OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[Solved] error when connecting to vpn server

https://forums.openvpn.net/viewtopic.php?t=13817

Page 1 of 1

[Solved] error when connecting to vpn server

Posted: Wed Sep 18, 2013 10:41 am
by coastalpanda
Hiya,

I've been trying to use OpenVPN connect for iPhone but I'm running into an issue where OVPNC refuses to connect to my server; I do have OpenVPN for android and that works perfectly fine, and the same configurations are used between my windows and mac machines as well. To the point, here is the error log I'm getting from OVPNC:

2013-09-18 14:25:09 VERIFY OK: depth=1
cert. version : 3
serial number : BF:76:68:E4:74:0B:CC:D4
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued on : 2010-09-08 17:36:53
expires on : 2020-09-05 17:36:53
signed using : RSA+SHA1
RSA key size : 1024 bits

2013-09-18 14:25:11 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-09-18 14:25:11 Session is ACTIVE
2013-09-18 14:25:12 EVENT: GET_CONFIG
2013-09-18 14:25:12 Sending PUSH_REQUEST to server...
2013-09-18 14:25:12 OPTIONS:
0 [redirect-gateway] [def1]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [dhcp-option] [DNS] [8.8.4.4]
3 [route] [10.9.0.0] [255.255.255.0]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [10.9.0.26] [255.255.255.252]

2013-09-18 14:25:12 LZO-ASYM init swap=0 asym=0
2013-09-18 14:25:12 EVENT: ASSIGN_IP
2013-09-18 14:25:12 TUN Error: tun_builder_error: ifconfig addresses are not in the same /30 subnet (topology net30)
2013-09-18 14:25:12 EVENT: TUN_SETUP_FAILED tun_builder_error: ifconfig addresses are not in the same /30 subnet (topology net30) [ERR]
2013-09-18 14:25:12 EVENT: DISCONNECTED
2013-09-18 14:25:12 Raw stats on disconnect:
BYTES_IN : 4607
BYTES_OUT : 3490
PACKETS_IN : 35
PACKETS_OUT : 35
TUN_SETUP_FAILED : 1
2013-09-18 14:25:12 Performance stats on disconnect:
CPU usage (microseconds): 192145
Network bytes per CPU second: 42140
Tunnel bytes per CPU second: 0
2013-09-18 14:25:12 ----- OpenVPN Stop -----
2013-09-18 14:25:12 EVENT: DISCONNECT_PENDING

My server conf is the following:

cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

client-to-client

cipher BF-CBC
comp-lzo

server 10.9.0.0 255.255.255.0

#push "topology subnet"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

#route 192.168.1.0 255.255.255.0

max-clients 40

client-config-dir /etc/openvpn/ccd

crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem

user nobody
group nogroup
keepalive 10 120
status /etc/openvpn/log/faster-status.log
log /etc/openvpn/log/faster.log
verb 4
mute 20

and the conents of the ccd file that the common name referrers to is (i want my devices to be assigned static ips when connected):

ifconfig-push 10.9.0.26 255.255.255.0

Does anyone know what I'm doing wrong?

Any help would be appreciated.

Thank you all in advance.

Re: error when connecting to vpn server

Posted: Sun Sep 22, 2013 7:42 am
by coastalpanda
Hi debbie10t

I tried doing the following in my server configuration (uncommented the topology subnet):


cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

client-to-client

cipher BF-CBC
comp-lzo

server 10.9.0.0 255.255.255.0

push "topology subnet"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

max-clients 40

client-config-dir /etc/openvpn/ccd

crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem

user nobody
group nogroup
keepalive 10 120
status /etc/openvpn/log/faster-status.log
log /etc/openvpn/log/faster.log
verb 4
mute 20

My client config looks like this :

remote x.x.x.x 8757
pull
tls-client
ns-cert-type server
tls-auth ta.key 1
persist-key
ca ca.crt
proto udp
redirect-gateway def1
nobind
cert cert.crt
comp-lzo
dev tun
key key.key
cipher BF-CBC
resolv-retry infinite

And the CCD has stayed the same:

ifconfig-push 10.9.0.26 255.255.255.0

Yet I'm still not able to connect, openvpn connect gives me the following error:

2013-09-22 10:53:53 ----- OpenVPN Start -----
2013-09-22 10:53:53 LZO-ASYM init swap=0 asym=0
2013-09-22 10:53:53 EVENT: RESOLVE
2013-09-22 10:53:53 Contacting x.x.x.x:8757 via UDP
2013-09-22 10:53:53 EVENT: WAIT
2013-09-22 10:53:53 Connecting to x.x.x.x:8757 (x.x.x.x) via UDPv4
2013-09-22 10:53:53 EVENT: CONNECTING
2013-09-22 10:53:53 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2013-09-22 10:53:53 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-09-22 10:53:55 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=me@myhost.mydomain
issued on : 2010-09-08 17:37:25
expires on : 2020-09-05 17:37:25
signed using : RSA+SHA1
RSA key size : 1024 bits

