[resolved] Simple connection does not work

benoit · Post by **benoit** » Wed Jan 18, 2012 10:40 pm

Hello,
I'm a new comer and have a problem. I can not make OpenVPN Work.
Server is Ubuntu Server : server.conf :

  
  proto udp
  port 1194
  dev tun
  tls-server
  ca ca.crt
  cert serevr.crt
  key server.key
  dh dh1024.pem
  cipher AES-256-CBC
  auth MD5
  server 10.8.0.0 255.255.255.0
  comp-lzo
  fragment 144

On the server : iptables -L -n -v :

Code: Select all

Chain INPUT (policy ACCEPT 5062 packets, 558K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 6675  579K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22 
    0     0 ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 491 packets, 57123 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 6675  579K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

On the server : cat openvpn-status.log :

Code: Select all

OpenVPN CLIENT LIST
Updated,Tue Jan 17 17:08:45 2012
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

On the server : # openvpn server.conf :

Code: Select all

Wed Jan 18 17:35:30 2012 OpenVPN 2.1.3 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Mar 11 2011
Wed Jan 18 17:35:30 2012 WARNING: --keepalive option is missing from server config
Wed Jan 18 17:35:30 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jan 18 17:35:30 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Wed Jan 18 17:35:30 2012 TLS-Auth MTU parms [ L:1554 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jan 18 17:35:30 2012 TUN/TAP device tun0 opened
Wed Jan 18 17:35:30 2012 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Jan 18 17:35:30 2012 Data Channel MTU parms [ L:1554 D:1450 EF:54 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jan 18 17:35:30 2012 UDPv4 link local (bound): [undef]
Wed Jan 18 17:35:30 2012 UDPv4 link remote: [undef]
Wed Jan 18 17:35:30 2012 Initialization Sequence Completed

Client is Debian : client.conf :

Code: Select all

  remote 65.24.202.68
  proto udp
  port 1194
  dev tun
  tls-client
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/client01.crt
  key /etc/openvpn/client01.key
  cipher AES-256-CBC
  auth MD5
  pull
  comp-lzo
  fragment 1400
  persist-key
  persist-tun

On the client :# openvpn client.conf :

Code: Select all

Wed Jan 18 17:40:36 2012 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 21 2010
Wed Jan 18 17:40:36 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 18 17:40:36 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jan 18 17:40:36 2012 WARNING: file '/etc/openvpn/dipliad01.key' is group or others accessible
Wed Jan 18 17:40:36 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Wed Jan 18 17:40:37 2012 LZO compression initialized
Wed Jan 18 17:40:37 2012 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jan 18 17:40:37 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jan 18 17:40:37 2012 Fragmentation MTU parms [ L:1558 D:1400 EF:57 EB:135 ET:1 EL:0 AF:3/1 ]
Wed Jan 18 17:40:37 2012 Local Options hash (VER=V4): '8f40a5db'
Wed Jan 18 17:40:37 2012 Expected Remote Options hash (VER=V4): '6ce7e20d'
Wed Jan 18 17:40:37 2012 UDPv4 link local (bound): [undef]
Wed Jan 18 17:40:37 2012 UDPv4 link remote: [AF_INET]65.24.202.68:1194
Wed Jan 18 17:40:39 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)

I guess to be close to figure it out. But I can't.
Thanks for help

Post by **maikcat** » Thu Jan 19, 2012 9:26 am

did you forwarded the udp port 1194 on your router?
did you configured router firewall to allow this port?

Michael.

benoit · Post by **benoit** » Thu Jan 19, 2012 7:22 pm

Yes. There is only a switch between the two computers. (I'm testing the more closely that I can.)

Post by **maikcat** » Fri Jan 20, 2012 10:51 am

Reply with quote Post Posted: Thu Jan 19, 2012 9:22 pm
Re: Simple connection does not work
Yes. There is only a switch between the two computers. (I'm testing the more closely that I can.)

wait a minute...

both pcs are in the same lan?
i noticed you are using ip 65.24.202.68..

is this ip your routers wan ip?

keep in mind that NOT all routers can do this...
i mean from your lan *hit* their wan ip and redirect you back in again..

Michael.

benoit · Post by **benoit** » Fri Jan 20, 2012 10:13 pm

Our network uses public @IP (but not in our real @IP range). It is an historical issue. Not so good but it works.
There is a small mistake in client.conf. The @IP of the VPN Server is wrong.
Shame on me.
It works now !-)

benoit · Post by **benoit** » Fri Jan 20, 2012 10:15 pm

Thank you very much.

OpenVPN Support Forum

[resolved] Simple connection does not work

[resolved] Simple connection does not work

Re: Simple connection does not work

Re: Simple connection does not work

Re: Simple connection does not work

Re: [OK] Simple connection does not work

Re: [OK] Simple connection does not work