Page 1 of 1

Can't establish a connection: Connection time out error

Posted: Sun Feb 10, 2013 7:04 pm
by honu
Hi!
I bought a Synology NAS recently and I am trying to access is via OpenVPN only when not at home. Therefore I installed XCA and generated keys and certificated in accordance to the OpenVPN Wiki (entry in german language). After that I installed OpenVPN GUI on my notebook and used the pkcs file. Works perfectly. I then tried the official OpenVPN Connect App for my Android smartphone and it worked perfectly again. So I believe my certificates generated in XCA as well as the server setup seem to be ok.

But I cannot get OpenVPN Connect to work on my iPad (iOS 5.1, i think). I basically tried to different ways with exactly the same result.

To start, here is my server configuration file:

Code: Select all

comp-lzo
push "route 192.168.2.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0

dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh1024.pem
pkcs12 /var/packages/VPNCenter/target/etc/openvpn/keys/server.p12

max-clients 5
persist-tun
persist-key

verb 3

#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf 
client-cert-not-required 
username-as-common-name
duplicate-cn
This is the file Synology automatically generates when installing the VPN-package. The only thing I altered is the path to the pkcs file. It seems to work ok for my Windows notebook and Android phone as clients.

Now for my tries on the iPad
1. try with pkcs file
I opened up the client pkcs in Safari and installed the certificate on the iPad.
I then used iTunes' file exchange system to hand over my client pkcs file to the OpenVPN Connect App as well as my openvpn.ovpn file which looks like that:

Code: Select all

dev tun
tls-client

remote my.server_address 1194
pull

proto udp
script-security 2

pkcs client.p12

comp-lzo

reneg-sec 0

auth-user-pass
Once again, this is the openvpn.ovpn file generated by Synology on which I only altered the file pathes and names.
After importing this profile and selecting the previously installed certificate in the Connect app I got an parsing error stating that the format of my pksc file is invalid. I searched the internet and came accross others with this problem. The suggested solution to this problem was to generate a sperare ca file and include this in the openvpn.opvn profile additionally to the pkcs file. So the only change to the openvpn.ovpn file was the additional line to the ca.crt next to the pkcs call:

Code: Select all

ca ca.crt
pkcs client.p12
Of course I copied the ca.crt to the iPad previously via iTunes file exchange to OpenVPN Connect.

Now the app starts to establish a connection but it stops at the status "Pulling settings from the server" for a while then giving me an Connection Timeout error.
The app's log looks like this

Code: Select all

Sending PUSH_REQUEST to server...
EVENT: CONNECTION_TIMEOUT [ERR]
EVENT: DISCONNECTED
2. try: no pkcs but seperate ca, cert and key files
Ok, now I started by uninstalling all previous profiles and certs as well as all files from the iPad's OpenVPN app. Instead of creating a single .p12 file from XCA, I now create seperate ca.crt, client.crt and key.crt files (all in PEM format). After that I open the openvpn.opvn and copy all the content of ca, key and client files into the .ovpn file as it is suggested in the OpenVPN Connect help.

My openvpn.ovpn file now looks like this

Code: Select all

dev tun
tls-client

remote server_address 1194

pull

proto udp
script-security 2

<ca>
-----BEGIN CERTIFICATE-----
.... content here ....
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
.... content here ....
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
.... content here ....
-----END RSA PRIVATE KEY-----
</key>

comp-lzo
reneg-sec 0

auth-user-pass
The result is exactly the same as in my first try: connection time out error.


So, I am a little at a loss on what to do now. The setup works perfectly for OpenVPN GUI (windows) and OpenVPN Connect (Android) but it cannot connect to OpenVPN for iOS.

Any ideas?

Thank you very much

Re: Can't establish a connection: Connection time out error

Posted: Sun Feb 10, 2013 7:28 pm
by honu
I just found a solution!

With the pksc approach I altered the openvpn.ovpn file to this as suggested by user gobbli (in another forum but he is around here as well)

Code: Select all

dev tun
tls-client


remote myserver_address 1194

pull

proto udp
script-security 3

ca ca.crt
pkcs12 client_iphone.p12
comp-lzo

reneg-sec 3600

auth-user-pass
ns-cert-type server
Many thanks to gobbli! Awesome, now everything is working.

Re: Can't establish a connection: Connection time out error

Posted: Tue Mar 12, 2013 7:49 am
by habibi
I'm facing a problem on connection timeout. here are my opvn conf:

#OpenVPN Client conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote XXXXXX
pkcs12 habibipad.p12
cipher AES-192-CBC
comp-lzo
verb 3
ns-cert-type server

<ca>
-----BEGIN CERTIFICATE-----
.... content here ...
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
.... content here ...
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
.... content here ...
-----END RSA PRIVATE KEY-----
</key>

Please help