Unknow Error (code=122)

[kblack227]

I have created an openvpn server on ubuntu server 16.04 following this guide:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

I have managed to get the service running and managed to connect to it, but after connecting I can not seem to see any network resources

this is the log information I get from the windows client:

Code: Select all

Wed Nov 15 16:32:00 2017 NOTE: --user option is not implemented on Windows
Wed Nov 15 16:32:00 2017 NOTE: --group option is not implemented on Windows
Wed Nov 15 16:32:00 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Wed Nov 15 16:32:00 2017 Windows version 6.1 (Windows 7) 64bit
Wed Nov 15 16:32:00 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Wed Nov 15 16:32:00 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Nov 15 16:32:00 2017 Need hold release from management interface, waiting...
Wed Nov 15 16:32:00 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Nov 15 16:32:00 2017 MANAGEMENT: CMD 'state on'
Wed Nov 15 16:32:00 2017 MANAGEMENT: CMD 'log all on'
Wed Nov 15 16:32:00 2017 MANAGEMENT: CMD 'echo all on'
Wed Nov 15 16:32:00 2017 MANAGEMENT: CMD 'hold off'
Wed Nov 15 16:32:00 2017 MANAGEMENT: CMD 'hold release'
Wed Nov 15 16:32:00 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 15 16:32:00 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 15 16:32:00 2017 MANAGEMENT: >STATE:1510781520,RESOLVE,,,,,,
Wed Nov 15 16:32:00 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]172.73.197.229:1194
Wed Nov 15 16:32:00 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Nov 15 16:32:00 2017 UDP link local: (not bound)
Wed Nov 15 16:32:00 2017 UDP link remote: [AF_INET]172.73.197.229:1194
Wed Nov 15 16:32:00 2017 MANAGEMENT: >STATE:1510781520,WAIT,,,,,,
Wed Nov 15 16:32:01 2017 MANAGEMENT: >STATE:1510781521,AUTH,,,,,,
Wed Nov 15 16:32:01 2017 TLS: Initial packet from [AF_INET]172.73.197.229:1194, sid=588e3d42 8848dbbf
Wed Nov 15 16:32:01 2017 VERIFY OK: depth=1, C=US, ST=NC, L=Mount Holly, O=BrightStar Grill, OU=BrightStar, CN=BrightStar Grill CA, name=BrightStar, emailAddress=Kurt@brightstargrill.com
Wed Nov 15 16:32:01 2017 VERIFY KU OK
Wed Nov 15 16:32:01 2017 Validating certificate extended key usage
Wed Nov 15 16:32:01 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Nov 15 16:32:01 2017 VERIFY EKU OK
Wed Nov 15 16:32:01 2017 VERIFY OK: depth=0, C=US, ST=NC, L=Mount HOlly, O=BrightStar Grill, OU=BrightStar, CN=BrightStar, name=BrightStar, emailAddress=Kurt@brightstargrill.com
Wed Nov 15 16:32:01 2017 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570'
Wed Nov 15 16:32:01 2017 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Wed Nov 15 16:32:01 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Nov 15 16:32:01 2017 [BrightStar] Peer Connection Initiated with [AF_INET]172.73.197.229:1194
Wed Nov 15 16:32:02 2017 MANAGEMENT: >STATE:1510781522,GET_CONFIG,,,,,,
Wed Nov 15 16:32:02 2017 SENT CONTROL [BrightStar]: 'PUSH_REQUEST' (status=1)
Wed Nov 15 16:32:02 2017 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Nov 15 16:32:02 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 15 16:32:02 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 15 16:32:02 2017 OPTIONS IMPORT: route options modified
Wed Nov 15 16:32:02 2017 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Nov 15 16:32:02 2017 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 15 16:32:02 2017 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Nov 15 16:32:02 2017 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 15 16:32:02 2017 interactive service msg_channel=0
Wed Nov 15 16:32:02 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=19 HWADDR=50:46:5d:59:f3:20
Wed Nov 15 16:32:02 2017 open_tun
Wed Nov 15 16:32:02 2017 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{AC7268C5-C10A-43DB-8B52-F671508AF91B}.tap
Wed Nov 15 16:32:02 2017 TAP-Windows Driver Version 9.21 
Wed Nov 15 16:32:02 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {AC7268C5-C10A-43DB-8B52-F671508AF91B} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Nov 15 16:32:02 2017 Successful ARP Flush on interface [27] {AC7268C5-C10A-43DB-8B52-F671508AF91B}
Wed Nov 15 16:32:02 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Nov 15 16:32:02 2017 MANAGEMENT: >STATE:1510781522,ASSIGN_IP,,10.8.0.6,,,,
Wed Nov 15 16:32:07 2017 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Nov 15 16:32:07 2017 MANAGEMENT: >STATE:1510781527,ADD_ROUTES,,,,,,
Wed Nov 15 16:32:07 2017 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Nov 15 16:32:07 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed Nov 15 16:32:07 2017 Route addition via IPAPI succeeded [adaptive]
Wed Nov 15 16:32:07 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Nov 15 16:32:07 2017 Initialization Sequence Completed
Wed Nov 15 16:32:07 2017 MANAGEMENT: >STATE:1510781527,CONNECTED,SUCCESS,10.8.0.6,172.73.197.229,1194,,
Wed Nov 15 16:32:22 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:32:32 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:32:42 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:32:52 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:33:03 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:33:13 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:33:23 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:33:33 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:33:44 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:33:53 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:34:03 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:34:13 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:34:24 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:34:34 2017 write to TUN/TAP : Unknown error (code=122)
Wed Nov 15 16:34:37 2017 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Nov 15 16:34:38 2017 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 15 16:34:38 2017 Closing TUN/TAP interface
Wed Nov 15 16:34:38 2017 TAP: DHCP address released
Wed Nov 15 16:34:38 2017 SIGTERM[hard,] received, process exiting
Wed Nov 15 16:34:38 2017 MANAGEMENT: >STATE:1510781678,EXITING,SIGTERM,,,,,

