[Resolved] Issue with OpenVPN connection via public IP

[tarnalcock]

Hi All,

I have just completed my first OpenVPN configuration. Firstly my configs:

SERVER:

Code: Select all

local 10.8.0.6

port 1194

proto tcp
;proto udp

dev tap
;dev tun

;dev-node MyTap

ca C:\\keys\\ca.crt
cert C:\\keys\\server.crt
key C:\\keys\\server.key # This file should be kept secret

dh C:\\keys\\dh1024.pem

;server 10.8.0.6 255.255.255.0

ifconfig-pool-persist ipp.txt

server-bridge 10.8.0.6 255.255.255.0 10.8.0.50 10.8.0.100

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway"

;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"

client-to-client

;duplicate-cn

keepalive 10 120

tls-auth C:\\keys\\ta.key 0 

cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

;log openvpn.log
log-append openvpn.log

verb 6

mute 20

CLIENT:

Code: Select all

client

dev tap

;dev-node MyTap

proto tcp
;proto udp

remote x.x.x.x 1194  <<<Public IP and Port>>>
;remote 10.8.0.6 1194

# try hosts in the order specified.
;remote-random

resolv-retry infinite

nobind

;user nobody
;group nobody

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca c:\\keys\\ca.crt
cert c:\\keys\\Conrad.crt
key c:\\keys\\Conrad.key

;ns-cert-type server

tls-auth c:\\keys\\ta.key 1

cipher BF-CBC # Blowfish (default)

comp-lzo

verb 6

# Silence repeating messages
mute 20

PROBLEM:

I can connect fine if I use the server's local IP as my 'remote' connection in client config. However, if I use the public IP of my router I get errors. The server does not even register a connection attempt.

THINGS I HAVE CHECKED/TRIED TO RESOLVE THE PROBLEM:

• Port forwarding is enabled on my router and ports are forwareded to the server.
  The port is allowed in windows firewall on both systems (for TCP as well as UDP - see below)
  I can connect if I use the server's local IP
  I have tried enabling either TCP or UDP connections, both give me errors (see logs below)
  I have enabled tls-auth, genetrated keys etc., as per a suggestion I got on the web (didn't make a difference)
  I uncommented the 'local' directive in server config and put the server's local IP there
  Restarted the router and all machines
  If I access the router's remote administration port via public IP and remote port
  Googled my brains out

The one thing that might cross your minds is that my ISP might be at fault. I can confirm that this is not the case as yesterday, my connection request reached the server, via public IP, but connection was refused due to mis-configuration on my behalf. I have since reconfigured and am now sitting with the problem as stated.

My server is Windows Server 2008 Enterprise x64 and client Windows 7 Pro x64. ADSL Router is a Netgear DG834GUv5.

Here is a log from a connection attempt using TCP:

Tue Nov 29 12:18:35 2011 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 29 12:18:35 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Tue Nov 29 12:18:35 2011 Re-using SSL/TLS context
Tue Nov 29 12:18:35 2011 LZO compression initialized
Tue Nov 29 12:18:35 2011 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:
0 EL:0 ]
Tue Nov 29 12:18:35 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Nov 29 12:18:35 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Tue Nov 29 12:18:35 2011 Local Options hash (VER=V4): '13a273ba'
Tue Nov 29 12:18:35 2011 Expected Remote Options hash (VER=V4): '360696c5'
Tue Nov 29 12:18:35 2011 UDPv4 link local: [undef]
Tue Nov 29 12:18:35 2011 UDPv4 link remote: 41.84.64.98:1194
Tue Nov 29 12:19:35 2011 TLS Error: TLS key negotiation failed to occur within 6
0 seconds (check your network connectivity)
Tue Nov 29 12:19:35 2011 TLS Error: TLS handshake failed
Tue Nov 29 12:19:35 2011 TCP/UDP: Closing socket
Tue Nov 29 12:19:35 2011 SIGUSR1[soft,tls-error] received, process restarting
Tue Nov 29 12:19:35 2011 Restart pause, 2 second(s)

I am aware of the first error mentioned and the steps to be taken to fix it but have not bothered to address it until this issue is resolved.

Any help with this issue would be greatly appreciated.

[tarnalcock]

I forgot to mention that I am using TAP especially for windows file sharing AND because I need access to certain server components. If the filesharing were not the case I would just have gone with TUN.

[Mimiko]

Check you internet connection and port forwarding - your server does not respond at all.

[tarnalcock]

Check you internet connection and port forwarding - your server does not respond at all.

Thanks Mimiko, I have since found the issue.

I was able to connect when connecting via a seperate internet connection (tethering on my phone). Initially I was just trying to connect from within the network to its router's public IP. This was obviously not possible.

So.. Now I am able to connect fine (from a remote connection), get an IP in the correct range but do not get access to the local server nor other computers on the network. Cannot ping into the network nor can I ping from the network to the remote user's computer, however I will try to figure this out myself before returning here for help.

Thank you for the response, much appreciated.