I have just completed my first OpenVPN configuration. Firstly my configs:
SERVER:
Code: Select all
local 10.8.0.6
port 1194
proto tcp
;proto udp
dev tap
;dev tun
;dev-node MyTap
ca C:\\keys\\ca.crt
cert C:\\keys\\server.crt
key C:\\keys\\server.key # This file should be kept secret
dh C:\\keys\\dh1024.pem
;server 10.8.0.6 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 10.8.0.6 255.255.255.0 10.8.0.50 10.8.0.100
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway"
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth C:\\keys\\ta.key 0
cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
log-append openvpn.log
verb 6
mute 20
Code: Select all
client
dev tap
;dev-node MyTap
proto tcp
;proto udp
remote x.x.x.x 1194 <<<Public IP and Port>>>
;remote 10.8.0.6 1194
# try hosts in the order specified.
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca c:\\keys\\ca.crt
cert c:\\keys\\Conrad.crt
key c:\\keys\\Conrad.key
;ns-cert-type server
tls-auth c:\\keys\\ta.key 1
cipher BF-CBC # Blowfish (default)
comp-lzo
verb 6
# Silence repeating messages
mute 20
I can connect fine if I use the server's local IP as my 'remote' connection in client config. However, if I use the public IP of my router I get errors. The server does not even register a connection attempt.
THINGS I HAVE CHECKED/TRIED TO RESOLVE THE PROBLEM:
- Port forwarding is enabled on my router and ports are forwareded to the server.
The port is allowed in windows firewall on both systems (for TCP as well as UDP - see below)
I can connect if I use the server's local IP
I have tried enabling either TCP or UDP connections, both give me errors (see logs below)
I have enabled tls-auth, genetrated keys etc., as per a suggestion I got on the web (didn't make a difference)
I uncommented the 'local' directive in server config and put the server's local IP there
Restarted the router and all machines
If I access the router's remote administration port via public IP and remote port
Googled my brains out
My server is Windows Server 2008 Enterprise x64 and client Windows 7 Pro x64. ADSL Router is a Netgear DG834GUv5.
Here is a log from a connection attempt using TCP:
I am aware of the first error mentioned and the steps to be taken to fix it but have not bothered to address it until this issue is resolved.Tue Nov 29 12:18:35 2011 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 29 12:18:35 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Tue Nov 29 12:18:35 2011 Re-using SSL/TLS context
Tue Nov 29 12:18:35 2011 LZO compression initialized
Tue Nov 29 12:18:35 2011 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:
0 EL:0 ]
Tue Nov 29 12:18:35 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Nov 29 12:18:35 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Tue Nov 29 12:18:35 2011 Local Options hash (VER=V4): '13a273ba'
Tue Nov 29 12:18:35 2011 Expected Remote Options hash (VER=V4): '360696c5'
Tue Nov 29 12:18:35 2011 UDPv4 link local: [undef]
Tue Nov 29 12:18:35 2011 UDPv4 link remote: 41.84.64.98:1194
Tue Nov 29 12:19:35 2011 TLS Error: TLS key negotiation failed to occur within 6
0 seconds (check your network connectivity)
Tue Nov 29 12:19:35 2011 TLS Error: TLS handshake failed
Tue Nov 29 12:19:35 2011 TCP/UDP: Closing socket
Tue Nov 29 12:19:35 2011 SIGUSR1[soft,tls-error] received, process restarting
Tue Nov 29 12:19:35 2011 Restart pause, 2 second(s)
Any help with this issue would be greatly appreciated.