Not connecting to VPN server.

brianstivala · Post by **brianstivala** » Tue Jul 03, 2012 11:58 am

Hi,

I hope I'm on the right forum here, I'm a Linux and Openvpn newbie so go easy on me.

I've Decided to install a VPN on our internal systems to replace the Windows VPN server. I've followed this link http://www.scribd.com/doc/92218110/Inst ... -on-Ubuntu in PDF which is a very well
document done by this person.

Server
I've Installed the openvpn as per documentation and everything went fine no errors whatsoever. The openvpn is installed on Ubuntu 12.04
The configuration for the Network, server certs and client certs have configured as instructed.

Client
I've install openvpn gui client since I'm on windows and as per here under is the client config. X.X.X.X replaced by the Wan IP

client
dev tap0
proto udp #- protocol
remote x.x.x.x 1195 #- SERVER IP and OPENVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

firewall

As a firewall we have installed PFSense on our farm which is a very good firewall.
I've nat forward port 1195 to the internal VPN server IP 192.168.175.19. As protocol I'm using UDP.

Problem

The problem is that when I try to connect I'm getting this error from the client log a per here under. And again the x.x.x.x is replaced by the WAN IP
This seems to be a very common error and most of the users are pointing to the firewall and iptables to resolve this issue.
To be on he safe side since I'm no iptables expert I've disabled completely the firewall in Ubuntu. But still getting the same log message.
Can I get some help on this one, if this is not informative to you and you require some more information please let me know.

Tue Jul 03 12:49:01 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Jul 03 12:49:05 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Jul 03 12:49:05 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 03 12:49:05 2012 LZO compression initialized
Tue Jul 03 12:49:05 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 03 12:49:05 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jul 03 12:49:05 2012 Local Options hash (VER=V4): 'd79ca330'
Tue Jul 03 12:49:05 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Jul 03 12:49:05 2012 UDPv4 link local: [undef]
Tue Jul 03 12:49:05 2012 UDPv4 link remote: x.x.x.x:1195
Tue Jul 03 12:49:05 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:07 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:10 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:12 2012 TCP/UDP: Closing socket
Tue Jul 03 12:49:12 2012 SIGTERM[hard,] received, process exiting

Thanks regards,
Brian

Post by **janjust** » Tue Jul 03, 2012 12:12 pm

sounds very much like a firewall issue.

Also, you're using quite an old version on the (windows) client side:

OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

if you're using Vista/7 then you *must* upgrade to a 2.2 release

brianstivala · Post by **brianstivala** » Tue Jul 03, 2012 3:06 pm

Hi Jan,

Thanks for your reply, I'm using Windows XP as a client and I've installed the new client as suggested but I'm not able to connect. What can I do to the firewall so that I can make this work. Under my PFSense the Nat forward is configured properly I have many things configured as nat forwarding and everything is working, PFSense never failed.

Attached please find my config of PFSense Nat Forward to my local server.

Please let me know if you need more information from side, as I need to resolve this problem.

Thanks

Regards,
Brian

brianstivala · Post by **brianstivala** » Tue Jul 03, 2012 5:28 pm

Hi Jan,

Thanks for your reply, I've installed the new client version and btw I'm running windows XP on the client side. But I have no luck.

If this is a firewall issue can you please let me know what configuration I need to apply on the firewall. I've have already applied the nat forward port 1195 to my server.

Thanks,

Regards,
Brian

Post by **janjust** » Tue Jul 03, 2012 9:09 pm

if people refer to a 'firewall' issue they usually refer to the *server* side : in your case this would be the pfsense box

- can you - for the purpose of debugging - disable most of the firewalling on the pfsense box?

also, can you try switching to 'proto tcp' for debugging?

brianstivala · Post by **brianstivala** » Wed Jul 04, 2012 10:55 am

Hi Jan,

I've already tried the TCP protocol but with no luck, I've installed just installed a PPTP server in linux Ubuntu and the PPTP is working fine, forward the port 1723 and that's it. So I have doubts if this is a firewall issue when It come to openvpn.

Do you need more logs?

Regards,
Brian Stivala

OpenVPN Support Forum

Not connecting to VPN server.

Not connecting to VPN server.

Re: Not connecting to VPN server.

Re: Not connecting to VPN server.

Re: Not connecting to VPN server.

Re: Not connecting to VPN server.

Re: Not connecting to VPN server.