Can't establish a connection: Connection time out error
Posted: Sun Feb 10, 2013 7:04 pm
Hi!
I bought a Synology NAS recently and I am trying to access is via OpenVPN only when not at home. Therefore I installed XCA and generated keys and certificated in accordance to the OpenVPN Wiki (entry in german language). After that I installed OpenVPN GUI on my notebook and used the pkcs file. Works perfectly. I then tried the official OpenVPN Connect App for my Android smartphone and it worked perfectly again. So I believe my certificates generated in XCA as well as the server setup seem to be ok.
But I cannot get OpenVPN Connect to work on my iPad (iOS 5.1, i think). I basically tried to different ways with exactly the same result.
To start, here is my server configuration file:
This is the file Synology automatically generates when installing the VPN-package. The only thing I altered is the path to the pkcs file. It seems to work ok for my Windows notebook and Android phone as clients.
Now for my tries on the iPad
1. try with pkcs file
I opened up the client pkcs in Safari and installed the certificate on the iPad.
I then used iTunes' file exchange system to hand over my client pkcs file to the OpenVPN Connect App as well as my openvpn.ovpn file which looks like that:
Once again, this is the openvpn.ovpn file generated by Synology on which I only altered the file pathes and names.
After importing this profile and selecting the previously installed certificate in the Connect app I got an parsing error stating that the format of my pksc file is invalid. I searched the internet and came accross others with this problem. The suggested solution to this problem was to generate a sperare ca file and include this in the openvpn.opvn profile additionally to the pkcs file. So the only change to the openvpn.ovpn file was the additional line to the ca.crt next to the pkcs call:
Of course I copied the ca.crt to the iPad previously via iTunes file exchange to OpenVPN Connect.
Now the app starts to establish a connection but it stops at the status "Pulling settings from the server" for a while then giving me an Connection Timeout error.
The app's log looks like this
2. try: no pkcs but seperate ca, cert and key files
Ok, now I started by uninstalling all previous profiles and certs as well as all files from the iPad's OpenVPN app. Instead of creating a single .p12 file from XCA, I now create seperate ca.crt, client.crt and key.crt files (all in PEM format). After that I open the openvpn.opvn and copy all the content of ca, key and client files into the .ovpn file as it is suggested in the OpenVPN Connect help.
My openvpn.ovpn file now looks like this
The result is exactly the same as in my first try: connection time out error.
So, I am a little at a loss on what to do now. The setup works perfectly for OpenVPN GUI (windows) and OpenVPN Connect (Android) but it cannot connect to OpenVPN for iOS.
Any ideas?
Thank you very much
I bought a Synology NAS recently and I am trying to access is via OpenVPN only when not at home. Therefore I installed XCA and generated keys and certificated in accordance to the OpenVPN Wiki (entry in german language). After that I installed OpenVPN GUI on my notebook and used the pkcs file. Works perfectly. I then tried the official OpenVPN Connect App for my Android smartphone and it worked perfectly again. So I believe my certificates generated in XCA as well as the server setup seem to be ok.
But I cannot get OpenVPN Connect to work on my iPad (iOS 5.1, i think). I basically tried to different ways with exactly the same result.
To start, here is my server configuration file:
Code: Select all
comp-lzo
push "route 192.168.2.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0
dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh1024.pem
pkcs12 /var/packages/VPNCenter/target/etc/openvpn/keys/server.p12
max-clients 5
persist-tun
persist-key
verb 3
#log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn
Now for my tries on the iPad
1. try with pkcs file
I opened up the client pkcs in Safari and installed the certificate on the iPad.
I then used iTunes' file exchange system to hand over my client pkcs file to the OpenVPN Connect App as well as my openvpn.ovpn file which looks like that:
Code: Select all
dev tun
tls-client
remote my.server_address 1194
pull
proto udp
script-security 2
pkcs client.p12
comp-lzo
reneg-sec 0
auth-user-pass
After importing this profile and selecting the previously installed certificate in the Connect app I got an parsing error stating that the format of my pksc file is invalid. I searched the internet and came accross others with this problem. The suggested solution to this problem was to generate a sperare ca file and include this in the openvpn.opvn profile additionally to the pkcs file. So the only change to the openvpn.ovpn file was the additional line to the ca.crt next to the pkcs call:
Code: Select all
ca ca.crt
pkcs client.p12
Now the app starts to establish a connection but it stops at the status "Pulling settings from the server" for a while then giving me an Connection Timeout error.
The app's log looks like this
Code: Select all
Sending PUSH_REQUEST to server...
EVENT: CONNECTION_TIMEOUT [ERR]
EVENT: DISCONNECTED
Ok, now I started by uninstalling all previous profiles and certs as well as all files from the iPad's OpenVPN app. Instead of creating a single .p12 file from XCA, I now create seperate ca.crt, client.crt and key.crt files (all in PEM format). After that I open the openvpn.opvn and copy all the content of ca, key and client files into the .ovpn file as it is suggested in the OpenVPN Connect help.
My openvpn.ovpn file now looks like this
Code: Select all
dev tun
tls-client
remote server_address 1194
pull
proto udp
script-security 2
<ca>
-----BEGIN CERTIFICATE-----
.... content here ....
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
.... content here ....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
.... content here ....
-----END RSA PRIVATE KEY-----
</key>
comp-lzo
reneg-sec 0
auth-user-pass
So, I am a little at a loss on what to do now. The setup works perfectly for OpenVPN GUI (windows) and OpenVPN Connect (Android) but it cannot connect to OpenVPN for iOS.
Any ideas?
Thank you very much