RE: Open VPN - need some help install/configuring.

I thought that warning pertained to hardening the install, and I don't
harden until the wide open version works, but it turns out you were dead
rite, adding ns-cert-type server to my client install seems to have done
the trick. I would have continued to ignore that if it was not for the
fact I had to try it in order to reply.
Thanks :)

________________________________

From: plug-discuss-bounces@lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Lisa
Kachold
Sent: Wednesday, June 18, 2008 9:41 AM
To: Main PLUG discussion list
Subject: Re: Open VPN - need some help install/configuring.


See references to 2 reboots after configuration here with regards to
Linux OpenVPN bridging mode Error 4:
http://forum.pfsense.org/index.php?topic=1990.45
What mode are you attempting?

See this message in your Windows log:
Wed Jun 18 08:57:15 2008 WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.

Of course when you get the verification method right on both sides it's
probably going to work.

Also, what ports do you have open? You would want to verify that
whatever is listening and sending port traffic is open by using these
commands:

1) tcpdump [in one window on the linux side] (pipe to a file to watch
the transactions and verify all ports are open)
2) lsof [linux side]
3) netstat -anp [linux side] netstat - [windows side]

Check:
Check your configurations against his:
http://openvpn.net/archive/openvpn-users/2006-01/msg00101.html
iptables (flush the tables or turn down the firewall from /etc/init.d/
selinux (hopefully permissive if using?)

Bryan O'Neal <BONeal@cornerstonehome.com> wrote:

    So I installed Open VPN on my server (Cent OS) and I installed
openvpn
    on my desktop (WinXP) and I am trying to connect them. I
generated all
    of my key files and certs on my server and copied the client
key, cert,
    and server ca.crt to my client, I believe I have everything
configured
    correctly, but it does not connect. Also on the windows side it
    indicates my tun adaptor is not connected. Perhaps one of you
can tell
    me where I went wrong.

    

    And yes, I did try shut down my windows firewall and my server
iptables

    

    Flushing firewall rules: [ OK
    ]
    Setting chains to policy ACCEPT: filter [ OK
    ]
    Unloading iptables modules: [ OK
    ]

    

    Here is what I see from my client (windows) 
    Wed Jun 18 08:57:15 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
    built on Oct 1 2006
    Wed Jun 18 08:57:15 2008 IMPORTANT: OpenVPN's default port
    number is now 1194, based on an official port number assignment
by IANA.
    OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Jun 18 08:57:15 2008 WARNING: No server certificate
    verification method has been enabled. See
    http://openvpn.net/howto.html#mitm for more info.
    Wed Jun 18 08:57:15 2008 LZO compression initialized
    Wed Jun 18 08:57:15 2008 Control Channel MTU parms [ L:1542
    D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 18 08:57:15 2008 Data Channel MTU parms [ L:1542 D:1450
    EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 18 08:57:15 2008 Local Options hash (VER=V4): '41690919'
    Wed Jun 18 08:57:15 2008 Expected Remote Options hash (VER=V4):
    '530fdded'
    Wed Jun 18 08:57:15 2008 UDPv4 link local: [undef]
    Wed Jun 18 08:57:15 2008 UDPv4 link remote: 208.109.28.232:1194
    Wed Jun 18 08:57:15 2008 read UDPv4: Connection reset by peer
    (WSAECONNRESET) (code=10054) 
    ...
    Wed Jun 18 08:58:13 2008 read UDPv4: Connection reset by peer
    (WSAECONNRESET) (code=10054)
    Wed Jun 18 08:58:14 2008 TLS Error: TLS key negotiation failed
    to occur within 60 seconds (check your network connectivity)
    Wed Jun 18 08:58:14 2008 TLS Error: TLS handshake failed
    Wed Jun 18 08:58:14 2008 TCP/UDP: Closing socket
    Wed Jun 18 08:58:14 2008 SIGUSR1[soft,tls-error] received,
    process restarting
    Wed Jun 18 08:58:14 2008 Restart pause, 2 second(s)
    Wed Jun 18 08:58:16 2008 IMPORTANT: OpenVPN's default port
    number is now 1194, based on an official port number assignment
by IANA.
    OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Jun 18 08:58:16 2008 WARNING: No server certificate
    verification method has been enabled. See
    http://openvpn.net/howto.html#mitm for more info.
    Wed Jun 18 08:58:16 2008 Re-using SSL/TLS context
    Wed Jun 18 08:58:16 2008 LZO compression initialized
    Wed Jun 18 08:58:16 2008 Control Channel MTU parms [ L:1542
    D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 18 08:58:16 2008 Data Channel MTU parms [ L:1542 D:1450
    EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 18 08:58:16 2008 Local Options hash (VER=V4): '41690919'
    Wed Jun 18 08:58:16 2008 Expected Remote Options hash (VER=V4):
    '530fdded'
    Wed Jun 18 08:58:16 2008 UDPv4 link local: [undef]
    Wed Jun 18 08:58:16 2008 UDPv4 link remote: 208.109.28.232:1194
    Wed Jun 18 08:58:16 2008 read UDPv4: Connection reset by peer
    (WSAECONNRESET) (code=10054)
    ...

