Some users work and some get timouts
Posted: Tue Apr 12, 2011 4:31 pm
Some of my users work and some don't and its very strange. I work fine at home using Comcast Cable Internet. Recently one of my users asked for a VPN so I told him to bring in his computer. I set it all up and verified it all works. He gets home and tries to connect and get timeouts. He is also on Comcast Cable internet and only lives like 15 miles from my house. I asked him if he had a router and he said no, he is plugged directly into the Modem. I told him that I have a Motorola Surfboard modem and its fine, So he went and bought one (I think he had an RCA). Still wont connect. So he brings his computer back into work and it connects fine. Comcast will not help him. But he is not the only one, as this has been going on for a few years now. Its a 50/50 on weather my users VPN will work or not. At first I figured it was a router at the users home blocking the port and this latest example proves that it will timeout without a router. We were originally using UDP and switched over to TCP and still had no luck. Not many users use the VPN so I know its not a user limit issue.
Only thing else I can think of is to change the port number from 1194 to something else.
Users Log:
Tue Mar 15 07:18:25 2011 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Tue Mar 15 07:18:25 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Mar 15 07:18:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 15 07:18:30 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 15 07:18:30 2011 LZO compression initialized
Tue Mar 15 07:18:30 2011 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Mar 15 07:18:30 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Mar 15 07:18:30 2011 Local Options hash (VER=V4): '31fdf004'
Tue Mar 15 07:18:30 2011 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Mar 15 07:18:30 2011 Attempting to establish TCP connection with 64.181.39.114:1194
Tue Mar 15 07:18:51 2011 TCP: connect to 64.181.39.114:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Tue Mar 15 07:19:17 2011 TCP: connect to 64.181.39.114:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Tue Mar 15 07:19:43 2011 TCP: connect to 64.181.39.114:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Server Config:
local 64.181.39.114
port 1194
proto tcp
;proto udp
dev tap0
;dev tun0
;dev-node MyTap
ca /etc/keys/ca.crt
cert /etc/keys/f***.crt
key /etc/keys/f***.key # This file should be kept secret
dh /etc/keys/dh1024.pem
crl-verify /etc/keys/crl.pem
;server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 10.2.0.1 255.255.255.0 10.2.0.231 10.2.0.239
push "route 10.1.0.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "route-gateway 10.2.0.1"
push "dhcp-option DNS 10.2.0.2"
push "dhcp-option DNS 10.2.0.3"
push "dhcp-option WINS 10.2.0.2"
push "dhcp-option WINS 10.2.0.3"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 9
;user nobody
;group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 6
;mute 20
Client Config:
client
dev tap0
;dev tun
;dev-node MyTap
proto tcp
;proto udp
remote 64.181.39.114 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\user.crt"
key "C:\\Program Files\\OpenVPN\\config\\user.key"
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20
Only thing else I can think of is to change the port number from 1194 to something else.
Users Log:
Tue Mar 15 07:18:25 2011 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Tue Mar 15 07:18:25 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Mar 15 07:18:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 15 07:18:30 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 15 07:18:30 2011 LZO compression initialized
Tue Mar 15 07:18:30 2011 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Mar 15 07:18:30 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Mar 15 07:18:30 2011 Local Options hash (VER=V4): '31fdf004'
Tue Mar 15 07:18:30 2011 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Mar 15 07:18:30 2011 Attempting to establish TCP connection with 64.181.39.114:1194
Tue Mar 15 07:18:51 2011 TCP: connect to 64.181.39.114:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Tue Mar 15 07:19:17 2011 TCP: connect to 64.181.39.114:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Tue Mar 15 07:19:43 2011 TCP: connect to 64.181.39.114:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Server Config:
local 64.181.39.114
port 1194
proto tcp
;proto udp
dev tap0
;dev tun0
;dev-node MyTap
ca /etc/keys/ca.crt
cert /etc/keys/f***.crt
key /etc/keys/f***.key # This file should be kept secret
dh /etc/keys/dh1024.pem
crl-verify /etc/keys/crl.pem
;server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 10.2.0.1 255.255.255.0 10.2.0.231 10.2.0.239
push "route 10.1.0.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "route-gateway 10.2.0.1"
push "dhcp-option DNS 10.2.0.2"
push "dhcp-option DNS 10.2.0.3"
push "dhcp-option WINS 10.2.0.2"
push "dhcp-option WINS 10.2.0.3"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 9
;user nobody
;group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 6
;mute 20
Client Config:
client
dev tap0
;dev tun
;dev-node MyTap
proto tcp
;proto udp
remote 64.181.39.114 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\user.crt"
key "C:\\Program Files\\OpenVPN\\config\\user.key"
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20