Re: Open VPN - need some help install/configuring.

OT for the thread, but your answer just answered a question I had
about saving my iptables configs that I have been manually setting and
have been too lazy find a solution for.. Awesome! Thanks again!

On Wed, Jun 18, 2008 at 4:16 PM, Bryan O'Neal
<BONeal@cornerstonehome.com> wrote:
> Eventually I edited the iptables to add something like '-A
> RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5525 -d
> 10.8.0.1 -j ACCEPT', then I restarted 'service iptables restart', checked
> the status 'service iptables status', verified it worked from my vpn and not
> from the outside world, saved it for good measure 'service iptables save',
> exported it 'iptables-save > firewall-config' so I can restore it when I
> need to using 'iptables-restore < firewall-config'
>
> It works for now.
>
> ________________________________
> From: plug-discuss-bounces@lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Bryan
> O'Neal
> Sent: Wednesday, June 18, 2008 2:01 PM
> To: obnosis@gmail.com; Main PLUG discussion list
> Subject: RE: Open VPN - need some help install/configuring.
>
> It is the openvpn default. I am using a class c for the dhcp, but I do not
> want to conflict with the more common 192.168.x.x I could have picked
> something else like 172.22.72.x but it was the default so I left it while
> trying to figure out how to get it to work. The error ended up being caused
> by the lack of the following line in my client's conf 'ns-cert-type server '
>
> But thank you :)
> ________________________________
> From: plug-discuss-bounces@lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Lisa
> Kachold
> Sent: Wednesday, June 18, 2008 12:46 PM
> To: Main PLUG discussion list
> Subject: Re: Open VPN - need some help install/configuring.
>
> Bryon,
>
> Verify this subnet mask? It looks like it's a class B address with a C
> mask.
>
> Wed Jun 18 08:42:41 2008 /sbin/route add -net 10.8.0.0 netmask
> 255.255.255.0 gw 10.8.0.2
>
> That would certainly cause Error 4.
>
> Bryan O'Neal <BONeal@cornerstonehome.com> wrote:
>
> So I installed Open VPN on my server (Cent OS) and I installed openvpn
> on my desktop (WinXP) and I am trying to connect them. I generated all
> of my key files and certs on my server and copied the client key, cert,
> and server ca.crt to my client, I believe I have everything configured
> correctly, but it does not connect. Also on the windows side it
> indicates my tun adaptor is not connected. Perhaps one of you can tell
> me where I went wrong.
>
> And yes, I did try shut down my windows firewall and my server iptables
>
> Flushing firewall rules: [ OK
> ]
> Setting chains to policy ACCEPT: filter [ OK
> ]
> Unloading iptables modules: [ OK
> ]
>
> Here is what I see from my client (windows)
> Wed Jun 18 08:57:15 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
> built on Oct 1 2006
> Wed Jun 18 08:57:15 2008 IMPORTANT: OpenVPN's default port
> number is now 1194, based on an official port number assignment by IANA.
> OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
> Wed Jun 18 08:57:15 2008 WARNING: No server certificate
> verification method has been enabled. See
> http://openvpn.net/howto.html#mitm for more info.
> Wed Jun 18 08:57:15 2008 LZO compression initialized
> Wed Jun 18 08:57:15 2008 Control Channel MTU parms [ L:1542
> D:138 EF:38 EB:0 ET:0 EL:0 ]
> Wed Jun 18 08:57:15 2008 Data Channel MTU parms [ L:1542 D:1450
> EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Jun 18 08:57:15 2008 Local Options hash (VER=V4): '41690919'
> Wed Jun 18 08:57:15 2008 Expected Remote Options hash (VER=V4):
> '530fdded'
> Wed Jun 18 08:57:15 2008 UDPv4 link local: [undef]
> Wed Jun 18 08:57:15 2008 UDPv4 link remote: 208.109.28.232:1194
> Wed Jun 18 08:57:15 2008 read UDPv4: Connection reset by peer
> (WSAECONNRESET) (code=10054)
> ...
