Open VPN - need some help install/configuring.

Lisa Kachold l_iesa at yahoo.com
Wed Jun 18 09:41:05 MST 2008 

See references to 2 reboots after configuration here with regards to Linux OpenVPN bridging mode Error 4:
http://forum.pfsense.org/index.php?topic=1990.45
What mode are you attempting?

See this message in your Windows log:
 Wed Jun 18 08:57:15 2008 WARNING: No server certificate
verification method has been enabled.  See
http://openvpn.net/howto.html#mitm for more info.

Of course when you get the verification method right on both sides it's probably going to work.

Also, what ports do you have open?  You would want to verify that whatever is listening and sending port traffic is open by using these commands:

1) tcpdump [in one window on the linux side] (pipe to a file to watch the transactions and verify all ports are open)
2) lsof [linux side]
3) netstat -anp [linux side] netstat - [windows side]

Check:
Check your configurations against his: 
http://openvpn.net/archive/openvpn-users/2006-01/msg00101.html
iptables (flush the tables or turn down the firewall from /etc/init.d/
selinux (hopefully permissive if using?)

Bryan O'Neal <BONeal at cornerstonehome.com> wrote: So I installed Open VPN on my server (Cent OS) and I installed openvpn
on my desktop (WinXP) and I am trying to connect them. I generated all
of my key files and certs on my server and copied the client key, cert,
and server ca.crt to my client,  I believe I have everything configured
correctly, but it does not connect.  Also on the windows side it
indicates my tun adaptor is not connected.  Perhaps one of you can tell
me where I went wrong.

And yes, I did try shut down my windows firewall and my server iptables

 Flushing firewall rules:                                   [  OK
]
 Setting chains to policy ACCEPT: filter                    [  OK
]
 Unloading iptables modules:                                [  OK
]

Here is what I see from my client (windows) 
 Wed Jun 18 08:57:15 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
built on Oct  1 2006
 Wed Jun 18 08:57:15 2008 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
 Wed Jun 18 08:57:15 2008 WARNING: No server certificate
verification method has been enabled.  See
http://openvpn.net/howto.html#mitm for more info.
 Wed Jun 18 08:57:15 2008 LZO compression initialized
 Wed Jun 18 08:57:15 2008 Control Channel MTU parms [ L:1542
D:138 EF:38 EB:0 ET:0 EL:0 ]
 Wed Jun 18 08:57:15 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
 Wed Jun 18 08:57:15 2008 Local Options hash (VER=V4): '41690919'
 Wed Jun 18 08:57:15 2008 Expected Remote Options hash (VER=V4):
'530fdded'
 Wed Jun 18 08:57:15 2008 UDPv4 link local: [undef]
 Wed Jun 18 08:57:15 2008 UDPv4 link remote: 208.109.28.232:1194
 Wed Jun 18 08:57:15 2008 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054) 
...
 Wed Jun 18 08:58:13 2008 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054)
 Wed Jun 18 08:58:14 2008 TLS Error: TLS key negotiation failed
to occur within 60 seconds (check your network connectivity)
 Wed Jun 18 08:58:14 2008 TLS Error: TLS handshake failed
 Wed Jun 18 08:58:14 2008 TCP/UDP: Closing socket
 Wed Jun 18 08:58:14 2008 SIGUSR1[soft,tls-error] received,
process restarting
 Wed Jun 18 08:58:14 2008 Restart pause, 2 second(s)
 Wed Jun 18 08:58:16 2008 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
 Wed Jun 18 08:58:16 2008 WARNING: No server certificate
verification method has been enabled.  See
http://openvpn.net/howto.html#mitm for more info.
 Wed Jun 18 08:58:16 2008 Re-using SSL/TLS context
 Wed Jun 18 08:58:16 2008 LZO compression initialized
 Wed Jun 18 08:58:16 2008 Control Channel MTU parms [ L:1542
D:138 EF:38 EB:0 ET:0 EL:0 ]
 Wed Jun 18 08:58:16 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
 Wed Jun 18 08:58:16 2008 Local Options hash (VER=V4): '41690919'
 Wed Jun 18 08:58:16 2008 Expected Remote Options hash (VER=V4):
'530fdded'
 Wed Jun 18 08:58:16 2008 UDPv4 link local: [undef]
 Wed Jun 18 08:58:16 2008 UDPv4 link remote: 208.109.28.232:1194
 Wed Jun 18 08:58:16 2008 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054)
...

More information about the PLUG-discuss mailing list