Open VPN - need some help install/configuring.

Bryan O'Neal BONeal at cornerstonehome.com
Wed Jun 18 16:16:27 MST 2008 

Eventually I edited the iptables to add something like '-A
RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5525 -d
10.8.0.1 -j ACCEPT', then I restarted 'service iptables restart',
checked the status 'service iptables status', verified it worked from my
vpn and not from the outside world, saved it for good measure 'service
iptables save', exported it 'iptables-save > firewall-config' so I can
restore it when I need to using 'iptables-restore < firewall-config'
 
It works for now.
 

________________________________

From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of
Bryan O'Neal
Sent: Wednesday, June 18, 2008 2:01 PM
To: obnosis at gmail.com; Main PLUG discussion list
Subject: RE: Open VPN - need some help install/configuring.


It is the openvpn default.  I am using a class c for the dhcp, but I do
not want to conflict with the more common 192.168.x.x  I could have
picked something else like 172.22.72.x but it was the default so I left
it while trying to figure out how to get it to work.  The error ended up
being caused by the lack of the following line in my client's conf
'ns-cert-type server '
 
But thank you :)

________________________________

From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Lisa
Kachold
Sent: Wednesday, June 18, 2008 12:46 PM
To: Main PLUG discussion list
Subject: Re: Open VPN - need some help install/configuring.


Bryon,

Verify this subnet mask?  It looks like it's a class B address with a C
mask.

Wed Jun 18 08:42:41 2008 /sbin/route add -net 10.8.0.0 netmask
255.255.255.0 gw 10.8.0.2

That would certainly cause Error 4.

Bryan O'Neal <BONeal at cornerstonehome.com> wrote: 

	So I installed Open VPN on my server (Cent OS) and I installed
openvpn
	on my desktop (WinXP) and I am trying to connect them. I
generated all
	of my key files and certs on my server and copied the client
key, cert,
	and server ca.crt to my client, I believe I have everything
configured
	correctly, but it does not connect. Also on the windows side it
	indicates my tun adaptor is not connected. Perhaps one of you
can tell
	me where I went wrong.
	
	And yes, I did try shut down my windows firewall and my server
iptables
	
	Flushing firewall rules: [ OK
	]
	Setting chains to policy ACCEPT: filter [ OK
	]
	Unloading iptables modules: [ OK
	]
	
	Here is what I see from my client (windows) 
	Wed Jun 18 08:57:15 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
	built on Oct 1 2006
	Wed Jun 18 08:57:15 2008 IMPORTANT: OpenVPN's default port
	number is now 1194, based on an official port number assignment
by IANA.
	OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
	Wed Jun 18 08:57:15 2008 WARNING: No server certificate
	verification method has been enabled. See
	http://openvpn.net/howto.html#mitm for more info.
	Wed Jun 18 08:57:15 2008 LZO compression initialized
	Wed Jun 18 08:57:15 2008 Control Channel MTU parms [ L:1542
	D:138 EF:38 EB:0 ET:0 EL:0 ]
	Wed Jun 18 08:57:15 2008 Data Channel MTU parms [ L:1542 D:1450
	EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	Wed Jun 18 08:57:15 2008 Local Options hash (VER=V4): '41690919'
	Wed Jun 18 08:57:15 2008 Expected Remote Options hash (VER=V4):
	'530fdded'
	Wed Jun 18 08:57:15 2008 UDPv4 link local: [undef]
	Wed Jun 18 08:57:15 2008 UDPv4 link remote: 208.109.28.232:1194
	Wed Jun 18 08:57:15 2008 read UDPv4: Connection reset by peer
	(WSAECONNRESET) (code=10054) 
	...
	Wed Jun 18 08:58:13 2008 read UDPv4: Connection reset by peer
	(WSAECONNRESET) (code=10054)
	Wed Jun 18 08:58:14 2008 TLS Error: TLS key negotiation failed
	to occur within 60 seconds (check your network connectivity)
	Wed Jun 18 08:58:14 2008 TLS Error: TLS handshake failed
	Wed Jun 18 08:58:14 2008 TCP/UDP: Closing socket
	Wed Jun 18 08:58:14 2008 SIGUSR1[soft,tls-error] received,
	process restarting
	Wed Jun 18 08:58:14 2008 Restart pause, 2 second(s)
	Wed Jun 18 08:58:16 2008 IMPORTANT: OpenVPN's default port
	number is now 1194, based on an official port number assignment
by IANA.
	OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
	Wed Jun 18 08:58:16 2008 WARNING: No server certificate
	verification method has been enabled. See
	http://openvpn.net/howto.html#mitm for more info.
	Wed Jun 18 08:58:16 2008 Re-using SSL/TLS context
	Wed Jun 18 08:58:16 2008 LZO compression initialized
	Wed Jun 18 08:58:16 2008 Control Channel MTU parms [ L:1542
	D:138 EF:38 EB:0 ET:0 EL:0 ]
	Wed Jun 18 08:58:16 2008 Data Channel MTU parms [ L:1542 D:1450
	EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	Wed Jun 18 08:58:16 2008 Local Options hash (VER=V4): '41690919'
	Wed Jun 18 08:58:16 2008 Expected Remote Options hash (VER=V4):
	'530fdded'
	Wed Jun 18 08:58:16 2008 UDPv4 link local: [undef]
	Wed Jun 18 08:58:16 2008 UDPv4 link remote: 208.109.28.232:1194
	Wed Jun 18 08:58:16 2008 read UDPv4: Connection reset by peer
	(WSAECONNRESET) (code=10054)
	...
	
	From my server
	Openvpn-status.log
	OpenVPN CLIENT LIST
	Updated,Wed Jun 18 08:58:45 2008
	Common Name,Real Address,Bytes Received,Bytes Sent,Connected
	Since
	ROUTING TABLE
	Virtual Address,Common Name,Real Address,Last Ref
	GLOBAL STATS
	Max bcast/mcast queue length,0
	END
	Openvpn.log
	Wed Jun 18 08:42:41 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
	[SSL] [LZO] [EPOLL] built on Jun 16 2008
	Wed Jun 18 08:42:41 2008 Diffie-Hellman initialized with 1024
	bit key
	Wed Jun 18 08:42:41 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
	EB:0 ET:0 EL:0 ]
	Wed Jun 18 08:42:41 2008 TUN/TAP device tun0 opened 
	Wed Jun 18 08:42:41 2008 /sbin/ifconfig tun0 10.8.0.1
	pointopoint 10.8.0.2 mtu 1500
	Wed Jun 18 08:42:41 2008 /sbin/route add -net 10.8.0.0 netmask
	255.255.255.0 gw 10.8.0.2
	Wed Jun 18 08:42:41 2008 Data Channel MTU parms [ L:1542 D:1450
	EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	Wed Jun 18 08:42:41 2008 UDPv4 link local (bound):
	208.109.28.226:1194
	Wed Jun 18 08:42:41 2008 UDPv4 link remote: [undef]
	Wed Jun 18 08:42:41 2008 MULTI: multi_init called, r=256 v=256
	Wed Jun 18 08:42:41 2008 IFCONFIG POOL: base=10.8.0.4 size=62
	Wed Jun 18 08:42:41 2008 IFCONFIG POOL LIST
	Wed Jun 18 08:42:41 2008 Initialization Sequence Completed
	Wed Jun 18 08:45:35 2008 event_wait : Interrupted system call
	(code=4)
	Wed Jun 18 08:45:35 2008 TCP/UDP: Closing socket
	Wed Jun 18 08:45:35 2008 /sbin/route del -net 10.8.0.0 netmask
	255.255.255.0
	Wed Jun 18 08:45:35 2008 Closing TUN/TAP interface
	Wed Jun 18 08:45:35 2008 SIGINT[hard,] received, process exiting
	Wed Jun 18 08:56:18 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
	[SSL] [LZO] [EPOLL] built on Jun 16 2008
	Wed Jun 18 08:56:18 2008 Diffie-Hellman initialized with 1024
	bit key
	Wed Jun 18 08:56:18 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
	EB:0 ET:0 EL:0 ]
	Wed Jun 18 08:56:18 2008 TUN/TAP device tun0 opened
	Wed Jun 18 08:56:18 2008 /sbin/ifconfig tun0 10.8.0.1
	pointopoint 10.8.0.2 mtu 1500
	Wed Jun 18 08:56:18 2008 /sbin/route add -net 10.8.0.0 netmask
	255.255.255.0 gw 10.8.0.2
	Wed Jun 18 08:56:18 2008 Data Channel MTU parms [ L:1542 D:1450
	EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	Wed Jun 18 08:56:18 2008 UDPv4 link local (bound):
	208.109.28.226:1194
	Wed Jun 18 08:56:18 2008 UDPv4 link remote: [undef]
