Sorry if this is a real beginner question, but I wasn't sure who to ask.
I recently set up an OpenVPN server using a DD-WRT based router. Everything seemed to be good, but I don't think I am connecting to it correctly. I can access the router via it's web interface; but when I try to connect the VPN, it doesn't work (it was hard to tell, but I verified that my IP address was not from the location of the router). The icon also shows two yellow screens which I assume is another hint.
Here is the log in case someone can help me know what is not setup correctly (I tried initiating the connection a few times). Thanks for your help.
Wed May 16 11:24:19 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Wed May 16 11:24:19 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:24:20 2012 LZO compression initialized
Wed May 16 11:24:20 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:24:20 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:24:20 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:24:20 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:24:20 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:24:20 2012 UDPv4 link local: [undef]
Wed May 16 11:24:20 2012 UDPv4 link remote: 50.29.226.19:1194
Wed May 16 11:25:20 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 16 11:25:20 2012 TLS Error: TLS handshake failed
Wed May 16 11:25:20 2012 TCP/UDP: Closing socket
Wed May 16 11:25:20 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed May 16 11:25:20 2012 Restart pause, 2 second(s)
Wed May 16 11:25:22 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:25:22 2012 Re-using SSL/TLS context
Wed May 16 11:25:22 2012 LZO compression initialized
Wed May 16 11:25:22 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:25:22 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:25:24 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:25:24 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:25:24 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:25:24 2012 UDPv4 link local: [undef]
Wed May 16 11:25:24 2012 UDPv4 link remote: 50.29.226.19:1194
Wed May 16 11:26:24 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 16 11:26:24 2012 TLS Error: TLS handshake failed
Wed May 16 11:26:24 2012 TCP/UDP: Closing socket
Wed May 16 11:26:24 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed May 16 11:26:24 2012 Restart pause, 2 second(s)
Wed May 16 11:26:26 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:26:26 2012 Re-using SSL/TLS context
Wed May 16 11:26:26 2012 LZO compression initialized
Wed May 16 11:26:26 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:26:26 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:26:27 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:26:27 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:26:27 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:26:27 2012 UDPv4 link local: [undef]
Wed May 16 11:26:27 2012 UDPv4 link remote: 50.29.226.19:1194
Wed May 16 11:27:27 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 16 11:27:27 2012 TLS Error: TLS handshake failed
Wed May 16 11:27:27 2012 TCP/UDP: Closing socket
Wed May 16 11:27:27 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed May 16 11:27:27 2012 Restart pause, 2 second(s)
Wed May 16 11:27:29 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:27:29 2012 Re-using SSL/TLS context
Wed May 16 11:27:29 2012 LZO compression initialized
Wed May 16 11:27:29 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:27:29 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:27:30 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:27:30 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:27:30 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:27:30 2012 UDPv4 link local: [undef]
Wed May 16 11:27:30 2012 UDPv4 link remote: 50.29.226.19:1194
Wed May 16 11:28:29 2012 TCP/UDP: Closing socket
Wed May 16 11:28:29 2012 SIGTERM[hard,] received, process exiting
Wed May 16 11:28:30 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Wed May 16 11:28:30 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:28:30 2012 LZO compression initialized
Wed May 16 11:28:30 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:28:30 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:28:30 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:28:30 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:28:30 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:28:30 2012 UDPv4 link local: [undef]
Wed May 16 11:28:30 2012 UDPv4 link remote: 50.29.226.19:1194
Wed May 16 11:29:30 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 16 11:29:30 2012 TLS Error: TLS handshake failed
Wed May 16 11:29:30 2012 TCP/UDP: Closing socket
Wed May 16 11:29:30 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed May 16 11:29:30 2012 Restart pause, 2 second(s)
Wed May 16 11:29:32 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:29:32 2012 Re-using SSL/TLS context
Wed May 16 11:29:32 2012 LZO compression initialized
Wed May 16 11:29:32 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:29:32 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:29:33 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:29:33 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:29:33 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:29:33 2012 UDPv4 link local: [undef]
Wed May 16 11:29:33 2012 UDPv4 link remote: 50.29.226.19:1194
Wed May 16 11:30:33 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 16 11:30:33 2012 TLS Error: TLS handshake failed
Wed May 16 11:30:33 2012 TCP/UDP: Closing socket
Wed May 16 11:30:33 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed May 16 11:30:33 2012 Restart pause, 2 second(s)
Wed May 16 11:30:35 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 16 11:30:35 2012 Re-using SSL/TLS context
Wed May 16 11:30:35 2012 LZO compression initialized
Wed May 16 11:30:35 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 16 11:30:35 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 16 11:30:36 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 16 11:30:36 2012 Local Options hash (VER=V4): '41690919'
Wed May 16 11:30:36 2012 Expected Remote Options hash (VER=V4): '530fdded'
Wed May 16 11:30:36 2012 UDPv4 link local: [undef]
Wed May 16 11:30:36 2012 UDPv4 link remote: 50.29.226.19:1194
Can't connect to VPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Can't connect to VPN
Repeated
shows that your router is not accesible. Look in the correct configuration of the router. DD-WRT usually opens the VPN port incomminc, when activating OpnVPN. To be sure, use "iptables -L -v". For now, your router by IP from the log is not accesible by anymeaning.TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
-
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Mar 29, 2012 12:11 pm
Re: Can't connect to VPN
Hello, hope I don't come off as high jacking this thread... but I am having the same exact issue and have been unable to find a solution by searching the forums. I set up my VPN on my router as the server and the client software on my computer. I was able to successfully connect for about a month and then it randomly was unable too. I restarted router, checked everything. I even changed the port from 1194 on both client and server to 443 and still had issues.