    

    From my server
    Openvpn-status.log
    OpenVPN CLIENT LIST
    Updated,Wed Jun 18 08:58:45 2008
    Common Name,Real Address,Bytes Received,Bytes Sent,Connected
    Since
    ROUTING TABLE
    Virtual Address,Common Name,Real Address,Last Ref
    GLOBAL STATS
    Max bcast/mcast queue length,0
    END
    Openvpn.log
    Wed Jun 18 08:42:41 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
    [SSL] [LZO] [EPOLL] built on Jun 16 2008
    Wed Jun 18 08:42:41 2008 Diffie-Hellman initialized with 1024
    bit key
    Wed Jun 18 08:42:41 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
    EB:0 ET:0 EL:0 ]
    Wed Jun 18 08:42:41 2008 TUN/TAP device tun0 opened 
    Wed Jun 18 08:42:41 2008 /sbin/ifconfig tun0 10.8.0.1
    pointopoint 10.8.0.2 mtu 1500
    Wed Jun 18 08:42:41 2008 /sbin/route add -net 10.8.0.0 netmask
    255.255.255.0 gw 10.8.0.2
    Wed Jun 18 08:42:41 2008 Data Channel MTU parms [ L:1542 D:1450
    EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 18 08:42:41 2008 UDPv4 link local (bound):
    208.109.28.226:1194
    Wed Jun 18 08:42:41 2008 UDPv4 link remote: [undef]
    Wed Jun 18 08:42:41 2008 MULTI: multi_init called, r=256 v=256
    Wed Jun 18 08:42:41 2008 IFCONFIG POOL: base=10.8.0.4 size=62
    Wed Jun 18 08:42:41 2008 IFCONFIG POOL LIST
    Wed Jun 18 08:42:41 2008 Initialization Sequence Completed
    Wed Jun 18 08:45:35 2008 event_wait : Interrupted system call
    (code=4)
    Wed Jun 18 08:45:35 2008 TCP/UDP: Closing socket
    Wed Jun 18 08:45:35 2008 /sbin/route del -net 10.8.0.0 netmask
    255.255.255.0
    Wed Jun 18 08:45:35 2008 Closing TUN/TAP interface
    Wed Jun 18 08:45:35 2008 SIGINT[hard,] received, process exiting
    Wed Jun 18 08:56:18 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
    [SSL] [LZO] [EPOLL] built on Jun 16 2008
    Wed Jun 18 08:56:18 2008 Diffie-Hellman initialized with 1024
    bit key
    Wed Jun 18 08:56:18 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
    EB:0 ET:0 EL:0 ]
    Wed Jun 18 08:56:18 2008 TUN/TAP device tun0 opened
    Wed Jun 18 08:56:18 2008 /sbin/ifconfig tun0 10.8.0.1
    pointopoint 10.8.0.2 mtu 1500
    Wed Jun 18 08:56:18 2008 /sbin/route add -net 10.8.0.0 netmask
    255.255.255.0 gw 10.8.0.2
    Wed Jun 18 08:56:18 2008 Data Channel MTU parms [ L:1542 D:1450
    EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 18 08:56:18 2008 UDPv4 link local (bound):
    208.109.28.226:1194
    Wed Jun 18 08:56:18 2008 UDPv4 link remote: [undef]
    Wed Jun 18 08:56:18 2008 MULTI: multi_init called, r=256 v=256
    Wed Jun 18 08:56:18 2008 IFCONFIG POOL: base=10.8.0.4 size=62
    Wed Jun 18 08:56:18 2008 IFCONFIG POOL LIST
    Wed Jun 18 08:56:18 2008 Initialization Sequence Completed
    Wed Jun 18 08:56:25 2008 event_wait : Interrupted system call
    (code=4)
    Wed Jun 18 08:56:25 2008 TCP/UDP: Closing socket
    Wed Jun 18 08:56:25 2008 /sbin/route del -net 10.8.0.0 netmask
    255.255.255.0
    Wed Jun 18 08:56:25 2008 Closing TUN/TAP interface
    Wed Jun 18 08:56:25 2008 SIGINT[hard,] received, process exiting
    Wed Jun 18 08:56:35 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
    [SSL] [LZO] [EPOLL] built on Jun 16 2008
    Wed Jun 18 08:56:35 2008 Diffie-Hellman initialized with 1024
    bit key
    Wed Jun 18 08:56:35 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
    EB:0 ET:0 EL:0 ]
    Wed Jun 18 08:56:35 2008 TUN/TAP device tun0 opened
    Wed Jun 18 08:56:35 2008 /sbin/ifconfig tun0 10.8.0.1
    pointopoint 10.8.0.2 mtu 1500
    Wed Jun 18 08:56:35 2008 /sbin/route add -net 10.8.0.0 netmask
    255.255.255.0 gw 10.8.0.2 
    Wed Jun 18 08:56:35 2008 Data Channel MTU parms [ L:1542 D:1450
    EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 18 08:56:35 2008 UDPv4 link local (bound):
    208.109.28.226:1194
    Wed Jun 18 08:56:35 2008 UDPv4 link remote: [undef]
    Wed Jun 18 08:56:35 2008 MULTI: multi_init called, r=256 v=256
    Wed Jun 18 08:56:35 2008 IFCONFIG POOL: base=10.8.0.4 size=62
    Wed Jun 18 08:56:35 2008 IFCONFIG POOL LIST
    Wed Jun 18 08:56:35 2008 Initialization Sequence Completed
    Wed Jun 18 08:58:59 2008 event_wait : Interrupted system call
    (code=4)
    Wed Jun 18 08:58:59 2008 TCP/UDP: Closing socket
    Wed Jun 18 08:58:59 2008 /sbin/route del -net 10.8.0.0 netmask
    255.255.255.0
    Wed Jun 18 08:58:59 2008 Closing TUN/TAP interface
    Wed Jun 18 08:58:59 2008 SIGINT[hard,] received, process exiting
    ---------------------------------------------------
    PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
    To subscribe, unsubscribe, or to change your mail settings:
    http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

    




(602)325-5325 Asterisk
(503)754-4452 Blackberry
EDVO/CDMA on Dell PII Kubuntu 7.10

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss