the real one.

Thu Sep 01 22:59:02 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

You dd-wrt is not accesible on UDP port 1194.

JNZ · Post by **JNZ** » Fri Sep 02, 2011 6:19 pm

Hi, thanks, don't know how the serverconfig messed up, cause all i filled in the form in the web-gui was:

Code: Select all

port 1194
proto udp
dev tun0
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
dh /tmp/openvpn/dh.pem
server 192.168.1.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

the config was copied from the config-file direct on the router.

But anyway, i found out that my external ip was false and dyndns didn't updated it automatically, both ip's were almost the same, the last byte of each address was different (like 1.2.3.34 and the other like 1.2.3.41)
everything is working now.
thanks for your help

OpenVPN Support Forum

Client can't connect to server

Client can't connect to server

Re: Client can't connect to server

Re: Client can't connect to server