Question on OpenVPN configuration
Posted: Mon Feb 18, 2013 4:08 am
I am new in the forum, so please forgive me if I post some stupid question.
I have my server configured with protocol UDP on port 443 and my client can connect successfully.
However when I switch to protocol TCP, then the connection can not be established and the motion reconnection is executed continuously. I do not know where is the question. Thanks for providing me some idea. Here is my message on server.
Mon Feb 18 11:23:57 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan 8 2013
Enter Management Password:
Mon Feb 18 11:23:57 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Feb 18 11:23:57 2013 Need hold release from management interface, waiting...
Mon Feb 18 11:23:57 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'state on'
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'log all on'
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'hold off'
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'hold release'
Mon Feb 18 11:23:57 2013 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Mon Feb 18 11:23:57 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Feb 18 11:23:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 18 11:23:58 2013 Diffie-Hellman initialized with 1024 bit key
Mon Feb 18 11:23:58 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 11:23:58 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Feb 18 11:23:58 2013 MANAGEMENT: >STATE:1361157838,ASSIGN_IP,,192.168.3.1,
Mon Feb 18 11:23:58 2013 open_tun, tt->ipv6=0
Mon Feb 18 11:23:58 2013 TAP-WIN32 device [區域連線 5] opened: \\.\Global\{56011A5F-263C-4F8C-8D79-E9DDFE239021}.tap
Mon Feb 18 11:23:58 2013 TAP-Windows Driver Version 9.9
Mon Feb 18 11:23:58 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.3.1/255.255.255.252 on interface {56011A5F-263C-4F8C-8D79-E9DDFE239021} [DHCP-serv: 192.168.3.2, lease-time: 31536000]
Mon Feb 18 11:23:58 2013 Sleeping for 10 seconds...
Mon Feb 18 11:24:08 2013 Successful ARP Flush on interface [131074] {56011A5F-263C-4F8C-8D79-E9DDFE239021}
Mon Feb 18 11:24:08 2013 MANAGEMENT: >STATE:1361157848,ADD_ROUTES,,,
Mon Feb 18 11:24:08 2013 C:\SERVER\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 192.168.3.2
Mon Feb 18 11:24:08 2013 Route addition via IPAPI succeeded [adaptive]
Mon Feb 18 11:24:08 2013 Listening for incoming TCP connection on [AF_INET]192.168.1.118:443
Mon Feb 18 11:24:08 2013 TCPv4_SERVER link local (bound): [AF_INET]192.168.1.118:443
Mon Feb 18 11:24:08 2013 TCPv4_SERVER link remote: [undef]
Mon Feb 18 11:24:08 2013 MULTI: multi_init called, r=256 v=256
Mon Feb 18 11:24:08 2013 IFCONFIG POOL: base=192.168.3.4 size=62, ipv6=0
Mon Feb 18 11:24:08 2013 IFCONFIG POOL LIST
Mon Feb 18 11:24:08 2013 MULTI: TCP INIT maxclients=10 maxevents=14
Mon Feb 18 11:24:08 2013 Initialization Sequence Completed
Mon Feb 18 11:24:08 2013 MANAGEMENT: >STATE:1361157848,CONNECTED,SUCCESS,192.168.3.1,
and the brief configuration on server:
local 192.168.1.118
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
The message shown at Client:
Mon Feb 18 11:42:50 2013 NOTE:OpenVPN 2.1 requires '--script-security 2 or higher to call user-defined scirpt or executables'
Mon Feb 18 11:42:50 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 11:42:50 2013 Attempting to establish TCP connection with [AF_INET] x.x.x.x:443
Mon Feb 18 11:42:50 2013 MANAGEMENT:>STATE:1361159112,TCP_CONNECT
Mon Feb 18 11:42:50 2013 TCP Connection established with [AF_INET] x.x.x.x:443
Mon Feb 18 11:42:50 2013 TCPv4_CLIENT link local: [undef]
Mon Feb 18 11:42:50 2013 TCPv4_CLIENT link remote: [AF_INET] x.x.x.x:443
Mon Feb 18 11:42:50 2013 MANAGEMENT:>STATE:1361159112,WAIT
Mon Feb 18 11:42:50 2013 Connection reset, restarting [0]
Mon Feb 18 11:42:50 2013 SIGUSR1[soft,connection-reset] received, process restarting
Mon Feb 18 11:42:50 2013 MANAGEMENT:>STATE:1361159112,RECONNECTING, connection-reset..
Mon Feb 18 11:42:50 2013 Restart pause, 5 second(s)
Configuration on client:
client
dev tun
proto tcp
remote x.x.x.x 443
ca ca.crt
cert client1.crt
key client1.key
I have my server configured with protocol UDP on port 443 and my client can connect successfully.