I ran the iptables command and this is what prints out.
Please let me know if this is ok to post here, or if I should make a new thread.
I ran the iptables command and this is what prints out.
Code: Select all
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- tun0 any anywhere anywhere
8 336 ACCEPT udp -- any any anywhere anywhere udp dpt:1194
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:1194
2527 204K ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:1194
0 0 ACCEPT 0 -- tun0 any anywhere anywhere
0 0 DROP udp -- vlan2 any anywhere anywhere udp dpt:route
0 0 DROP udp -- br0 any anywhere anywhere udp dpt:route
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:route
0 0 logaccept tcp -- any any anywhere NehmiaWRT tcp dpt:https
1 48 logaccept tcp -- any any anywhere NehmiaWRT tcp dpt:ssh
0 0 ACCEPT icmp -- vlan2 any anywhere anywhere
27 864 ACCEPT igmp -- any any anywhere anywhere
0 0 ACCEPT udp -- vlan2 any anywhere anywhere udp dpt:5060
0 0 ACCEPT 0 -- lo any anywhere anywhere state NEW
577 62503 logaccept 0 -- br0 any anywhere anywhere state NEW
131 34510 DROP 0 -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 152 ACCEPT tcp -- any any anywhere iPad.hsd1.va.comcast.net tcp dpt:25018
2 119 ACCEPT udp -- any any anywhere iPad.hsd1.va.comcast.net udp dpt:25018
0 0 ACCEPT 0 -- any tun0 anywhere anywhere
0 0 ACCEPT 0 -- tun0 any anywhere anywhere
0 0 ACCEPT 0 -- tun0 br0 anywhere anywhere
0 0 ACCEPT 0 -- br0 tun0 anywhere anywhere
0 0 ACCEPT 0 -- any any 172.16.66.0/24 anywhere
0 0 ACCEPT gre -- any vlan2 10.0.1.0/24 anywhere
0 0 ACCEPT tcp -- any vlan2 10.0.1.0/24 anywhere tcp dpt:1723
0 0 ACCEPT 0 -- tun0 any anywhere anywhere
0 0 ACCEPT 0 -- any tun0 anywhere anywhere
0 0 ACCEPT 0 -- br0 br0 anywhere anywhere
521 27268 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
134K 129M lan2wan 0 -- any any anywhere anywhere
133K 129M ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT udp -- vlan2 any anywhere base-address.mcast.net/4 udp
0 0 ACCEPT udp -- any any anywhere 10.0.1.99 udp dpt:64409
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64526
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64047
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:58518
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:61780
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:54443
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:54488
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:55353
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:54518
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64886
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:62976
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:56318
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:50981
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:58961
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:53082
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64853
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:59807
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:53441
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:50242
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:54953
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:58232
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:63398
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:61506
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:62644
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:53380
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:56655
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64042
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:62068
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:58128
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:57614
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:55725
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:56147
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:53591
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:50442
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:56840
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:62577
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:58544
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64783
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:52698
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:57133
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:64743
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:53507
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:65068
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:59635
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:55516
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:55762
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:55385
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:53668
0 0 ACCEPT udp -- any any anywhere 10.0.1.3 udp dpt:57516
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:65283
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:echo
0 0 ACCEPT tcp -- any any anywhere 10.0.1.2 tcp dpt:64738
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:64738
0 0 ACCEPT tcp -- any any anywhere 10.0.1.2 tcp dpt:7777
0 0 ACCEPT udp -- any any anywhere 10.0.1.2 udp dpt:7777
0 0 TRIGGER 0 -- vlan2 br0 anywhere anywhere TRIGGER type:in match:0 relate:0
726 52776 trigger_out 0 -- br0 any anywhere anywhere
662 49748 ACCEPT 0 -- br0 any anywhere anywhere state NEW
64 3028 DROP 0 -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 4463 packets, 3680K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (3 references)
pkts bytes target prot opt in out source destination
578 62551 LOG 0 -- any any anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
578 62551 ACCEPT 0 -- any any anywhere anywhere
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- any any anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
0 0 LOG 0 -- any any anywhere anywhere state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
0 0 DROP 0 -- any any anywhere anywhere
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- any any anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `WEBDROP '
0 0 REJECT tcp -- any any anywhere anywhere tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination