OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Cannot VPN into my Asterisk / CentOS box

https://forums.openvpn.net/viewtopic.php?t=9899

Page 1 of 1

Cannot VPN into my Asterisk / CentOS box

Posted: Tue Feb 21, 2012 10:22 pm
by peterbata
Hello all. First time post. Just what everyone needed another newbie question. Please bear with me.

A little info on my system:

FreePBX 2.9.0.9 / Asterisk 1.8.8.0 / Centos Release 6.2

I installed OpenVPN by executing the following files at my server:

./install-EasyOpenVPN_part1.sh
./install-EasyOpenVPN_part2.sh
./create-EasyOpenVPN-client.sh

Followed the prompts and assume that I provided the required information appropriately.

In my /root/keys directory I find a sub-directory which I suppose was created by the install called:
PBX1.

In it are these files: ca.crt PBX1.conf PBX1.crt PBX1.key PBX1.tar ta.key
At this point I believe that the server side install is complete.

Next I forward port 1194 at my 2WIRE router to my server IP.
I then download and install openvpn-2.2.2-install on my Windows 7 laptop.

I then take PBX1.conf which contains this:

client
dev tun
proto udp
remote mypbx.dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert PBX1.crt
key PBX1.key
comp-lzo
verb 3
cipher aes-128-cbc
tls-auth ta.key 1

Save as PBX1.ovpn

I had also copied the .crt / .key / ovpn files into c:\Program Files(x86)\OpenVPN\config

Next I run openvpn GUI as Administrator and select PBX1.ovpn

The connection window comes up:

Tue Feb 21 17:15:48 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Feb 21 17:15:48 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Feb 21 17:15:48 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb 21 17:15:49 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Feb 21 17:15:49 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 21 17:15:49 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 21 17:15:49 2012 LZO compression initialized
Tue Feb 21 17:15:49 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Feb 21 17:15:49 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Feb 21 17:15:49 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Feb 21 17:15:49 2012 Local Options hash (VER=V4): '272f1b58'
Tue Feb 21 17:15:49 2012 Expected Remote Options hash (VER=V4): 'a2e63101'
Tue Feb 21 17:15:49 2012 UDPv4 link local: [undef]
Tue Feb 21 17:15:49 2012 UDPv4 link remote: 70.xx.xx.xx:1194

That is as far as I can get. I always see "Connecting" at the top of the connect window but never actually get connected. Either I really messed up somewhere or am totally confused as to how OpenVPN should be used.

Any assistance / recommendations would be greatly appreciated.

Thank you. Peter

Re: Cannot VPN into my Asterisk / CentOS box

Posted: Wed Feb 22, 2012 7:24 am
by maikcat
hi there,

i am not familiar with the easy openvpn scripts but,

are you using pbx1.crt and pbx1.key on both server client?

can you post server config/logs?

Michael.

Re: Cannot VPN into my Asterisk / CentOS box

Posted: Wed Feb 22, 2012 3:09 pm
by peterbata
Hello Michael,

Thanks so much for the prompt reply. I believe that I am using pbx1.crt and pbx1.key on the client side. I reference them in the openvpn gui config file and have placed in the config folder.

As far as what is happening on the server side. I'm at a loss to tell you exactly what is going on there.
I will however, try to figure out how to generate those config/logs that you mention. I have spent most of my time in the Windows environment so the transition has been a little daunting to say the least.

Have a wonderful day. I appreciate your help and input very much.

Peter
maikcat wrote:hi there,

i am not familiar with the easy openvpn scripts but,

are you using pbx1.crt and pbx1.key on both server client?

can you post server config/logs?

Michael.

Re: Cannot VPN into my Asterisk / CentOS box

Posted: Fri Feb 24, 2012 3:38 pm
by peterbata
Regardless of what I do, I am unable to VPN into my PBX server. I have spent the better part of a week trying to figure this out. What frustrates me even more, is when I think that I can setup and VPN into either a WIN2003 / WIN2008 server in approx 5 minutes.

Re: Cannot VPN into my Asterisk / CentOS box

Posted: Mon Feb 27, 2012 11:42 am
by maikcat
hi there,
What frustrates me even more, is when I think that I can setup and VPN into either a WIN2003 / WIN2008 server in approx 5 minutes.
if you can setup your openvpn on windows you can do the following:

create certs/keys on windows platform
copy paste the config to your linux box changing only file locations paths
removing (if any) windows specific directives (f.e route-method exe)
the only thing you must take care on centos is to set selinux in permissive state
and setup iptables to allow traffic (you can disable them also..)

Michael.

Re: Cannot VPN into my Asterisk / CentOS box

Posted: Mon Feb 27, 2012 3:37 pm
by peterbata
Hello again Michael.

Actually, what I meant was that I have setup VPN in the past on several occasions between Windows clients and Windows servers. However, you bring up an interesting suggestion. I will give a try. Thanks again for all the help. I really appreciate the effort. Peter
maikcat wrote:hi there,
What frustrates me even more, is when I think that I can setup and VPN into either a WIN2003 / WIN2008 server in approx 5 minutes.
if you can setup your openvpn on windows you can do the following:

create certs/keys on windows platform
copy paste the config to your linux box changing only file locations paths
removing (if any) windows specific directives (f.e route-method exe)
the only thing you must take care on centos is to set selinux in permissive state
and setup iptables to allow traffic (you can disable them also..)

Michael.

Re: Cannot VPN into my Asterisk / CentOS box

Posted: Fri Aug 03, 2012 7:24 pm
by jimm1909
peterbata wrote:Hello again Michael.

Actually, what I meant was that I have setup VPN in the past on several occasions between Windows clients and Windows servers. However, you bring up an interesting suggestion. I will give a try. Thanks again for all the help. I really appreciate the effort. Peter
maikcat wrote:hi there,
What frustrates me even more, is when I think that I can setup and VPN into either a WIN2003 / WIN2008 server in approx 5 minutes.
if you can setup your openvpn on windows you can do the following:

create certs/keys on windows platform
copy paste the config to your linux box changing only file locations paths
removing (if any) windows specific directives (f.e route-method exe)
the only thing you must take care on centos is to set selinux in permissive state
and setup iptables to allow traffic (you can disable them also..)

Michael.
Hi Peter,

I am struggling with the same issue right now with my Residential Voip and Business Phone System. Did Michael's suggestion help?

What ended up resolving it for you?

Thanks
Jim
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/