	Wed Jun 18 08:56:18 2008 MULTI: multi_init called, r=256 v=256
	Wed Jun 18 08:56:18 2008 IFCONFIG POOL: base=10.8.0.4 size=62
	Wed Jun 18 08:56:18 2008 IFCONFIG POOL LIST
	Wed Jun 18 08:56:18 2008 Initialization Sequence Completed
	Wed Jun 18 08:56:25 2008 event_wait : Interrupted system call
	(code=4)
	Wed Jun 18 08:56:25 2008 TCP/UDP: Closing socket
	Wed Jun 18 08:56:25 2008 /sbin/route del -net 10.8.0.0 netmask
	255.255.255.0
	Wed Jun 18 08:56:25 2008 Closing TUN/TAP interface
	Wed Jun 18 08:56:25 2008 SIGINT[hard,] received, process exiting
	Wed Jun 18 08:56:35 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
	[SSL] [LZO] [EPOLL] built on Jun 16 2008
	Wed Jun 18 08:56:35 2008 Diffie-Hellman initialized with 1024
	bit key
	Wed Jun 18 08:56:35 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
	EB:0 ET:0 EL:0 ]
	Wed Jun 18 08:56:35 2008 TUN/TAP device tun0 opened
	Wed Jun 18 08:56:35 2008 /sbin/ifconfig tun0 10.8.0.1
	pointopoint 10.8.0.2 mtu 1500
	Wed Jun 18 08:56:35 2008 /sbin/route add -net 10.8.0.0 netmask
	255.255.255.0 gw 10.8.0.2 
	Wed Jun 18 08:56:35 2008 Data Channel MTU parms [ L:1542 D:1450
	EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	Wed Jun 18 08:56:35 2008 UDPv4 link local (bound):
	208.109.28.226:1194
	Wed Jun 18 08:56:35 2008 UDPv4 link remote: [undef]
	Wed Jun 18 08:56:35 2008 MULTI: multi_init called, r=256 v=256
	Wed Jun 18 08:56:35 2008 IFCONFIG POOL: base=10.8.0.4 size=62
	Wed Jun 18 08:56:35 2008 IFCONFIG POOL LIST
	Wed Jun 18 08:56:35 2008 Initialization Sequence Completed
	Wed Jun 18 08:58:59 2008 event_wait : Interrupted system call
	(code=4)
	Wed Jun 18 08:58:59 2008 TCP/UDP: Closing socket
	Wed Jun 18 08:58:59 2008 /sbin/route del -net 10.8.0.0 netmask
	255.255.255.0
	Wed Jun 18 08:58:59 2008 Closing TUN/TAP interface
	Wed Jun 18 08:58:59 2008 SIGINT[hard,] received, process exiting
	---------------------------------------------------
	PLUG-discuss mailing list -
PLUG-discuss at lists.plug.phoenix.az.us
	To subscribe, unsubscribe, or to change your mail settings:
	http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
	




(602)325-5325 Asterisk
(503)754-4452 Blackberry
EDVO/CDMA on Dell PII Kubuntu 7.10 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080618/00af3459/attachment.html

More information about the PLUG-discuss mailing list