Open VPN client cant connect , not even see a "syn" packet

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
azalonely
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 27, 2015 1:35 am

Open VPN client cant connect , not even see a "syn" packet

Post by azalonely » Fri Feb 27, 2015 1:58 am

I have installed openvpn server in centos 7, below is my config :

Server config
---------------
;local a.b.c.d
proto tcp
;proto udp
;dev tap
dev tun
;dev-node MyTap
ca root.crt
cert vpnserver.crt
key vpnserver.key
dh dh2048.pem
;topology subnet
server 10.138.7.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
push "route 10.138.0.0 255.255.248.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 10.138.8.61"
;client-to-client
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
;log-append openvpn.log
verb 9
;mute 20

------------------------------------
netstat -tanp | grep openvpn
tcp 0 0 0.0.0.0:1194 0.0.0.0:* LISTEN 11110/openvpn


Client config
---------------------
vpnclient
dev tun
proto tcp
remote 10.138.0.20 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca "C:\\Program Files\\OpenVPN\\\config\\root.crt"
cert "C:\\Program Files\\OpenVPN\\\config\\vpnclient.crt"
key "C:\\Program Files\\OpenVPN\\\config\\vpnclient.key"


Symptom
----------
1) Server tcpdump, does not receive any incoming packet
2) client turn on wireshark, click connect, does not see any tcp sync packet, then finally the client connect fail
3) no log in client.log file

I believe the issue is on the client side, as it does not even send the "syn" packet to destination host ( client and server are in the same subnet, ping no problem ).

Appreciate if anyone here can give advise what should i troubleshoot next..

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Open VPN client cant connect , not even see a "syn" pack

Post by maikcat » Fri Feb 27, 2015 7:22 am

logs please?

use log directive to create log file.

Michael.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Open VPN client cant connect , not even see a "syn" pack

Post by Traffic » Fri Feb 27, 2015 1:28 pm

Your client is not even starting:
azalonely wrote:Client config
---------------------
vpnclient
try client ...

azalonely
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 27, 2015 1:35 am

Re: Open VPN client cant connect , not even see a "syn" pack

Post by azalonely » Sun Mar 01, 2015 6:27 am

thanks for response

there is client.log file, but no log being recorded after connect failed

i have tried "client" instead of "vpnclient" , it does not help any, still the same..


the client machine is 64 bit window 7

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Open VPN client cant connect , not even see a "syn" pack

Post by maikcat » Mon Mar 02, 2015 8:08 am

use verb 5 and post the log here please.

Michael.

azalonely
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 27, 2015 1:35 am

Re: Open VPN client cant connect , not even see a "syn" pack

Post by azalonely » Mon Mar 02, 2015 8:16 am

Hi Thanks for response

I have tried verb 5 and verb 9, neither of them provide any log in client.log file after connect fail.

It does not even send a "syn" packet, does not even complete the layer 4 handshake, could it be related to network driver or what?

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Open VPN client cant connect , not even see a "syn" pack

Post by maikcat » Mon Mar 02, 2015 12:10 pm

if you do not post your logs i dont think that anyone can answer....

also post the output of sestatus command.

Michael.

azalonely
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 27, 2015 1:35 am

Re: Open VPN client cant connect , not even see a "syn" pack

Post by azalonely » Mon Mar 02, 2015 2:12 pm

hi,

sestatus on server

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28


However i dont think the issue is on the server, as client does not send any traffic out..

Not i dont want to post it, it is actually nothing i can post, the client.log file, has zero content, and this is the only log file, or is there any other special thing i can do to generate a special log? something like debug openvpn client process?

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Open VPN client cant connect , not even see a "syn" pack

Post by Traffic » Mon Mar 02, 2015 5:31 pm

azalonely wrote:client machine is 64 bit window 7
Perhaps the problem is related to the Windows TAP driver.

Please post server and client logs.

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Open VPN client cant connect , not even see a "syn" pack

Post by maikcat » Tue Mar 03, 2015 6:44 am

are you running openvpn with admin rights?

alternative you can run from a cli openvpn --config configfile

and post the output here

Michael.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Open VPN client cant connect , not even see a "syn" pack

Post by Traffic » Tue Mar 03, 2015 9:06 am

azalonely wrote:the client.log file, has zero content
add --log to your client config ..

See --log in The Manual v23x

Post Reply