OpenVPN Support Forum

Hi All

I am getting the error

read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

when I try to connect.
I am a new user so, it is probably an issue with my settings

If I use nmap I cant see the 1194 port opened.
This is my conf
-----------Server--------------------
port 1194
proto udp
dev tun
persist-tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

#Direcciones que se asignaran a los
#clientes, el server es .1
server 10.1.1.0 255.255.255.0

ifconfig-pool-persist ipp.txt

#Ruta para que los clientes alcancen la red local del server (1.0/24)
push "route 10.0.1.0 255.255.255.0"

#Para que los clientes se visualicen entre ellos
#Debe ir junto con la opción routeback en el shorewall
client-to-client

keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4

=======================cliente=======================================
tls-client
client
dev tun
proto udp
remote mi-server 1194
float
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert Agente_seguro.crt
key Agente_seguro.key
comp-lzo
verb 5
=============================route============
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.1.0 10.1.1.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 10.0.2.1 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth2

===================================ifconfig
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.1.1 P-t-P:10.1.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Any help ?

macaruchi wrote:I am a new user so, it is probably an issue with my settings

Your settings look really good to me at first glance. Do you really need float in client config? (changing float won't fix your problem by the way, I'm just curious).

Umm...

macaruchi wrote:If I use nmap I cant see the 1194 port opened

If you're on a linux setup, whats your firewall situation? If OpenVPN is running and 1194 is not open for UDP, then that does suggest a firewall issue. Is IPTABLES installed / setup?

[edit]
Also I went to the documentation to check something and it seems that because you put the directive "client" then you don't also need "tls-client", so tls-client you can remove.

Still important problem will be to get 1194 port open for business. If you look in the site forum -->Scripting and customization-->Firewall scripts, you can see some good examples.

Hi !
I remove the line client-tls and float.

My server is in linux but my configuration from IPtables is simple. I have rules just SNAT and DNAT
I opened the 1194 port in my router.

