Trouble Connecting to OpenVPN Server

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
ghoti
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 01, 2012 3:01 am

Trouble Connecting to OpenVPN Server

Post by ghoti » Sat Dec 01, 2012 3:35 am

Hi, I've been wracking my brain over this for three days and I have not had much luck - I'm hoping someone can help.

Router
Router Address: 192.168.66.1
Starting IP Address: 192.168.66.99
IP Range: .99 - .148

Client: Windows 7
I have the latest OpenVPN GUI installed and opened it as "Run as Admin"

Server: Raspberry Pi - headless Arch Linux
Static IP: 192.168.66.98

server.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/rpivpn.crt
key /etc/openvpn/rpivpn.key # This file should be kept secret
dh /etc/openvpn/dh2048.pem
;server 192.168.66.98 255.255.255.0
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge
push "route 10.8.0.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-options DNS 192.168.66.1"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 6
;mute 20
iptables --list

Already set it to load on reboot
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.8.0.0/24 10.66.4.4

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
already updated ip_forward to 1

client.opvn
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 192.168.66.98 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
mute-replay-warnings
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\winlap.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\winlap.key"
ns-cert-type server
tls-auth "C:\\Program Files (x86)\\OpenVPN\\config\\ta.key" 1
cipher BF-CBC
comp-lzo
verb 3
;mute 20
This is my log when I connect to OpenVPN
Fri Nov 30 22:24:28 2012 NOTE: --user option is not implemented on Windows
Fri Nov 30 22:24:28 2012 NOTE: --group option is not implemented on Windows
Fri Nov 30 22:24:28 2012 OpenVPN 2.1_rc22 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 20 2009
Fri Nov 30 22:24:28 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Nov 30 22:24:29 2012 Control Channel Authentication: using 'C:\Program Files (x86)\OpenVPN\config\ta.key' as a OpenVPN static key file
Fri Nov 30 22:24:29 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 30 22:24:29 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 30 22:24:29 2012 LZO compression initialized
Fri Nov 30 22:24:29 2012 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Nov 30 22:24:29 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Nov 30 22:24:29 2012 Local Options hash (VER=V4): '504e774e'
Fri Nov 30 22:24:29 2012 Expected Remote Options hash (VER=V4): '14168603'
Fri Nov 30 22:24:29 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 30 22:24:29 2012 UDPv4 link local: [undef]
Fri Nov 30 22:24:29 2012 UDPv4 link remote: 192.168.66.98:1194
Fri Nov 30 22:24:29 2012 TLS: Initial packet from 192.168.66.98:1194, sid=e1ff2f76 7585c7f9
Fri Nov 30 22:24:29 2012 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Fri Nov 30 22:24:29 2012 VERIFY OK: nsCertType=SERVER
Fri Nov 30 22:24:29 2012 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=rpivpn/name=changeme/emailAddress=mail@host.domain
Fri Nov 30 22:24:31 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov 30 22:24:31 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 30 22:24:31 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov 30 22:24:31 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 30 22:24:31 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov 30 22:24:31 2012 [rpivpn] Peer Connection Initiated with 192.168.66.98:1194
Fri Nov 30 22:24:33 2012 SENT CONTROL [rpivpn]: 'PUSH_REQUEST' (status=1)
Fri Nov 30 22:24:33 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-options DNS 192.168.66.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Nov 30 22:24:33 2012 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: dhcp-options (2.1_rc22)
Fri Nov 30 22:24:33 2012 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov 30 22:24:33 2012 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov 30 22:24:33 2012 OPTIONS IMPORT: route options modified
Fri Nov 30 22:24:34 2012 ROUTE default_gateway=192.168.66.1
Fri Nov 30 22:24:34 2012 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{CCB3F481-CC87-4242-B9C4-CFB6CF85BC89}.tap
Fri Nov 30 22:24:34 2012 TAP-Win32 Driver Version 9.6
Fri Nov 30 22:24:34 2012 TAP-Win32 MTU=1500
Fri Nov 30 22:24:34 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {CCB3F481-CC87-4242-B9C4-CFB6CF85BC89} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Nov 30 22:24:34 2012 Successful ARP Flush on interface [33] {CCB3F481-CC87-4242-B9C4-CFB6CF85BC89}
Fri Nov 30 22:24:39 2012 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Fri Nov 30 22:24:39 2012 C:\WINDOWS\system32\route.exe ADD 192.168.66.98 MASK 255.255.255.255 192.168.66.1
Fri Nov 30 22:24:39 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=100 and dwForwardType=4
Fri Nov 30 22:24:39 2012 Route addition via IPAPI succeeded [adaptive]
Fri Nov 30 22:24:39 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Nov 30 22:24:39 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Nov 30 22:24:39 2012 Route addition via IPAPI succeeded [adaptive]
Fri Nov 30 22:24:39 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Nov 30 22:24:39 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Nov 30 22:24:39 2012 Route addition via IPAPI succeeded [adaptive]
Fri Nov 30 22:24:39 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Fri Nov 30 22:24:39 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Nov 30 22:24:39 2012 Route addition via IPAPI succeeded [adaptive]
Fri Nov 30 22:24:39 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Fri Nov 30 22:24:39 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Nov 30 22:24:39 2012 Route addition via IPAPI succeeded [adaptive]
Fri Nov 30 22:24:39 2012 Initialization Sequence Completed
I can connect to OpenVPN but my public IP still shows when search Google for it - so I am just going to guess that there is something wrong.

There was a point where I was able to connect to OpenVPN but not successfully visit any pages.

I'm sure it's something trivial that I am overlooking, specifically with the IP addresses. Any help would be greatly appreciated.
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Trouble Connecting to OpenVPN Server

Post by maikcat » Sat Dec 01, 2012 1:22 pm

hi there,
Fri Nov 30 22:24:28 2012 OpenVPN 2.1_rc22 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 20 2009
2.1 rc 22 is quite old..

on 7 use at least 2.1.1 and above...

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
ghoti
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 01, 2012 3:01 am

Re: Trouble Connecting to OpenVPN Server

Post by ghoti » Sat Dec 01, 2012 2:31 pm

Hi thanks for catching that!

I updated the GUI but I'm still having the same problem :/
Sat Dec 01 09:28:44 2012 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Enter Management Password:
Sat Dec 01 09:28:44 2012 MANAGEMENT: TCP Socket listening on 127.0.0.10:25340
Sat Dec 01 09:28:44 2012 Need hold release from management interface, waiting...
Sat Dec 01 09:28:45 2012 MANAGEMENT: Client connected from 127.0.0.10:25340
Sat Dec 01 09:28:45 2012 MANAGEMENT: CMD 'state on'
Sat Dec 01 09:28:45 2012 MANAGEMENT: CMD 'log all on'
Sat Dec 01 09:28:45 2012 MANAGEMENT: CMD 'hold off'
Sat Dec 01 09:28:45 2012 MANAGEMENT: CMD 'hold release'
Sat Dec 01 09:28:45 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 01 09:28:45 2012 Control Channel Authentication: using 'C:\Program Files (x86)\OpenVPN\config\ta.key' as a OpenVPN static key file
Sat Dec 01 09:28:45 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 01 09:28:45 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 01 09:28:45 2012 LZO compression initialized
Sat Dec 01 09:28:45 2012 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 01 09:28:45 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Dec 01 09:28:45 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Dec 01 09:28:45 2012 Local Options hash (VER=V4): '504e774e'
Sat Dec 01 09:28:45 2012 Expected Remote Options hash (VER=V4): '14168603'
Sat Dec 01 09:28:45 2012 UDPv4 link local: [undef]
Sat Dec 01 09:28:45 2012 UDPv4 link remote: 192.168.66.98:1194
Sat Dec 01 09:28:45 2012 MANAGEMENT: >STATE:1354372125,WAIT,,,
Sat Dec 01 09:28:45 2012 MANAGEMENT: >STATE:1354372125,AUTH,,,
Sat Dec 01 09:28:45 2012 TLS: Initial packet from 192.168.66.98:1194, sid=c66be73e 254744e1
Sat Dec 01 09:28:46 2012 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Sat Dec 01 09:28:46 2012 VERIFY OK: nsCertType=SERVER
Sat Dec 01 09:28:46 2012 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=rpivpn/name=changeme/emailAddress=mail@host.domain
Sat Dec 01 09:28:48 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 01 09:28:48 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 01 09:28:48 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 01 09:28:48 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 01 09:28:48 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Dec 01 09:28:48 2012 [rpivpn] Peer Connection Initiated with 192.168.66.98:1194
Sat Dec 01 09:28:49 2012 MANAGEMENT: >STATE:1354372129,GET_CONFIG,,,
Sat Dec 01 09:28:50 2012 SENT CONTROL [rpivpn]: 'PUSH_REQUEST' (status=1)
Sat Dec 01 09:28:50 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-options DNS 192.168.66.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Dec 01 09:28:50 2012 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: dhcp-options (2.1.3)
Sat Dec 01 09:28:50 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 01 09:28:50 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 01 09:28:50 2012 OPTIONS IMPORT: route options modified
Sat Dec 01 09:28:50 2012 ROUTE default_gateway=192.168.66.1
Sat Dec 01 09:28:50 2012 MANAGEMENT: >STATE:1354372130,ASSIGN_IP,,10.8.0.6,
Sat Dec 01 09:28:50 2012 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{F9EC27BF-49D0-4F23-9229-51E55647208B}.tap
Sat Dec 01 09:28:50 2012 TAP-Win32 Driver Version 9.7
Sat Dec 01 09:28:50 2012 TAP-Win32 MTU=1500
Sat Dec 01 09:28:50 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {F9EC27BF-49D0-4F23-9229-51E55647208B} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sat Dec 01 09:28:50 2012 Successful ARP Flush on interface [30] {F9EC27BF-49D0-4F23-9229-51E55647208B}
Sat Dec 01 09:28:55 2012 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sat Dec 01 09:28:55 2012 C:\WINDOWS\system32\route.exe ADD 192.168.66.98 MASK 255.255.255.255 192.168.66.1
Sat Dec 01 09:28:55 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=100 and dwForwardType=4
Sat Dec 01 09:28:55 2012 Route addition via IPAPI succeeded [adaptive]
Sat Dec 01 09:28:55 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sat Dec 01 09:28:55 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Dec 01 09:28:55 2012 Route addition via IPAPI succeeded [adaptive]
Sat Dec 01 09:28:55 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sat Dec 01 09:28:55 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Dec 01 09:28:55 2012 Route addition via IPAPI succeeded [adaptive]
Sat Dec 01 09:28:55 2012 MANAGEMENT: >STATE:1354372135,ADD_ROUTES,,,
Sat Dec 01 09:28:55 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Sat Dec 01 09:28:55 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Dec 01 09:28:55 2012 Route addition via IPAPI succeeded [adaptive]
Sat Dec 01 09:28:55 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sat Dec 01 09:28:55 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Dec 01 09:28:55 2012 Route addition via IPAPI succeeded [adaptive]
Sat Dec 01 09:28:55 2012 Initialization Sequence Completed
Sat Dec 01 09:28:55 2012 MANAGEMENT: >STATE:1354372135,CONNECTED,SUCCESS,10.8.0.6,192.168.66.98
Top
ghoti
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 01, 2012 3:01 am

