OpenVPN Support Forum

Posted: **Sat Sep 10, 2011 7:12 pm**

I recently moved to a new house and now my connection isn't working. I suspect it has something to do with my router since my config files haven't changed and the log says it still connects. What I've noticed that as soon as I try to connect to a website I get a "Replay-window backtrack occurred [1]" in the logfile. So it does actually make a connection its just that as soon as I try to go to google.com or something it just sits there and nothing happens. Tried ping in the terminal and doesn't even do anything (just hangs).

Here are my configs:

server.conf

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"

client.conf

Code: Select all

client
dev tun
proto tcp
remote 173.255.226.186 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert wmartine.crt
key wmartine.key
ns-cert-type server
comp-lzo
verb 3

Logfile:

Code: Select all

2011-09-10 20:07:31 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.1 (build 2190); OpenVPN 2.1.4
2011-09-10 20:07:31 *Tunnelblick: Attempting connection with test2; Set nameserver = 9; monitoring connection
2011-09-10 20:07:31 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start test2.tblk 1338 9 0 3 0 49
2011-09-10 20:07:32 OpenVPN 2.1.4 i386-apple-darwin10.5.0 [SSL] [LZO2] [PKCS11] built on Dec  3 2010
2011-09-10 20:07:32 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338
2011-09-10 20:07:32 Need hold release from management interface, waiting...
2011-09-10 20:07:32 MANAGEMENT: Client connected from 127.0.0.1:1338
2011-09-10 20:07:32 MANAGEMENT: CMD 'pid'
2011-09-10 20:07:32 MANAGEMENT: CMD 'state on'
2011-09-10 20:07:32 MANAGEMENT: CMD 'state'
2011-09-10 20:07:32 MANAGEMENT: CMD 'hold release'
2011-09-10 20:07:32 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2011-09-10 20:07:32 LZO compression initialized
2011-09-10 20:07:32 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2011-09-10 20:07:32 Socket Buffers: R=[42080->65536] S=[9216->65536]
2011-09-10 20:07:32 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2011-09-10 20:07:32 Local Options hash (VER=V4): '41690919'
2011-09-10 20:07:32 Expected Remote Options hash (VER=V4): '530fdded'
2011-09-10 20:07:32 UDPv4 link local: [undef]
2011-09-10 20:07:32 UDPv4 link remote: 173.255.226.186:1194
2011-09-10 20:07:32 MANAGEMENT: >STATE:1315681652,WAIT,,,
2011-09-10 20:07:32 MANAGEMENT: >STATE:1315681652,AUTH,,,
2011-09-10 20:07:32 TLS: Initial packet from 173.255.226.186:1194, sid=a0484af0 70b6b7e8
2011-09-10 20:07:32 VERIFY OK: depth=1, /C=US/ST=NJ/L=Newark/O=AmLondon/OU=Lon/CN=AmLondon_NJ/emailAddress=mbesto@gmail.com
2011-09-10 20:07:32 VERIFY OK: nsCertType=SERVER
2011-09-10 20:07:32 VERIFY OK: depth=0, /C=US/ST=NJ/L=Newark/O=AmLondon/CN=server/emailAddress=mbesto@gmail.com
2011-09-10 20:07:32 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn --cd /Library/Application Support/Tunnelblick/Shared/test2.tblk/Contents/Resources --daemon --management 127.0.0.1 1338 --config /Library/Application Support/Tunnelblick/Shared/test2.tblk/Contents/Resources/config.ovpn --log /tmp/tunnelblick/logs/-SLibrary-SApplication Support-STunnelblick-SShared-Stest2.tblk-SContents-SResources-Sconfig.ovpn.9_0_3_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.2.up.tunnelblick.sh -m -w -d --down /Applications/Tunnelblick.app/Contents/Resources/client.2.down.tunnelblick.sh -m -w -d --up-restart
2011-09-10 20:07:34 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-09-10 20:07:34 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-09-10 20:07:34 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-09-10 20:07:34 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-09-10 20:07:34 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2011-09-10 20:07:34 [server] Peer Connection Initiated with 173.255.226.186:1194
2011-09-10 20:07:35 MANAGEMENT: >STATE:1315681655,GET_CONFIG,,,
2011-09-10 20:07:36 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2011-09-10 20:07:36 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
2011-09-10 20:07:36 OPTIONS IMPORT: timers and/or timeouts modified
2011-09-10 20:07:36 OPTIONS IMPORT: --ifconfig/up options modified
2011-09-10 20:07:36 OPTIONS IMPORT: route options modified
2011-09-10 20:07:36 ROUTE default_gateway=192.168.0.1
2011-09-10 20:07:36 TUN/TAP device /dev/tun0 opened
2011-09-10 20:07:36 MANAGEMENT: >STATE:1315681656,ASSIGN_IP,,10.8.0.10,
2011-09-10 20:07:36 /sbin/ifconfig tun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2011-09-10 20:07:36 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2011-09-10 20:07:36 /sbin/ifconfig tun0 10.8.0.10 10.8.0.9 mtu 1500 netmask 255.255.255.255 up
2011-09-10 20:07:36 /Applications/Tunnelblick.app/Contents/Resources/client.2.up.tunnelblick.sh -m -w -d tun0 1500 1542 10.8.0.10 10.8.0.9 init
2011-09-10 20:07:36 /sbin/route add -net 173.255.226.186 192.168.0.1 255.255.255.255
                                        add net 173.255.226.186: gateway 192.168.0.1
2011-09-10 20:07:36 /sbin/route add -net 0.0.0.0 10.8.0.9 128.0.0.0
                                        add net 0.0.0.0: gateway 10.8.0.9
2011-09-10 20:07:36 /sbin/route add -net 128.0.0.0 10.8.0.9 128.0.0.0
                                        add net 128.0.0.0: gateway 10.8.0.9
2011-09-10 20:07:36 MANAGEMENT: >STATE:1315681656,ADD_ROUTES,,,
2011-09-10 20:07:36 /sbin/route add -net 10.8.0.1 10.8.0.9 255.255.255.255
                                        add net 10.8.0.1: gateway 10.8.0.9
2011-09-10 20:07:36 Initialization Sequence Completed
2011-09-10 20:07:36 MANAGEMENT: >STATE:1315681656,CONNECTED,SUCCESS,10.8.0.10,173.255.226.186
2011-09-10 20:07:36 *Tunnelblick client.up.tunnelblick.sh: No network configuration changes need to be made
2011-09-10 20:07:36 *Tunnelblick client.up.tunnelblick.sh: Will NOT monitor for other network configuration changes
2011-09-10 20:07:36 *Tunnelblick: Flushed the DNS cache
2011-09-10 20:07:40 Replay-window backtrack occurred [1]

I've tried this on Mac OS X (via Tunnelblick) and Win 7 (openvpn GUI). Same issue.

Posted: **Sat Sep 10, 2011 9:43 pm**

your server uses

proto udp

but your client uses

proto tcp

you should not be getting ANY kind of connection until you fix this...

Posted: **Sat Sep 10, 2011 9:53 pm**

oops, wrong client conf file. I actually was testing with TCP (which didn't work)

Here is the real client config:

Code: Select all

client
dev tun
proto udp
remote 173.255.226.186 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert wmartine.crt
key wmartine.key
ns-cert-type server
comp-lzo
verb 3

Posted: **Sat Sep 10, 2011 10:22 pm**

how are you dealing with DNS? is the right DNS server set ? try using a DNS server 8.8.8.8 - that one should work both via the tunnel (redirect-gateway) and without using a VPN.

Posted: **Sun Sep 11, 2011 6:26 am**

I had a feeling that was the problem. Just set mine to OpenDNS and no issues! Thanks!

p.s. - I'm on a Virgin Media Super Hub and can't change the router DNS (which would make my life a lot easier). Oh well, can still get it work on each computer.

OpenVPN Support Forum

Can't connect at new location

Can't connect at new location

Re: Can't connect at new location

Re: Can't connect at new location

Re: Can't connect at new location

Re: Can't connect at new location