Not connecting to VPN server.
Posted: Tue Jul 03, 2012 11:58 am
Hi,
I hope I'm on the right forum here, I'm a Linux and Openvpn newbie so go easy on me.
I've Decided to install a VPN on our internal systems to replace the Windows VPN server. I've followed this link http://www.scribd.com/doc/92218110/Inst ... -on-Ubuntu in PDF which is a very well
document done by this person.
Server
I've Installed the openvpn as per documentation and everything went fine no errors whatsoever. The openvpn is installed on Ubuntu 12.04
The configuration for the Network, server certs and client certs have configured as instructed.
Client
I've install openvpn gui client since I'm on windows and as per here under is the client config. X.X.X.X replaced by the Wan IP
client
dev tap0
proto udp #- protocol
remote x.x.x.x 1195 #- SERVER IP and OPENVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
firewall
As a firewall we have installed PFSense on our farm which is a very good firewall.
I've nat forward port 1195 to the internal VPN server IP 192.168.175.19. As protocol I'm using UDP.
Problem
The problem is that when I try to connect I'm getting this error from the client log a per here under. And again the x.x.x.x is replaced by the WAN IP
This seems to be a very common error and most of the users are pointing to the firewall and iptables to resolve this issue.
To be on he safe side since I'm no iptables expert I've disabled completely the firewall in Ubuntu. But still getting the same log message.
Can I get some help on this one, if this is not informative to you and you require some more information please let me know.
Tue Jul 03 12:49:01 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Jul 03 12:49:05 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Jul 03 12:49:05 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 03 12:49:05 2012 LZO compression initialized
Tue Jul 03 12:49:05 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 03 12:49:05 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jul 03 12:49:05 2012 Local Options hash (VER=V4): 'd79ca330'
Tue Jul 03 12:49:05 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Jul 03 12:49:05 2012 UDPv4 link local: [undef]
Tue Jul 03 12:49:05 2012 UDPv4 link remote: x.x.x.x:1195
Tue Jul 03 12:49:05 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:07 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:10 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:12 2012 TCP/UDP: Closing socket
Tue Jul 03 12:49:12 2012 SIGTERM[hard,] received, process exiting
Thanks regards,
Brian
I hope I'm on the right forum here, I'm a Linux and Openvpn newbie so go easy on me.
I've Decided to install a VPN on our internal systems to replace the Windows VPN server. I've followed this link http://www.scribd.com/doc/92218110/Inst ... -on-Ubuntu in PDF which is a very well
document done by this person.
Server
I've Installed the openvpn as per documentation and everything went fine no errors whatsoever. The openvpn is installed on Ubuntu 12.04
The configuration for the Network, server certs and client certs have configured as instructed.
Client
I've install openvpn gui client since I'm on windows and as per here under is the client config. X.X.X.X replaced by the Wan IP
client
dev tap0
proto udp #- protocol
remote x.x.x.x 1195 #- SERVER IP and OPENVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
firewall
As a firewall we have installed PFSense on our farm which is a very good firewall.
I've nat forward port 1195 to the internal VPN server IP 192.168.175.19. As protocol I'm using UDP.
Problem
The problem is that when I try to connect I'm getting this error from the client log a per here under. And again the x.x.x.x is replaced by the WAN IP
This seems to be a very common error and most of the users are pointing to the firewall and iptables to resolve this issue.
To be on he safe side since I'm no iptables expert I've disabled completely the firewall in Ubuntu. But still getting the same log message.
Can I get some help on this one, if this is not informative to you and you require some more information please let me know.
Tue Jul 03 12:49:01 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Jul 03 12:49:05 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Jul 03 12:49:05 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 03 12:49:05 2012 LZO compression initialized
Tue Jul 03 12:49:05 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 03 12:49:05 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jul 03 12:49:05 2012 Local Options hash (VER=V4): 'd79ca330'
Tue Jul 03 12:49:05 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Jul 03 12:49:05 2012 UDPv4 link local: [undef]
Tue Jul 03 12:49:05 2012 UDPv4 link remote: x.x.x.x:1195
Tue Jul 03 12:49:05 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:07 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:10 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Jul 03 12:49:12 2012 TCP/UDP: Closing socket
Tue Jul 03 12:49:12 2012 SIGTERM[hard,] received, process exiting
Thanks regards,
Brian
- can you - for the purpose of debugging - disable most of the firewalling on the pfsense box?