OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

unable to connect to vpn network

https://forums.openvpn.net/viewtopic.php?t=7357

Page 1 of 1

unable to connect to vpn network

Posted: Sat Dec 04, 2010 1:15 pm
by silverlight
Hi everyone! :)

i have a weird problem...

First to tell, i am pretty new to VPN. I am using the VHD version, running in Virtualbox and i am trying to interconnect two Win7 machines. The NIC of the AS-VM is configured as bridged and its IP is 10.0.0.3/24. As almost everyone i am sitting behind a NAT router with a simple packet filter firewall (a combined device from my provider O2). I ´ve configured the NAT to forward the ports 443/tcp and 1194/udp to my access server on 10.0.0.3/24 and the firewall to allow these incoming ports - so far so good...

My local LAN is 10.0.0.0/24, the router is on 10.0.0.1/24, serving DHCP, the AS is on 10.0.0.3/24 and the remote location has a 192.168.1.0/24 local network. The VPN mode is set to bridged. Now the weird thing is, that i am able to login to the client web server from the remote location, download the msi-package, connect to the vpn server from the client to download the server-locked profile but i if i want to connect to it, its getting stucked at "connecting...". From my internal LAN all works fine.

I started investigating the problem by examining the log files of my router, client and AS server...
In the firewall log of my router i found something like

Code: Select all

# message  # source  # destination  # action
Firewall session time out, sent TCP RST: TCP   10.0.0.3:443   <remote-public-ip>:50746   ACCESS PERMITTED
Firewall session time out, sent TCP RST: TCP   <remote-public-ip>:50746   10.0.0.3:443   ACCESS PERMITTED
right after the connection attempt. This sounds strange to me...

here is my client log from that connection attempt.