This is my log from XP client


WRRWRWRWRWRWRWRWRMon Jul 25 09:24:00 2011 us=272443 Current Parameter Settings:
Mon Jul 25 09:24:00 2011 us=272555 config = 'Agente_seguro.ovpn'
Mon Jul 25 09:24:00 2011 us=272590 mode = 0
Mon Jul 25 09:24:00 2011 us=272618 show_ciphers = DISABLED
Mon Jul 25 09:24:00 2011 us=272647 show_digests = DISABLED
Mon Jul 25 09:24:00 2011 us=272676 show_engines = DISABLED
Mon Jul 25 09:24:00 2011 us=272709 genkey = DISABLED
Mon Jul 25 09:24:00 2011 us=272738 key_pass_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=273850 show_tls_ciphers = DISABLED
Mon Jul 25 09:24:00 2011 us=273879 proto = 0
Mon Jul 25 09:24:00 2011 us=273906 local = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=273940 remote_list[0] = {'x.x.x.x', 1194}
Mon Jul 25 09:24:00 2011 us=273968 remote_random = DISABLED
Mon Jul 25 09:24:00 2011 us=273995 local_port = 1194
Mon Jul 25 09:24:00 2011 us=274023 remote_port = 1194
Mon Jul 25 09:24:00 2011 us=274050 remote_float = ENABLED
Mon Jul 25 09:24:00 2011 us=274077 ipchange = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=274104 bind_local = DISABLED
Mon Jul 25 09:24:00 2011 us=274130 dev = 'tun'
Mon Jul 25 09:24:00 2011 us=274157 dev_type = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=274184 dev_node = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=274211 tun_ipv6 = DISABLED
Mon Jul 25 09:24:00 2011 us=274238 ifconfig_local = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=274266 ifconfig_remote_netmask = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=274294 ifconfig_noexec = DISABLED
Mon Jul 25 09:24:00 2011 us=274321 ifconfig_nowarn = DISABLED
Mon Jul 25 09:24:00 2011 us=274348 shaper = 0
Mon Jul 25 09:24:00 2011 us=274375 tun_mtu = 1500
Mon Jul 25 09:24:00 2011 us=274403 tun_mtu_defined = ENABLED
Mon Jul 25 09:24:00 2011 us=274430 link_mtu = 1500
Mon Jul 25 09:24:00 2011 us=274458 link_mtu_defined = DISABLED
Mon Jul 25 09:24:00 2011 us=274666 tun_mtu_extra = 0
Mon Jul 25 09:24:00 2011 us=274700 tun_mtu_extra_defined = DISABLED
Mon Jul 25 09:24:00 2011 us=274727 fragment = 0
Mon Jul 25 09:24:00 2011 us=274755 mtu_discover_type = -1
Mon Jul 25 09:24:00 2011 us=274782 mtu_test = 0
Mon Jul 25 09:24:00 2011 us=274809 mlock = DISABLED
Mon Jul 25 09:24:00 2011 us=274837 keepalive_ping = 0
Mon Jul 25 09:24:00 2011 us=274865 keepalive_timeout = 0
Mon Jul 25 09:24:00 2011 us=274893 inactivity_timeout = 0
Mon Jul 25 09:24:00 2011 us=274920 ping_send_timeout = 0
Mon Jul 25 09:24:00 2011 us=274948 ping_rec_timeout = 120
Mon Jul 25 09:24:00 2011 us=274977 ping_rec_timeout_action = 2
Mon Jul 25 09:24:00 2011 us=275005 ping_timer_remote = DISABLED
Mon Jul 25 09:24:00 2011 us=275033 remap_sigusr1 = 0
Mon Jul 25 09:24:00 2011 us=275066 explicit_exit_notification = 0
Mon Jul 25 09:24:00 2011 us=275094 persist_tun = ENABLED
Mon Jul 25 09:24:00 2011 us=275122 persist_local_ip = DISABLED
Mon Jul 25 09:24:00 2011 us=275150 persist_remote_ip = DISABLED
Mon Jul 25 09:24:00 2011 us=275178 persist_key = ENABLED
Mon Jul 25 09:24:00 2011 us=275206 mssfix = 1450
Mon Jul 25 09:24:00 2011 us=275235 resolve_retry_seconds = 1000000000
Mon Jul 25 09:24:00 2011 us=275264 connect_retry_seconds = 5
Mon Jul 25 09:24:00 2011 us=275291 username = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275320 groupname = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275348 chroot_dir = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275376 cd_dir = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275404 writepid = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275431 up_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275459 down_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=275487 down_pre = DISABLED
Mon Jul 25 09:24:00 2011 us=275515 up_restart = DISABLED
Mon Jul 25 09:24:00 2011 us=275543 up_delay = DISABLED
Mon Jul 25 09:24:00 2011 us=275594 daemon = DISABLED
Mon Jul 25 09:24:00 2011 us=275623 inetd = 0
Mon Jul 25 09:24:00 2011 us=275649 log = DISABLED
Mon Jul 25 09:24:00 2011 us=275677 suppress_timestamps = DISABLED
Mon Jul 25 09:24:00 2011 us=275785 nice = 0
Mon Jul 25 09:24:00 2011 us=275818 verbosity = 5
Mon Jul 25 09:24:00 2011 us=275846 mute = 0
Mon Jul 25 09:24:00 2011 us=276944 gremlin = 0
Mon Jul 25 09:24:00 2011 us=276984 status_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=277036 status_file_version = 1
Mon Jul 25 09:24:00 2011 us=277068 status_file_update_freq = 60
Mon Jul 25 09:24:00 2011 us=277095 occ = ENABLED
Mon Jul 25 09:24:00 2011 us=277120 rcvbuf = 0
Mon Jul 25 09:24:00 2011 us=277146 sndbuf = 0
Mon Jul 25 09:24:00 2011 us=277228 socks_proxy_server = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=277278 socks_proxy_port = 0