> Wed Jun 18 08:58:13 2008 read UDPv4: Connection reset by peer
> (WSAECONNRESET) (code=10054)
> Wed Jun 18 08:58:14 2008 TLS Error: TLS key negotiation failed
> to occur within 60 seconds (check your network connectivity)
> Wed Jun 18 08:58:14 2008 TLS Error: TLS handshake failed
> Wed Jun 18 08:58:14 2008 TCP/UDP: Closing socket
> Wed Jun 18 08:58:14 2008 SIGUSR1[soft,tls-error] received,
> process restarting
> Wed Jun 18 08:58:14 2008 Restart pause, 2 second(s)
> Wed Jun 18 08:58:16 2008 IMPORTANT: OpenVPN's default port
> number is now 1194, based on an official port number assignment by IANA.
> OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
> Wed Jun 18 08:58:16 2008 WARNING: No server certificate
> verification method has been enabled. See
> http://openvpn.net/howto.html#mitm for more info.
> Wed Jun 18 08:58:16 2008 Re-using SSL/TLS context
> Wed Jun 18 08:58:16 2008 LZO compression initialized
> Wed Jun 18 08:58:16 2008 Control Channel MTU parms [ L:1542
> D:138 EF:38 EB:0 ET:0 EL:0 ]
> Wed Jun 18 08:58:16 2008 Data Channel MTU parms [ L:1542 D:1450
> EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Jun 18 08:58:16 2008 Local Options hash (VER=V4): '41690919'
> Wed Jun 18 08:58:16 2008 Expected Remote Options hash (VER=V4):
> '530fdded'
> Wed Jun 18 08:58:16 2008 UDPv4 link local: [undef]
> Wed Jun 18 08:58:16 2008 UDPv4 link remote: 208.109.28.232:1194
> Wed Jun 18 08:58:16 2008 read UDPv4: Connection reset by peer
> (WSAECONNRESET) (code=10054)
> ...
>
> From my server
> Openvpn-status.log
> OpenVPN CLIENT LIST
> Updated,Wed Jun 18 08:58:45 2008
> Common Name,Real Address,Bytes Received,Bytes Sent,Connected
> Since
> ROUTING TABLE
> Virtual Address,Common Name,Real Address,Last Ref
> GLOBAL STATS
> Max bcast/mcast queue length,0
> END
> Openvpn.log
> Wed Jun 18 08:42:41 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
> [SSL] [LZO] [EPOLL] built on Jun 16 2008
> Wed Jun 18 08:42:41 2008 Diffie-Hellman initialized with 1024
> bit key
> Wed Jun 18 08:42:41 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
> EB:0 ET:0 EL:0 ]
> Wed Jun 18 08:42:41 2008 TUN/TAP device tun0 opened
> Wed Jun 18 08:42:41 2008 /sbin/ifconfig tun0 10.8.0.1
> pointopoint 10.8.0.2 mtu 1500
> Wed Jun 18 08:42:41 2008 /sbin/route add -net 10.8.0.0 netmask
> 255.255.255.0 gw 10.8.0.2
> Wed Jun 18 08:42:41 2008 Data Channel MTU parms [ L:1542 D:1450
> EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Jun 18 08:42:41 2008 UDPv4 link local (bound):
> 208.109.28.226:1194
> Wed Jun 18 08:42:41 2008 UDPv4 link remote: [undef]
> Wed Jun 18 08:42:41 2008 MULTI: multi_init called, r=256 v=256
> Wed Jun 18 08:42:41 2008 IFCONFIG POOL: base=10.8.0.4 size=62
> Wed Jun 18 08:42:41 2008 IFCONFIG POOL LIST
> Wed Jun 18 08:42:41 2008 Initialization Sequence Completed
> Wed Jun 18 08:45:35 2008 event_wait : Interrupted system call
> (code=4)
> Wed Jun 18 08:45:35 2008 TCP/UDP: Closing socket
> Wed Jun 18 08:45:35 2008 /sbin/route del -net 10.8.0.0 netmask