Re: Trouble Connecting to OpenVPN Server

Post by ghoti » Sun Dec 02, 2012 1:10 am

I decided to do some regression testing with Wireshark. And I could use some input.

I ran Wireshark while I was not connected to OpenVPN, used my ethernet capture interface that had my IP (192.168.66.121), visited a webpage and followed the HTTP stream and viewed the "Line-based text data" and I can see the html for the webpage I visited. All of the protocols are either HTTP or TCP. Which is what I expected.

Source: weather.com (23.3.106.113)
Destination: 192.168.66.121

I then connected to my OpenVPN by running as Administrator.

I perform the same steps as above, same capture interface, (not select the TAP-Win32).

This time I see far less HTTP protocols and a lot of UDP. When I check the "Line-based text data" in the HTTP protocols I see " {"ret": "punt"} ". I also don't see the IP address for weather.com as the "Source" - instead I see the static IP for 192.168.66.98. For the "Destination", I was hoping to see 10.8.0.6 which OpenVPN claimed my machine got assigned but I still see 192.168.66.121.

I have push "redirect-gateway def1 bypass-dhcp" in my server.conf file.
I can assume that the data being passed between server and client is encrypted but I still see my public IP address when google my IP.

Any advice?
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Trouble Connecting to OpenVPN Server

Post by maikcat » Sun Dec 02, 2012 1:15 pm

hi there,

please correct this typo
push "dhcp-options DNS 192.168.66.1"
to
push "dhcp-option DNS 192.168.66.1"
also post the output of netstat -nr on your 7 AFTER openvpn is up...

regards

Michael
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
ghoti
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 01, 2012 3:01 am

Re: Trouble Connecting to OpenVPN Server

Post by ghoti » Sun Dec 02, 2012 3:50 pm

Thanks

Code: Select all

C:\Users\ghoti>netstat -nr
===========================================================================
Interface List
 31...00 ff f9 ec 27 bf ......TAP-Win32 Adapter V9
 16...c0 f8 da c6 ea 58 ......Bluetooth Device (Personal Area Network)
 14...64 80 99 2e 4e 9d ......Microsoft Virtual WiFi Miniport Adapter #2
 13...64 80 99 2e 4e 9d ......Microsoft Virtual WiFi Miniport Adapter
 12...64 d4 da 2a 89 76 ......Intel(R) Centrino(R) WiMAX 6250
 11...64 80 99 2e 4e 9c ......Intel(R) Centrino(R) Advanced-N 6250 AGN
 10...f0 bf 97 5d 96 42 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.66.1   192.168.66.139    200
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     30
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    286
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    286
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
      169.254.0.0      255.255.0.0         On-link          10.8.0.6     30
  169.254.255.255  255.255.255.255         On-link          10.8.0.6    286
     192.168.66.0    255.255.255.0         On-link    192.168.66.139    356
     192.168.66.0    255.255.255.0         10.8.0.5         10.8.0.6     30
    192.168.66.98  255.255.255.255     192.168.66.1   192.168.66.139    100
   192.168.66.139  255.255.255.255         On-link    192.168.66.139    356
   192.168.66.255  255.255.255.255         On-link    192.168.66.139    356
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    286
        224.0.0.0        240.0.0.0         On-link    192.168.66.139    356
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    286
  255.255.255.255  255.255.255.255         On-link    192.168.66.139    356
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0          5.0.0.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:4137:9e76:3c50:588:f5f7:fff9/128
                                    On-link
 31    286 fe80::/64                On-link
 11    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::3c50:588:f5f7:fff9/128
                                    On-link
 31    286 fe80::a915:d39b:b40c:17da/128
                                    On-link
 11    281 fe80::fcf0:c047:efdc:f52f/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 31    286 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===========================================================================
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Trouble Connecting to OpenVPN Server

Post by maikcat » Mon Dec 03, 2012 7:17 am

can you post the output of

iptables -L -t nat -v

on your server?

also can you ping the vpn & lan interface of openvpn server?

also i noticed this on client config

Code: Select all

remote 192.168.66.98 1194
how exactly do you test your setup?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
ghoti
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 01, 2012 3:01 am

Re: Trouble Connecting to OpenVPN Server

Post by ghoti » Mon Dec 03, 2012 11:12 pm

# iptables -L -t nat -v

Code: Select all

Chain PREROUTING (policy ACCEPT 2052 packets, 176K bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain INPUT (policy ACCEPT 1525 packets, 153K bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 165 packets, 12049 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 165 packets, 12049 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 MASQUERADE  all  --  any    eth0    10.8.0.0/24          anywhere
when connected to VPN

Ping from Client to Server
>ping 10.8.0.1 (tun0)

Code: Select all

Pinging 10.8.0.1 with 32 bytes of data:
Request timed out.
Reply from 10.8.0.1: bytes=32 time=6ms TTL=64
Reply from 10.8.0.1: bytes=32 time=12ms TTL=64
Reply from 10.8.0.1: bytes=32 time=4ms TTL=64

Ping statistics for 10.8.0.1:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 12ms, Average = 7ms
>ping 192.168.66.98 (eth0)

Code: Select all

Pinging 192.168.66.98 with 32 bytes of data:
Reply from 192.168.66.98: bytes=32 time=6ms TTL=64
Reply from 192.168.66.98: bytes=32 time=2ms TTL=64
Reply from 192.168.66.98: bytes=32 time=4ms TTL=64
Reply from 192.168.66.98: bytes=32 time=3ms TTL=64

Ping statistics for 192.168.66.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 3ms
My client get assigned 10.8.0.6 but I am unsuccessful when I ping my client from my server
Ping from Server to client

Code: Select all

[root@alarmpi ~]# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
^C
--- 10.8.0.6 ping statistics ---
18 packets transmitted, 0 received, 100% packet loss, time 17003ms
I am able to ping 192.168.66.121

Currently my set up is, (connected by ethernet cable)

Code: Select all


MODEM<------>|  ROUTER  |<--->|rPi VPN server|
             |__________|
                  |<-------->|client|
I figured that if I want to connect outside of my network that I would have to change that value in my client.ovpn from my OpenVPN server static IP to my public IP. I was just trying to get this to work internally for now.

When I changed it to my Public IP, I was unable to connect from my client.

For anyone else that comes across this thread and also runs a headless server and can't check their IP on a website, this is how I found my Public IP address.

Code: Select all

wget http://checkip.dyndns.org/ -O - -o /dev/null | cut -d: -f 2 | cut -d\< -f 1
Thanks for all your help so far maikcat.
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Trouble Connecting to OpenVPN Server

Post by maikcat » Tue Dec 04, 2012 4:43 pm

hi there,
My client get assigned 10.8.0.6 but I am unsuccessful when I ping my client from my server
Ping from Server to client
did you disabled the firewall on tap adapter? (windows side)

if you want to connect from internet & your router performs NAT
you must forward the openvpn port/protocol to your openvpn server.

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
ghoti
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 01, 2012 3:01 am

Re: Trouble Connecting to OpenVPN Server

Post by ghoti » Tue Dec 04, 2012 11:12 pm

The tap adapter is enabled and not blocked by my firewall.

When I added 1194 to my routers port forwarding rule, I wasn't able to reach any web pages after I connected to my server through my windows client.

If I want to connect from outside of my network, can I just switch the below to my servers public IP address?

Code: Select all

remote 192.168.66.98 1194
How do the config files look?
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Trouble Connecting to OpenVPN Server

Post by maikcat » Wed Dec 05, 2012 4:45 pm

change only the remote with your public ip address..

to check that your client MUST be in different network though...

regards

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
Post Reply

Return to “Cert / Config management”