OpenVPN connection refused

SplendiD · Post by **SplendiD** » Thu Oct 23, 2008 11:45 am

I have some trouble connecting to my home router from work via VPN. I have tried lots of different combinations and used DD-WRT firmware (with OpenVPN) as well as Tomato with different OpenVPN mods, but I still get the same problem.

I tried the VPN at home on the local 192.168.1.1 adress and it works fine, so it's not related to the certificates or the configuration files on neither the client nor the server.

I can connect to the router by SSH, so the home IP is accessible from my work IP -- and I tried lots of different ports (>1024) too.

The firewall script just contains the line "iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT" but i don't know if its working since the line "service start vpnserver1" in the init script doesn't automatically start the VPN server when the router reboots..

When i set the verbosity level to 5 or 6 i get the following error from the client side;

Mon Oct 20 12:49:57 2008 us=968000 UDPv4 WRITE [14] to aaa.bbb.ccc.ddd:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

I checked with 'iptables -L' that the firewall part of the script is working and accepts udp from aywhere to anywhere on the port I specified;

# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:XXXX
DROP 0 -- anywhere anywhere state INVALID
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere xxx.xxx.xxx tcp dpt:XXXX

I can also see (with the 'ps' command) that that the process is running;

PID Uid VmSize Stat Command
315 root 1988 S /etc/openvpn/vpnserver1 --config /etc/openvpn/server1.ov

My server side configuration looks like this;

mode server
proto udp
port xxxx
dev tap21
keepalive 15 60
daemon
verb 3
comp-lzo
client-to-client
duplicate-cn
tls-server
ca /etc/openvpn/server1-ca.crt
dh /etc/openvpn/server1-dh.pem
cert /etc/openvpn/server1.crt
key /etc/openvpn/server1.key
status-version 2
status /etc/openvpn/server1.status

and the client side looks like this;

remote my.dyndns.adress xxxx
client
dev tap
proto udp
resolv-retry infinite
persist-key
persist-tun
ns-cert-type server
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 6

The only thing that shows up in the server log is that the service started OK, nothing when I'm trying to connect..

Oct 21 11:26:40 bdl daemon.notice openvpn[1927]: OpenVPN 2.1_rc12 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Oct 13 2008
Oct 21 11:26:40 bdl daemon.notice openvpn[1927]: Diffie-Hellman initialized with 1024 bit key
Oct 21 11:26:40 bdl daemon.notice openvpn[1927]: TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Oct 21 11:26:40 bdl daemon.notice openvpn[1927]: TUN/TAP device tap21 opened
Oct 21 11:26:40 bdl daemon.notice openvpn[1927]: TUN/TAP TX queue length set to 100
Oct 21 11:26:40 bdl daemon.notice openvpn[1927]: Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Oct 21 11:26:40 bdl daemon.notice openvpn[1929]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Oct 21 11:26:40 bdl daemon.notice openvpn[1929]: UDPv4 link local (bound): [undef]xxx
Oct 21 11:26:40 bdl daemon.notice openvpn[1929]: UDPv4 link remote: [undef]
Oct 21 11:26:40 bdl daemon.notice openvpn[1929]: MULTI: multi_init called, r=256 v=256
Oct 21 11:26:40 bdl daemon.notice openvpn[1929]: Initialization Sequence Completed

Anyone had a similar problem and know what to do next?

Post by **krzee** » Thu Oct 23, 2008 5:28 pm

talked to you in the IRC channel, turns out you were trying to use bridging when routed was better for you (often the case).
Try my sample configs for routing and please report back how it goes.