Mon Jul 25 09:24:00 2011 us=277307 socks_proxy_retry = DISABLED
Mon Jul 25 09:24:00 2011 us=277334 fast_io = DISABLED
Mon Jul 25 09:24:00 2011 us=277359 comp_lzo = ENABLED
Mon Jul 25 09:24:00 2011 us=277385 comp_lzo_adaptive = ENABLED
Mon Jul 25 09:24:00 2011 us=277412 route_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=277440 route_default_gateway = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=277467 route_noexec = DISABLED
Mon Jul 25 09:24:00 2011 us=277493 route_delay = 0
Mon Jul 25 09:24:00 2011 us=327559 route_delay_window = 30
Mon Jul 25 09:24:00 2011 us=327611 route_delay_defined = ENABLED
Mon Jul 25 09:24:00 2011 us=327641 management_addr = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=327668 management_port = 0
Mon Jul 25 09:24:00 2011 us=327745 management_user_pass = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=327776 management_log_history_cache = 250
Mon Jul 25 09:24:00 2011 us=327804 management_echo_buffer_size = 100
Mon Jul 25 09:24:00 2011 us=327833 management_query_passwords = DISABLED
Mon Jul 25 09:24:00 2011 us=327861 management_hold = DISABLED
Mon Jul 25 09:24:00 2011 us=327888 shared_secret_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=327915 key_direction = 0
Mon Jul 25 09:24:00 2011 us=327943 ciphername_defined = ENABLED
Mon Jul 25 09:24:00 2011 us=327970 ciphername = 'BF-CBC'
Mon Jul 25 09:24:00 2011 us=327997 authname_defined = ENABLED
Mon Jul 25 09:24:00 2011 us=328024 authname = 'SHA1'
Mon Jul 25 09:24:00 2011 us=383999 keysize = 0
Mon Jul 25 09:24:00 2011 us=384065 engine = DISABLED
Mon Jul 25 09:24:00 2011 us=384095 replay = ENABLED
Mon Jul 25 09:24:00 2011 us=384123 mute_replay_warnings = DISABLED
Mon Jul 25 09:24:00 2011 us=384150 replay_window = 64
Mon Jul 25 09:24:00 2011 us=384177 replay_time = 15
Mon Jul 25 09:24:00 2011 us=384280 packet_id_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=384307 use_iv = ENABLED
Mon Jul 25 09:24:00 2011 us=384334 test_crypto = DISABLED
Mon Jul 25 09:24:00 2011 us=384360 tls_server = DISABLED
Mon Jul 25 09:24:00 2011 us=384387 tls_client = ENABLED
Mon Jul 25 09:24:00 2011 us=384413 key_method = 2
Mon Jul 25 09:24:00 2011 us=384439 ca_file = 'ca.crt'
Mon Jul 25 09:24:00 2011 us=384467 dh_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=384494 cert_file = 'Agente_seguro.crt'
Mon Jul 25 09:24:00 2011 us=384522 priv_key_file = 'Agente_seguro.key'
Mon Jul 25 09:24:00 2011 us=384549 pkcs12_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431146 cryptoapi_cert = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431248 cipher_list = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431286 tls_verify = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431313 tls_remote = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431393 crl_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431422 ns_cert_type = 0
Mon Jul 25 09:24:00 2011 us=431448 tls_timeout = 2
Mon Jul 25 09:24:00 2011 us=431475 renegotiate_bytes = 0
Mon Jul 25 09:24:00 2011 us=431502 renegotiate_packets = 0
Mon Jul 25 09:24:00 2011 us=431529 renegotiate_seconds = 3600
Mon Jul 25 09:24:00 2011 us=431556 handshake_window = 60
Mon Jul 25 09:24:00 2011 us=431583 transition_window = 3600
Mon Jul 25 09:24:00 2011 us=431609 single_session = DISABLED
Mon Jul 25 09:24:00 2011 us=431635 tls_exit = DISABLED
Mon Jul 25 09:24:00 2011 us=431662 tls_auth_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=431731 server_network = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483031 server_netmask = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483074 server_bridge_ip = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483108 server_bridge_netmask = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483138 server_bridge_pool_start = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483167 server_bridge_pool_end = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483196 ifconfig_pool_defined = DISABLED
Mon Jul 25 09:24:00 2011 us=483229 ifconfig_pool_start = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483257 ifconfig_pool_end = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483286 ifconfig_pool_netmask = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=483315 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=483348 ifconfig_pool_persist_refresh_freq = 600
Mon Jul 25 09:24:00 2011 us=483376 ifconfig_pool_linear = DISABLED
Mon Jul 25 09:24:00 2011 us=483403 n_bcast_buf = 256
Mon Jul 25 09:24:00 2011 us=483430 tcp_queue_limit = 64
Mon Jul 25 09:24:00 2011 us=483456 real_hash_size = 256
Mon Jul 25 09:24:00 2011 us=534163 virtual_hash_size = 256