here is the client config

View OriginalClient Config

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote x.x.x.x 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# ca C:\\Program Files\\OpenVPN\\config\\ca.crt
# cert C:\\Program Files\\OpenVPN\\config\\client1.crt
# key C:\\Program Files\\OpenVPN\\config\\client1.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
key-direction 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-128-CBC
auth SHA256

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

this is in the log file, am I missing something

thanks in advanced for any help

[TinCanTech]

That is your client log so it is a Windows error with the TAP Adapter .. what firewall product do you use ?

[kblack227]

the windows firewall is used, and I also use avast, but I have tried disabling both and neither seem to change the outcome

[TinCanTech]

Try naming the TAP adapter in Network Connections to something like tun0
and then specifying that name in the config file with:

Code: Select all

dev-node tun0

Also, you could try uninstalling Openvpn and Avast and then re-installing Openvpn.
Firewalls like Avast sometimes have problems with openvpn.

[kblack227]

I tried all that except reinstall and none of the seemed to work, however after some research I saw that the comp-lzo was enabled on the server and not on the client. so i commented this our on server config and I am able to access all local resources and ping them as well. but when I try to ping the remote client from another pc on the LAN it times out. a little more about my LAN config. I have a linksys router running DD_WRT (non-vpn edition) doing DHCP. the Ubuntu server is on a static ip of 192.168.2.40 and have set a static route for the 10.8.0.0 to the server ip, when I do a tracert from another pc on the LAN to the remote client this the the output

Code: Select all

C:\Users\Me>tracert 10.8.0.6

Tracing route to 10.8.0.6 over a maximum of 30 hops

  1     1 ms    <1 ms     1 ms  192.168.2.1
  2    <1 ms     1 ms     1 ms  SERVER1001 [192.168.2.40]
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7  ^C
C:\Users\Me>

[rege]

kblack227 You just have solved my problem. Thanks a lot

[mrbobnl]

Same error but the solution was not in here for me. My compression was doing weird things. As soon as i configured the compression right it worked like a sharm again

[cwjs]

Same error but the solution was not in here for me. My compression was doing weird things. As soon as i configured the compression right it worked like a sharm again

Could you please share how you configured the compression ?

[TinCanTech]

You really must not use compression, so remove it.

https://community.openvpn.net/openvpn/wiki/Compression