Need help configuring your VPN? Just post here and you'll get that help.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
hansaplast
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Dec 07, 2010 3:10 pm
Post
by hansaplast » Thu Feb 03, 2011 9:20 pm
I have two firewalls. Both running on a different IP.
I forward udp openvpn traffic to a OpenVpn server on the LAN.
When connecting via fw1.domain.dom to the OpenVpn it works fine. However if I change my client config from "remote fw1.domain.dom" to "remote fw2.domain.dom" The connection hangs at:
Code: Select all
Thu Feb 03 22:16:22 2011 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Thu Feb 03 22:16:22 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 03 22:16:22 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Feb 03 22:16:26 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Feb 03 22:16:26 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Feb 03 22:16:26 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 03 22:16:26 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 03 22:16:26 2011 LZO compression initialized
Thu Feb 03 22:16:26 2011 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Feb 03 22:16:27 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Feb 03 22:16:27 2011 Local Options hash (VER=V4): '123f4b88'
Thu Feb 03 22:16:27 2011 Expected Remote Options hash (VER=V4): '1123458f'
Thu Feb 03 22:16:27 2011 UDPv4 link local: [undef]
Thu Feb 03 22:16:27 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
.... nothing happens here. It just waits ....
This is odd...
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Fri Feb 04, 2011 7:33 am
hi there,
can you please post configs/ips for openvpn server,firewalls etc..
what default gw the openvpn server has?
cheers,
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
hansaplast
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Dec 07, 2010 3:10 pm
Post
by hansaplast » Thu Feb 10, 2011 10:37 am
Turned out to be the gateway on the VPN server. Thanks for pointing that out.
This however poses a problem. I have two firewalls, one primary and one fall-back/backup. On the LAN side the FW's reside in the same LAN segment. Some customers want VPN redundancy. So I configured two VPN tunnels one via FW1 and a backup via FW2. Since the default gw on the VPN server points to FW1, OpenVPN doesn't establish a tunnel via FW2 and just sits there waiting... Is there a way get around this?
Regards
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Thu Feb 10, 2011 10:43 am
hi there,
i dont think that this is openvpn problem but the host os that openvpn runs..
if the OS loses its internet connection then the openvpn (which is simple a service)
what can really do about it?..
also there are open source products that both have openvpn + firewall + failover support
(untangle,zeroshell,pfsense).
cheers,
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