Mon Jul 25 09:24:00 2011 us=534224 client_connect_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=534260 learn_address_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=534289 client_disconnect_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=534335 client_config_dir = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=534389 ccd_exclusive = DISABLED
Mon Jul 25 09:24:00 2011 us=534416 tmp_dir = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=534444 push_ifconfig_defined = DISABLED
Mon Jul 25 09:24:00 2011 us=534480 push_ifconfig_local = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=534517 push_ifconfig_remote_netmask = 0.0.0.0
Mon Jul 25 09:24:00 2011 us=534546 enable_c2c = DISABLED
Mon Jul 25 09:24:00 2011 us=534572 duplicate_cn = DISABLED
Mon Jul 25 09:24:00 2011 us=534599 cf_max = 0
Mon Jul 25 09:24:00 2011 us=534625 cf_per = 0
Mon Jul 25 09:24:00 2011 us=534651 max_clients = 1024
Mon Jul 25 09:24:00 2011 us=581492 max_routes_per_client = 256
Mon Jul 25 09:24:00 2011 us=581590 client_cert_not_required = DISABLED
Mon Jul 25 09:24:00 2011 us=581623 username_as_common_name = DISABLED
Mon Jul 25 09:24:00 2011 us=581742 auth_user_pass_verify_script = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=581781 auth_user_pass_verify_script_via_file = DISABLED
Mon Jul 25 09:24:00 2011 us=581809 client = ENABLED
Mon Jul 25 09:24:00 2011 us=581835 pull = ENABLED
Mon Jul 25 09:24:00 2011 us=581863 auth_user_pass_file = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=581899 show_net_up = DISABLED
Mon Jul 25 09:24:00 2011 us=581927 route_method = 0
Mon Jul 25 09:24:00 2011 us=581954 ip_win32_defined = DISABLED
Mon Jul 25 09:24:00 2011 us=581981 ip_win32_type = 3
Mon Jul 25 09:24:00 2011 us=582008 dhcp_masq_offset = 0
Mon Jul 25 09:24:00 2011 us=582035 dhcp_lease_time = 31536000
Mon Jul 25 09:24:00 2011 us=582061 tap_sleep = 0
Mon Jul 25 09:24:00 2011 us=632411 dhcp_options = DISABLED
Mon Jul 25 09:24:00 2011 us=632458 dhcp_renew = DISABLED
Mon Jul 25 09:24:00 2011 us=632487 dhcp_pre_release = DISABLED
Mon Jul 25 09:24:00 2011 us=632515 dhcp_release = DISABLED
Mon Jul 25 09:24:00 2011 us=632541 domain = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=632568 netbios_scope = '[UNDEF]'
Mon Jul 25 09:24:00 2011 us=632595 netbios_node_type = 0
Mon Jul 25 09:24:00 2011 us=632622 disable_nbt = DISABLED
Mon Jul 25 09:24:00 2011 us=632665 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Jul 25 09:24:00 2011 us=632982 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 25 09:24:00 2011 us=633022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Jul 25 09:24:00 2011 us=637430 LZO compression initialized
Mon Jul 25 09:24:00 2011 us=680916 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 25 09:24:00 2011 us=685548 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 25 09:24:00 2011 us=685668 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jul 25 09:24:00 2011 us=685708 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Jul 25 09:24:00 2011 us=685791 Local Options hash (VER=V4): '41690919'
Mon Jul 25 09:24:00 2011 us=685844 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 25 09:24:00 2011 us=685932 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jul 25 09:24:00 2011 us=685979 UDPv4 link local: [undef]
Mon Jul 25 09:24:00 2011 us=686014 UDPv4 link remote: x.x.x.x:1194
Mon Jul 25 09:24:00 2011 us=765345 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Jul 25 09:24:03 2011 us=367647 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Jul 25 09:24:06 2011 us=63732 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Jul 25 09:24:07 2011 us=389988 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Jul 25 09:24:10 2011 us=82182 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Jul 25 09:24:10 2011 us=272873 TCP/UDP: Closing socket
Mon Jul 25 09:24:10 2011 us=273095 SIGTERM[hard,] received, process exiting

macaruchi wrote:I have rules just SNAT and DNAT I opened the 1194 port in my router.

Something is blocking your connection from even starting. So somehow, your port is blocked.

As a demonstration for you -- I blocked 1194 UDP on my own server -- here are the results:
See how it fails after UDPv4 link remote. That means your connection fails to even initiate. The problem is connectivity.

I suggest that you check all your infrastructure is allowing UDP on port 1194.

Eg: iptables on server: Also your router.. double check it again.. see that 1194 UDP is correctly opened/forwarded.

Make sure the IP you are trying to connect to (in client config "mi-server"), is in fact the correct IP of the server.

Then after you fix that problem, it looks like you will have certificate problems too. But thats later. First have to fix the 1194 UDP problem.