Jesper,
Thank you for the reply.
I'm using the tutorial, and confess that I changed attributes trying to fix the problem. I have tried the connection from behind another SME (not sure if it would make a difference) and from a Dialup connection without success.
root]# ls -la /etc/openvpn/
total 56
drwxr-xr-x 3 root root 4096 Feb 24 13:00 .
drwxr-xr-x 45 root root 4096 Feb 24 14:21 ..
-rw-r--r-- 1 root root 1269 Feb 24 10:53 ca.crt
-rw-r--r-- 1 root root 245 Feb 24 10:56 dh1024.pem
drwxr-xr-x 3 root root 4096 Feb 24 10:45 easy-rsa
-rwxr-xr-x 1 root root 104 Nov 17 06:31 logoff.sh
-rwxr-xr-x 1 root root 562 Nov 17 06:32 logoff_user.pl
-rwxr-xr-x 1 root root 378 Feb 24 15:17 openvpn-status.log
-rwx------ 1 root root 198 Feb 24 12:56 openvpn.up
-rw-r--r-- 1 root root 762 Feb 24 13:00 server.conf
-rw-r--r-- 1 root root 3579 Feb 24 10:53 server.crt
-rw-r--r-- 1 root root 891 Feb 24 10:54 server.key
-rwxr-xr-x 1 root root 108 Nov 17 06:32 validate.sh
-rwxr-xr-x 1 root root 1242 Feb 24 09:16 validate_user.pl
my server.conf:
port 1194
dev tap
tls-server
dh dh1024.pem
ca ca.crt
cert server.crt
key server.key
auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh
up ./openvpn.up
mode server
duplicate-cn
ifconfig 192.168.1.1 255.255.255.0
ifconfig-pool 192.168.1.100 192.168.1.200 255.255.255.0 # IP range for openvpn client
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 20"
push "ping-restart 60"
push "dhcp-option DOMAIN XXXXXXX.com" # push the DNS domain suffixpush "dhcp-option DNS 192.168.0.5" # push DNS entries to openvpn clientpush "route 192.168.0.0 255.255.255.0 192.168.1.1" # add route to to protected network
comp-lzo
status-version 2status openvpn-status.log
verb 3
openvpn.up
#!/bin/sh
route del -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.5
route del -net 192.168.1.0 netmask 255.255.255.0 dev tap0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
Where 192.168.0.5 is my server.
My client's file:
port 1194
dev tap0
remote XXXXXXXX.com
tls-client
auth-user-pass
ca ca.crt
cert client.crt
key client.key
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb
I have opened UDP 1194 both TCP and UDP (to see if it would work), iptables -L show it open.
I added the 192.168.1.0/24 and 192.168.0.5 local network.
When trying to connect, the client get stuck right after sending the login/pass.
I re-did the keys many times and var/log/messages show errors as:
kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:96:52:5d:00:04:27:fd:a6:5e:08:00 SRC=200.180.XXX.XXX DST=XXX.XX.XXX.XX LEN=42 TOS=0x00 PREC=0x00 TTL=122 ID=51641 PROTO=UDP SPT=1194 DPT=1194 LEN=22