2013-09-22 10:53:55 VERIFY OK: depth=1
cert. version : 3
serial number : BF:76:68:E4:74:0B:CC:D4
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued on : 2010-09-08 17:36:53
expires on : 2020-09-05 17:36:53
signed using : RSA+SHA1
RSA key size : 1024 bits

2013-09-22 10:53:57 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-09-22 10:53:57 Session is ACTIVE
2013-09-22 10:53:58 EVENT: GET_CONFIG
2013-09-22 10:53:58 Sending PUSH_REQUEST to server...
2013-09-22 10:53:59 OPTIONS:
0 [redirect-gateway] [def1]
1 [topology] [subnet]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.9.0.0] [255.255.255.0]
5 [topology] [net30] <--- where does this come from?
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.9.0.26] [255.255.255.0]

2013-09-22 10:53:59 LZO-ASYM init swap=0 asym=0
2013-09-22 10:53:59 EVENT: ASSIGN_IP
2013-09-22 10:53:59 TUN Error: option_error: more than one instance of option 'topology' with inconsistent argument(s)
2013-09-22 10:53:59 EVENT: TUN_SETUP_FAILED option_error: more than one instance of option 'topology' with inconsistent argument(s) [ERR]
2013-09-22 10:53:59 EVENT: DISCONNECTED
2013-09-22 10:53:59 Raw stats on disconnect:
BYTES_IN : 4716
BYTES_OUT : 3490
PACKETS_IN : 36
PACKETS_OUT : 35
TUN_SETUP_FAILED : 1
2013-09-22 10:53:59 Performance stats on disconnect:
CPU usage (microseconds): 192208
Network bytes per CPU second: 42693
Tunnel bytes per CPU second: 0
2013-09-22 10:53:59 ----- OpenVPN Stop -----
2013-09-22 10:53:59 EVENT: DISCONNECT_PENDING

My iOS device is jailbroken and this configuration works well with guizmovpn, but doesn't seem to go through with OVPNC. I'm not sure where OVPNC is pulling trying to set the topology to net30 when I haven't specified it to do so...

Thanks again for following up.

Re: error when connecting to vpn server

Posted: Thu Sep 26, 2013 12:05 pm
by coastalpanda
Hello again, configs are requested:

Server config (I commented out the client-config-dir setting):

Code: Select all

mode server
tls-server

local x.x.x.x
port 8757
proto udp

dev tun

client-to-client
#client-config-dir /etc/openvpn/ccd-tcp

persist-key
persist-tun

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

cipher BF-CBC
comp-lzo

server 10.9.0.0 255.255.255.0

push "topology subnet"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

max-clients 40

crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem

user nobody
group nogroup
keepalive 10 120
status /etc/openvpn/log/compatible-status.log
log /etc/openvpn/log/faster.log
verb 4
mute 20
Client config:

Code: Select all

remote x.x.x.x 8757
pull
tls-client
ns-cert-type server
tls-auth ta.key 1
persist-key
ca ca.crt
proto udp
redirect-gateway def1
nobind
cert cert.crt
comp-lzo
dev tun
key key.key
cipher BF-CBC
resolv-retry infinite
and here are my attempts to connect after restarting the openvpn daemon on my server after commenting out the CCD lines:

Code: Select all

2013-09-26 15:53:32 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=me@myhost.mydomain
issued  on    : 2010-09-08 17:37:25
expires on    : 2020-09-05 17:37:25
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-09-26 15:53:32 VERIFY OK: depth=1
cert. version : 3
serial number : BF:76:68:E4:74:0B:CC:D4
issuer name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued  on    : 2010-09-08 17:36:53
expires on    : 2020-09-05 17:36:53
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-09-26 15:54:14 Session invalidated
2013-09-26 15:54:14 Client terminated, restarting in 2...
2013-09-26 15:54:16 EVENT: CONNECTION_TIMEOUT [ERR]
2013-09-26 15:54:16 EVENT: DISCONNECTED
2013-09-26 15:54:16 Raw stats on disconnect:
  BYTES_IN : 4344
  BYTES_OUT : 5927
  PACKETS_IN : 34
  PACKETS_OUT : 60
  KEEPALIVE_TIMEOUT : 1
  CONNECTION_TIMEOUT : 1
2013-09-26 15:54:16 Performance stats on disconnect:
  CPU usage (microseconds): 198661
  Network bytes per CPU second: 51701
  Tunnel bytes per CPU second: 0
2013-09-26 15:54:16 ----- OpenVPN Stop -----
2013-09-26 15:54:16 EVENT: DISCONNECT_PENDING
2013-09-26 15:54:23 ----- OpenVPN Start -----
2013-09-26 15:54:23 LZO-ASYM init swap=0 asym=0
2013-09-26 15:54:23 EVENT: RESOLVE
2013-09-26 15:54:23 Contacting x.x.x.x:8757 via UDP
2013-09-26 15:54:23 EVENT: WAIT
2013-09-26 15:54:23 Connecting to x.x.x.x:8757 (x.x.x.x) via UDPv4
2013-09-26 15:54:24 EVENT: CONNECTING
2013-09-26 15:54:24 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2013-09-26 15:54:24 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-09-26 15:54:26 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=me@myhost.mydomain
issued  on    : 2010-09-08 17:37:25
expires on    : 2020-09-05 17:37:25
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-09-26 15:54:26 VERIFY OK: depth=1
cert. version : 3
serial number : BF:76:68:E4:74:0B:CC:D4
issuer name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued  on    : 2010-09-08 17:36:53
expires on    : 2020-09-05 17:36:53
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-09-26 15:54:28 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-09-26 15:54:28 Session is ACTIVE
2013-09-26 15:54:29 EVENT: GET_CONFIG
2013-09-26 15:54:29 Sending PUSH_REQUEST to server...
2013-09-26 15:54:29 OPTIONS:
0 [redirect-gateway] [def1]
1 [topology] [subnet]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.9.0.0] [255.255.255.0]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.9.0.14] [10.9.0.13]