However when I switch to protocol TCP, then the connection can not be established and the motion reconnection is executed continuously. I do not know where is the question. Thanks for providing me some idea. Here is my message on server.
Mon Feb 18 11:23:57 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan 8 2013
Enter Management Password:
Mon Feb 18 11:23:57 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Feb 18 11:23:57 2013 Need hold release from management interface, waiting...
Mon Feb 18 11:23:57 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'state on'
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'log all on'
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'hold off'
Mon Feb 18 11:23:57 2013 MANAGEMENT: CMD 'hold release'
Mon Feb 18 11:23:57 2013 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Mon Feb 18 11:23:57 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Feb 18 11:23:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 18 11:23:58 2013 Diffie-Hellman initialized with 1024 bit key
Mon Feb 18 11:23:58 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 11:23:58 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Feb 18 11:23:58 2013 MANAGEMENT: >STATE:1361157838,ASSIGN_IP,,192.168.3.1,
Mon Feb 18 11:23:58 2013 open_tun, tt->ipv6=0
Mon Feb 18 11:23:58 2013 TAP-WIN32 device [區域連線 5] opened: \\.\Global\{56011A5F-263C-4F8C-8D79-E9DDFE239021}.tap
Mon Feb 18 11:23:58 2013 TAP-Windows Driver Version 9.9
Mon Feb 18 11:23:58 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.3.1/255.255.255.252 on interface {56011A5F-263C-4F8C-8D79-E9DDFE239021} [DHCP-serv: 192.168.3.2, lease-time: 31536000]
Mon Feb 18 11:23:58 2013 Sleeping for 10 seconds...
Mon Feb 18 11:24:08 2013 Successful ARP Flush on interface [131074] {56011A5F-263C-4F8C-8D79-E9DDFE239021}
Mon Feb 18 11:24:08 2013 MANAGEMENT: >STATE:1361157848,ADD_ROUTES,,,
Mon Feb 18 11:24:08 2013 C:\SERVER\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 192.168.3.2
Mon Feb 18 11:24:08 2013 Route addition via IPAPI succeeded [adaptive]
Mon Feb 18 11:24:08 2013 Listening for incoming TCP connection on [AF_INET]192.168.1.118:443
Mon Feb 18 11:24:08 2013 TCPv4_SERVER link local (bound): [AF_INET]192.168.1.118:443
Mon Feb 18 11:24:08 2013 TCPv4_SERVER link remote: [undef]
Mon Feb 18 11:24:08 2013 MULTI: multi_init called, r=256 v=256
Mon Feb 18 11:24:08 2013 IFCONFIG POOL: base=192.168.3.4 size=62, ipv6=0
Mon Feb 18 11:24:08 2013 IFCONFIG POOL LIST
Mon Feb 18 11:24:08 2013 MULTI: TCP INIT maxclients=10 maxevents=14
Mon Feb 18 11:24:08 2013 Initialization Sequence Completed
Mon Feb 18 11:24:08 2013 MANAGEMENT: >STATE:1361157848,CONNECTED,SUCCESS,192.168.3.1,
and the brief configuration on server:
local 192.168.1.118
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
The message shown at Client:
Mon Feb 18 11:42:50 2013 NOTE:OpenVPN 2.1 requires '--script-security 2 or higher to call user-defined scirpt or executables'
Mon Feb 18 11:42:50 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 11:42:50 2013 Attempting to establish TCP connection with [AF_INET] x.x.x.x:443
Mon Feb 18 11:42:50 2013 MANAGEMENT:>STATE:1361159112,TCP_CONNECT
Mon Feb 18 11:42:50 2013 TCP Connection established with [AF_INET] x.x.x.x:443
Mon Feb 18 11:42:50 2013 TCPv4_CLIENT link local: [undef]
Mon Feb 18 11:42:50 2013 TCPv4_CLIENT link remote: [AF_INET] x.x.x.x:443
Mon Feb 18 11:42:50 2013 MANAGEMENT:>STATE:1361159112,WAIT
Mon Feb 18 11:42:50 2013 Connection reset, restarting [0]
Mon Feb 18 11:42:50 2013 SIGUSR1[soft,connection-reset] received, process restarting
Mon Feb 18 11:42:50 2013 MANAGEMENT:>STATE:1361159112,RECONNECTING, connection-reset..
Mon Feb 18 11:42:50 2013 Restart pause, 5 second(s)
Configuration on client:
client
dev tun
proto tcp
remote x.x.x.x 443
ca ca.crt
cert client1.crt
key client1.key