Code: Select all

Sat Dec 04 13:24:21 2010 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Sat Dec 04 13:24:21 2010 MANAGEMENT: Connected to management server at 127.0.0.1:47792
Sat Dec 04 13:24:21 2010 MANAGEMENT: CMD 'log on'
Sat Dec 04 13:24:21 2010 MANAGEMENT: CMD 'state on'
Sat Dec 04 13:24:21 2010 MANAGEMENT: CMD 'echo on'
Sat Dec 04 13:24:21 2010 MANAGEMENT: CMD 'bytecount 5'
Sat Dec 04 13:24:21 2010 MANAGEMENT: CMD 'hold off'
Sat Dec 04 13:24:21 2010 MANAGEMENT: CMD 'hold release'
Sat Dec 04 13:24:26 2010 MANAGEMENT: CMD 'username "Auth" "frank"'
Sat Dec 04 13:24:26 2010 MANAGEMENT: CMD 'password [...]'
Sat Dec 04 13:24:26 2010 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 04 13:24:26 2010 Control Channel Authentication: tls-auth using INLINE static key file
Sat Dec 04 13:24:26 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:26 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:26 2010 LZO compression initialized
Sat Dec 04 13:24:26 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 04 13:24:26 2010 Socket Buffers: R=[8192->100000] S=[8192->100000]
Sat Dec 04 13:24:26 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Dec 04 13:24:26 2010 Local Options hash (VER=V4): '13a273ba'
Sat Dec 04 13:24:26 2010 Expected Remote Options hash (VER=V4): '360696c5'
Sat Dec 04 13:24:26 2010 UDPv4 link local: [undef]
Sat Dec 04 13:24:26 2010 UDPv4 link remote: 10.0.0.3:1194
Sat Dec 04 13:24:26 2010 MANAGEMENT: >STATE:1291465466,WAIT,,,
Sat Dec 04 13:24:30 2010 Server poll timeout, restarting
Sat Dec 04 13:24:30 2010 TCP/UDP: Closing socket
Sat Dec 04 13:24:30 2010 SIGUSR1[soft,server_poll] received, process restarting
Sat Dec 04 13:24:30 2010 MANAGEMENT: >STATE:1291465470,RECONNECTING,server_poll,,
Sat Dec 04 13:24:30 2010 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 04 13:24:30 2010 Control Channel Authentication: tls-auth using INLINE static key file
Sat Dec 04 13:24:30 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:30 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:30 2010 LZO compression initialized
Sat Dec 04 13:24:30 2010 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sat Dec 04 13:24:30 2010 Socket Buffers: R=[8192->100000] S=[8192->100000]
Sat Dec 04 13:24:30 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Dec 04 13:24:30 2010 Local Options hash (VER=V4): 'e39a3273'
Sat Dec 04 13:24:30 2010 Expected Remote Options hash (VER=V4): '3c14feac'
Sat Dec 04 13:24:30 2010 Attempting to establish TCP connection with 10.0.0.3:443
Sat Dec 04 13:24:30 2010 MANAGEMENT: >STATE:1291465470,TCP_CONNECT,,,
Sat Dec 04 13:24:51 2010 TCP: connect to 10.0.0.3:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Sat Dec 04 13:24:51 2010 SIGUSR1[soft,init_instance] received, process restarting
Sat Dec 04 13:24:51 2010 MANAGEMENT: >STATE:1291465491,RECONNECTING,init_instance,,
Sat Dec 04 13:24:51 2010 Restart pause, 1 second(s)
Sat Dec 04 13:24:52 2010 MANAGEMENT: CMD 'http-proxy-fallback-disable'
Sat Dec 04 13:24:53 2010 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 04 13:24:53 2010 Control Channel Authentication: tls-auth using INLINE static key file
Sat Dec 04 13:24:53 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:53 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:53 2010 LZO compression initialized
Sat Dec 04 13:24:53 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 04 13:24:53 2010 Socket Buffers: R=[8192->100000] S=[8192->100000]
Sat Dec 04 13:24:53 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Dec 04 13:24:53 2010 Local Options hash (VER=V4): '13a273ba'
Sat Dec 04 13:24:53 2010 Expected Remote Options hash (VER=V4): '360696c5'
Sat Dec 04 13:24:53 2010 UDPv4 link local: [undef]
Sat Dec 04 13:24:53 2010 UDPv4 link remote: 10.0.0.3:1194
Sat Dec 04 13:24:53 2010 MANAGEMENT: >STATE:1291465493,WAIT,,,
Sat Dec 04 13:24:57 2010 Server poll timeout, restarting
Sat Dec 04 13:24:57 2010 TCP/UDP: Closing socket
Sat Dec 04 13:24:57 2010 SIGUSR1[soft,server_poll] received, process restarting
Sat Dec 04 13:24:57 2010 MANAGEMENT: >STATE:1291465497,RECONNECTING,server_poll,,
Sat Dec 04 13:24:57 2010 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Dec 04 13:24:57 2010 Control Channel Authentication: tls-auth using INLINE static key file
Sat Dec 04 13:24:57 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:57 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 04 13:24:57 2010 LZO compression initialized
Sat Dec 04 13:24:57 2010 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sat Dec 04 13:24:57 2010 Socket Buffers: R=[8192->100000] S=[8192->100000]
Sat Dec 04 13:24:57 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Dec 04 13:24:57 2010 Local Options hash (VER=V4): 'e39a3273'
Sat Dec 04 13:24:57 2010 Expected Remote Options hash (VER=V4): '3c14feac'
Sat Dec 04 13:24:57 2010 Attempting to establish TCP connection with 10.0.0.3:443
Sat Dec 04 13:24:57 2010 MANAGEMENT: >STATE:1291465497,TCP_CONNECT,,,
Sat Dec 04 13:25:18 2010 TCP: connect to 10.0.0.3:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Sat Dec 04 13:25:18 2010 SIGUSR1[soft,init_instance] received, process restarting
these lines repeating till i close/kill the openvpn-client process.

Sat Dec 04 13:24:51 2010 TCP: connect to 10.0.0.3:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)? hmmm....

i googled and found this.
http://msdn.microsoft.com/en-us/library ... 85%29.aspx
WSAETIMEDOUT

Connection timed out.

A connection attempt failed because the connected party did not properly respond after a period of time, or the established connection failed because the connected host has failed to respond.
why does the client try to connect to 10.0.0.3:443 instead of <public-ip>:443?

oh and in addition on my AS-VM i see the following message, i dont know if this could be a problem.

Code: Select all

asbr0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
i have successfully set up such a AS vhd a few time ago at our office, so why the heck this isn´t working now, i have done nothing different...
i hope you can help me, if you need additional information, just tell me.

so long.

Re: unable to connect to vpn network

Posted: Mon Jan 10, 2011 9:48 pm
by krzee
we dont support AS here, it comes with professional support
topic7036.html
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/