2013-09-26 15:54:29 LZO-ASYM init swap=0 asym=0
2013-09-26 15:54:29 EVENT: ASSIGN_IP
2013-09-26 15:54:29 TUN Error: option_error: more than one instance of option 'topology' with inconsistent argument(s)
2013-09-26 15:54:29 EVENT: TUN_SETUP_FAILED option_error: more than one instance of option 'topology' with inconsistent argument(s) [ERR]
2013-09-26 15:54:29 EVENT: DISCONNECTED
2013-09-26 15:54:29 Raw stats on disconnect:
  BYTES_IN : 4623
  BYTES_OUT : 3490
  PACKETS_IN : 35
  PACKETS_OUT : 35
  TUN_SETUP_FAILED : 1
2013-09-26 15:54:29 Performance stats on disconnect:
  CPU usage (microseconds): 186082
  Network bytes per CPU second: 43599
  Tunnel bytes per CPU second: 0
2013-09-26 15:54:29 ----- OpenVPN Stop -----
2013-09-26 15:54:29 EVENT: DISCONNECT_PENDING
2013-09-26 15:54:57 ----- OpenVPN Start -----
2013-09-26 15:54:57 LZO-ASYM init swap=0 asym=0
2013-09-26 15:54:57 EVENT: RESOLVE
2013-09-26 15:54:57 Contacting x.x.x.x:8757 via UDP
2013-09-26 15:54:57 EVENT: WAIT
2013-09-26 15:54:57 Connecting to x.x.x.x:8757 (x.x.x.x) via UDPv4
2013-09-26 15:54:58 EVENT: CONNECTING
2013-09-26 15:54:58 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2013-09-26 15:54:58 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-09-26 15:55:00 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=me@myhost.mydomain
issued  on    : 2010-09-08 17:37:25
expires on    : 2020-09-05 17:37:25
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-09-26 15:55:00 VERIFY OK: depth=1
cert. version : 3
serial number : BF:76:68:E4:74:0B:CC:D4
issuer name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name  : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued  on    : 2010-09-08 17:36:53
expires on    : 2020-09-05 17:36:53
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-09-26 15:55:02 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-09-26 15:55:02 Session is ACTIVE
2013-09-26 15:55:03 EVENT: GET_CONFIG
2013-09-26 15:55:03 Sending PUSH_REQUEST to server...
2013-09-26 15:55:03 OPTIONS:
0 [redirect-gateway] [def1]
1 [topology] [subnet]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.9.0.0] [255.255.255.0]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.9.0.14] [10.9.0.13]

2013-09-26 15:55:03 LZO-ASYM init swap=0 asym=0
2013-09-26 15:55:03 EVENT: ASSIGN_IP
2013-09-26 15:55:03 TUN Error: option_error: more than one instance of option 'topology' with inconsistent argument(s)
2013-09-26 15:55:03 EVENT: TUN_SETUP_FAILED option_error: more than one instance of option 'topology' with inconsistent argument(s) [ERR]
2013-09-26 15:55:03 EVENT: DISCONNECTED
2013-09-26 15:55:03 Raw stats on disconnect:
  BYTES_IN : 4623
  BYTES_OUT : 3490
  PACKETS_IN : 35
  PACKETS_OUT : 35
  TUN_SETUP_FAILED : 1
2013-09-26 15:55:03 Performance stats on disconnect:
  CPU usage (microseconds): 182092
  Network bytes per CPU second: 44554
  Tunnel bytes per CPU second: 0
2013-09-26 15:55:03 ----- OpenVPN Stop -----
2013-09-26 15:55:03 EVENT: DISCONNECT_PENDING
Thanks again for following up, it's much appreciated :)

Re: error when connecting to vpn server

Posted: Thu Sep 26, 2013 4:32 pm
by coastalpanda
That seems to have done the trick!
Thanks for your help, much appreciated :)

Re: error when connecting to vpn server

Posted: Thu Sep 26, 2013 5:05 pm
by coastalpanda
one less reason to jailbreak my phone now ^_^
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/