> 255.255.255.0
> Wed Jun 18 08:45:35 2008 Closing TUN/TAP interface
> Wed Jun 18 08:45:35 2008 SIGINT[hard,] received, process exiting
> Wed Jun 18 08:56:18 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
> [SSL] [LZO] [EPOLL] built on Jun 16 2008
> Wed Jun 18 08:56:18 2008 Diffie-Hellman initialized with 1024
> bit key
> Wed Jun 18 08:56:18 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
> EB:0 ET:0 EL:0 ]
> Wed Jun 18 08:56:18 2008 TUN/TAP device tun0 opened
> Wed Jun 18 08:56:18 2008 /sbin/ifconfig tun0 10.8.0.1
> pointopoint 10.8.0.2 mtu 1500
> Wed Jun 18 08:56:18 2008 /sbin/route add -net 10.8.0.0 netmask
> 255.255.255.0 gw 10.8.0.2
> Wed Jun 18 08:56:18 2008 Data Channel MTU parms [ L:1542 D:1450
> EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Jun 18 08:56:18 2008 UDPv4 link local (bound):
> 208.109.28.226:1194
> Wed Jun 18 08:56:18 2008 UDPv4 link remote: [undef]
> Wed Jun 18 08:56:18 2008 MULTI: multi_init called, r=256 v=256
> Wed Jun 18 08:56:18 2008 IFCONFIG POOL: base=10.8.0.4 size=62
> Wed Jun 18 08:56:18 2008 IFCONFIG POOL LIST
> Wed Jun 18 08:56:18 2008 Initialization Sequence Completed
> Wed Jun 18 08:56:25 2008 event_wait : Interrupted system call
> (code=4)
> Wed Jun 18 08:56:25 2008 TCP/UDP: Closing socket
> Wed Jun 18 08:56:25 2008 /sbin/route del -net 10.8.0.0 netmask
> 255.255.255.0
> Wed Jun 18 08:56:25 2008 Closing TUN/TAP interface
> Wed Jun 18 08:56:25 2008 SIGINT[hard,] received, process exiting
> Wed Jun 18 08:56:35 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
> [SSL] [LZO] [EPOLL] built on Jun 16 2008
> Wed Jun 18 08:56:35 2008 Diffie-Hellman initialized with 1024
> bit key
> Wed Jun 18 08:56:35 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
> EB:0 ET:0 EL:0 ]
> Wed Jun 18 08:56:35 2008 TUN/TAP device tun0 opened
> Wed Jun 18 08:56:35 2008 /sbin/ifconfig tun0 10.8.0.1
> pointopoint 10.8.0.2 mtu 1500
> Wed Jun 18 08:56:35 2008 /sbin/route add -net 10.8.0.0 netmask
> 255.255.255.0 gw 10.8.0.2
> Wed Jun 18 08:56:35 2008 Data Channel MTU parms [ L:1542 D:1450
> EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Jun 18 08:56:35 2008 UDPv4 link local (bound):
> 208.109.28.226:1194
> Wed Jun 18 08:56:35 2008 UDPv4 link remote: [undef]
> Wed Jun 18 08:56:35 2008 MULTI: multi_init called, r=256 v=256
> Wed Jun 18 08:56:35 2008 IFCONFIG POOL: base=10.8.0.4 size=62
> Wed Jun 18 08:56:35 2008 IFCONFIG POOL LIST
> Wed Jun 18 08:56:35 2008 Initialization Sequence Completed
> Wed Jun 18 08:58:59 2008 event_wait : Interrupted system call
> (code=4)
> Wed Jun 18 08:58:59 2008 TCP/UDP: Closing socket
> Wed Jun 18 08:58:59 2008 /sbin/route del -net 10.8.0.0 netmask
> 255.255.255.0
> Wed Jun 18 08:58:59 2008 Closing TUN/TAP interface
> Wed Jun 18 08:58:59 2008 SIGINT[hard,] received, process exiting
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> (602)325-5325 Asterisk
> (503)754-4452 Blackberry
> EDVO/CDMA on Dell PII Kubuntu 7.10
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss