Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: Open VPN error when connecting
« previous next »
Pages: [1]   Go Down

Open VPN error when connecting

  • 8 Replies
  • 8375 Views

Offline shawnbishop

  • *****
  • 298
  • +0/-0
Open VPN error when connecting
« on: October 09, 2007, 11:39:35 AM »
Good day

I am using OpenVPN and using OpenVPN client 2.0.9 from the openvpn.se site

When I try to connect I get the following error
connection reset by peer

Tue Oct 09 11:26:05 2007 us=356163   domain = '[UNDEF]'
Tue Oct 09 11:26:05 2007 us=356172   netbios_scope = '[UNDEF]'
Tue Oct 09 11:26:05 2007 us=356180   netbios_node_type = 0
Tue Oct 09 11:26:05 2007 us=356189   disable_nbt = DISABLED
Tue Oct 09 11:26:05 2007 us=399980 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Oct 09 11:26:35 2007 us=740722 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Oct 09 11:26:35 2007 us=770516 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:26:35 2007 us=770540 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:26:35 2007 us=841552 LZO compression initialized
Tue Oct 09 11:26:35 2007 us=860599 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Oct 09 11:26:38 2007 us=371186 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Oct 09 11:26:38 2007 us=397406 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Oct 09 11:26:38 2007 us=397432 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Oct 09 11:26:38 2007 us=425961 Local Options hash (VER=V4): '13a273ba'
Tue Oct 09 11:26:38 2007 us=425997 Expected Remote Options hash (VER=V4): '360696c5'
Tue Oct 09 11:26:38 2007 us=426046 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 09 11:26:38 2007 us=426872 UDPv4 link local: [undef]
Tue Oct 09 11:26:38 2007 us=426888 UDPv4 link remote: 41.243.241.12:1194
Tue Oct 09 11:27:38 2007 us=944765 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Oct 09 11:27:38 2007 us=944811 TLS Error: TLS handshake failed
Tue Oct 09 11:27:38 2007 us=945769 TCP/UDP: Closing socket
Tue Oct 09 11:27:38 2007 us=946237 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 09 11:27:38 2007 us=946256 Restart pause, 2 second(s)
Tue Oct 09 11:27:40 2007 us=990859 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Oct 09 11:27:40 2007 us=990907 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:27:40 2007 us=990923 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:27:40 2007 us=990950 LZO compression initialized
Tue Oct 09 11:27:40 2007 us=991016 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Oct 09 11:27:41 2007 us=373580 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Oct 09 11:27:41 2007 us=373639 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Oct 09 11:27:41 2007 us=373653 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Oct 09 11:27:41 2007 us=373679 Local Options hash (VER=V4): '13a273ba'
Tue Oct 09 11:27:41 2007 us=373696 Expected Remote Options hash (VER=V4): '360696c5'
Tue Oct 09 11:27:41 2007 us=373735 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 09 11:27:41 2007 us=373753 UDPv4 link local: [undef]
Tue Oct 09 11:27:41 2007 us=373765 UDPv4 link remote: 41.243.240.178:1194
Tue Oct 09 11:27:41 2007 us=399752 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:43 2007 us=427323 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:45 2007 us=459354 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:47 2007 us=489637 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:49 2007 us=520797 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:51 2007 us=552516 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:53 2007 us=976862 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:56 2007 us=379844 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:58 2007 us=785998 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:01 2007 us=192173 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:02 2007 us=395198 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:04 2007 us=863822 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:07 2007 us=332426 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:09 2007 us=801113 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:12 2007 us=269704 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:13 2007 us=504055 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:15 2007 us=879026 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:18 2007 us=253872 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:19 2007 us=441317 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:21 2007 us=816174 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:24 2007 us=191206 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:25 2007 us=347259 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:27 2007 us=659711 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:29 2007 us=972018 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:32 2007 us=284392 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:33 2007 us=440632 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:35 2007 us=510479 TCP/UDP: Closing socket
Tue Oct 09 11:28:35 2007 us=510767 SIGTERM[hard,] received, process exiting

The server was working a couple of weeks ago since I last used it, I am not aware if the server did nay YUM updates...

I have checked through the forum and there doesnt appear to be a resolution??

REgards
Shawn
Logged

Offline TrevorB

  • *
  • 259
  • +0/-0
    • http://www.batley.id.au
Re: Open VPN error when connecting
« Reply #1 on: October 09, 2007, 12:01:02 PM »
It looks like you have some TLS errors

Quote from: from a useful site I have found on OpenVPN
TLS Error: TLS key negotiation failed to occur within 60 seconds.
TLS Error: TLS handshake failed

This could mean your packets are being blocked by a firewall, your certificates on both ends don't match, or the IPs or subnet masks are wrong in your config files. A common problem is that users forget that Windows XP now comes with its own firewall enabled by default. Check to make sure Norton Security or some other security program is not running on the Windows client. It may be necessary to log out of Windows and login again before the changes take effect.

My guess would be certificates (can/will be regenerated if some config items have changed on your server - eg. server name, domain).

Good Luck
Trevor B
Logged

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Open VPN error when connecting
« Reply #2 on: October 09, 2007, 12:07:10 PM »
Do you have access to the server-manager without the openvpn connection? It seems that your server is resetting the connection, there should be a clue in the log files, which can be viewed using the server-manager or a (remote) SSH connection form the server shell.

Perhaps there are clues in the /var/log/openvpn/server-bridge.log or the /var/log/messages file.
Logged
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline shawnbishop

  • *****
  • 298
  • +0/-0
Re: Open VPN error when connecting
« Reply #3 on: October 09, 2007, 05:40:39 PM »
Great

THanks guys, will have a look, come to think of it all the users had Nortons on their laptops...will check
Logged

Offline shawnbishop

  • *****
  • 298
  • +0/-0
Re: Open VPN error when connecting
« Reply #4 on: October 12, 2007, 10:42:57 AM »
Good day

I still seem to be having this error, I disabled the firewall on the Windows box.

Other users can connect to the VPN, so it must be an issue with the MS Windoze box, this is the config

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my-server-1 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20


And the log file from the connection is

Fri Oct 12 10:37:26 2007 us=166948 Current Parameter Settings:
Fri Oct 12 10:37:26 2007 us=167014   config = 'client.ovpn'
Fri Oct 12 10:37:26 2007 us=167024   mode = 0
Fri Oct 12 10:37:26 2007 us=167033   show_ciphers = DISABLED
Fri Oct 12 10:37:26 2007 us=167043   show_digests = DISABLED
Fri Oct 12 10:37:26 2007 us=167052   show_engines = DISABLED
Fri Oct 12 10:37:26 2007 us=167061   genkey = DISABLED
Fri Oct 12 10:37:26 2007 us=167070   key_pass_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167080   show_tls_ciphers = DISABLED
Fri Oct 12 10:37:26 2007 us=167088   proto = 0
Fri Oct 12 10:37:26 2007 us=167097   local = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167108   remote_list[0] = {'my-server-1', 1194}
Fri Oct 12 10:37:26 2007 us=167119   remote_list[1] = {'bandbmanagement.dyndns.org', 1194}
Fri Oct 12 10:37:26 2007 us=167129   remote_random = DISABLED
Fri Oct 12 10:37:26 2007 us=167138   local_port = 1194
Fri Oct 12 10:37:26 2007 us=167148   remote_port = 1194
Fri Oct 12 10:37:26 2007 us=167156   remote_float = DISABLED
Fri Oct 12 10:37:26 2007 us=167165   ipchange = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167176   bind_local = DISABLED
Fri Oct 12 10:37:26 2007 us=167186   dev = 'tap'
Fri Oct 12 10:37:26 2007 us=167195   dev_type = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167204   dev_node = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167214   tun_ipv6 = DISABLED
Fri Oct 12 10:37:26 2007 us=167223   ifconfig_local = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167232   ifconfig_remote_netmask = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167242   ifconfig_noexec = DISABLED
Fri Oct 12 10:37:26 2007 us=167251   ifconfig_nowarn = DISABLED
Fri Oct 12 10:37:26 2007 us=167260   shaper = 0
Fri Oct 12 10:37:26 2007 us=167269   tun_mtu = 1500
Fri Oct 12 10:37:26 2007 us=167286   tun_mtu_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=167295   link_mtu = 1500
Fri Oct 12 10:37:26 2007 us=167305   link_mtu_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=167314   tun_mtu_extra = 32
Fri Oct 12 10:37:26 2007 us=167324   tun_mtu_extra_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=167332   fragment = 0
Fri Oct 12 10:37:26 2007 us=167342   mtu_discover_type = -1
Fri Oct 12 10:37:26 2007 us=167350   mtu_test = 1
Fri Oct 12 10:37:26 2007 us=167359   mlock = DISABLED
Fri Oct 12 10:37:26 2007 us=167369   keepalive_ping = 0
Fri Oct 12 10:37:26 2007 us=167378   keepalive_timeout = 0
Fri Oct 12 10:37:26 2007 us=167387   inactivity_timeout = 0
Fri Oct 12 10:37:26 2007 us=167397   ping_send_timeout = 0
Fri Oct 12 10:37:26 2007 us=167408   ping_rec_timeout = 120
Fri Oct 12 10:37:26 2007 us=167418   ping_rec_timeout_action = 2
Fri Oct 12 10:37:26 2007 us=167427   ping_timer_remote = DISABLED
Fri Oct 12 10:37:26 2007 us=167438   remap_sigusr1 = 0
Fri Oct 12 10:37:26 2007 us=167448   explicit_exit_notification = 0
Fri Oct 12 10:37:26 2007 us=167458   persist_tun = ENABLED
Fri Oct 12 10:37:26 2007 us=167468   persist_local_ip = DISABLED
Fri Oct 12 10:37:26 2007 us=167478   persist_remote_ip = DISABLED
Fri Oct 12 10:37:26 2007 us=167489   persist_key = ENABLED
Fri Oct 12 10:37:26 2007 us=167498   mssfix = 1450
Fri Oct 12 10:37:26 2007 us=167508   resolve_retry_seconds = 1000000000
Fri Oct 12 10:37:26 2007 us=167519   connect_retry_seconds = 5
Fri Oct 12 10:37:26 2007 us=167528   username = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167538   groupname = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167548   chroot_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167558   cd_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167568   writepid = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167578   up_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167588   down_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167598   down_pre = DISABLED
Fri Oct 12 10:37:26 2007 us=167608   up_restart = DISABLED
Fri Oct 12 10:37:26 2007 us=167618   up_delay = DISABLED
Fri Oct 12 10:37:26 2007 us=167628   daemon = DISABLED
Fri Oct 12 10:37:26 2007 us=167637   inetd = 0
Fri Oct 12 10:37:26 2007 us=167646   log = DISABLED
Fri Oct 12 10:37:26 2007 us=167656   suppress_timestamps = DISABLED
Fri Oct 12 10:37:26 2007 us=359472   nice = 0
Fri Oct 12 10:37:26 2007 us=359492   verbosity = 4
Fri Oct 12 10:37:26 2007 us=359501   mute = 0
Fri Oct 12 10:37:26 2007 us=359509   gremlin = 0
Fri Oct 12 10:37:26 2007 us=359519   status_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=359527   status_file_version = 1
Fri Oct 12 10:37:26 2007 us=359536   status_file_update_freq = 60
Fri Oct 12 10:37:26 2007 us=359545   occ = ENABLED
Fri Oct 12 10:37:26 2007 us=359553   rcvbuf = 0
Fri Oct 12 10:37:26 2007 us=359561   sndbuf = 0
Fri Oct 12 10:37:26 2007 us=359571   socks_proxy_server = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=359586   socks_proxy_port = 0
Fri Oct 12 10:37:26 2007 us=359595   socks_proxy_retry = DISABLED
Fri Oct 12 10:37:26 2007 us=359604   fast_io = DISABLED
Fri Oct 12 10:37:26 2007 us=359612   comp_lzo = ENABLED
Fri Oct 12 10:37:26 2007 us=359621   comp_lzo_adaptive = ENABLED
Fri Oct 12 10:37:26 2007 us=359630   route_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=359639   route_default_gateway = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368560   route_noexec = DISABLED
Fri Oct 12 10:37:26 2007 us=368582   route_delay = 0
Fri Oct 12 10:37:26 2007 us=368592   route_delay_window = 30
Fri Oct 12 10:37:26 2007 us=368601   route_delay_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=368611   management_addr = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368620   management_port = 0
Fri Oct 12 10:37:26 2007 us=368630   management_user_pass = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368639   management_log_history_cache = 250
Fri Oct 12 10:37:26 2007 us=368649   management_echo_buffer_size = 100
Fri Oct 12 10:37:26 2007 us=368659   management_query_passwords = DISABLED
Fri Oct 12 10:37:26 2007 us=368669   management_hold = DISABLED
Fri Oct 12 10:37:26 2007 us=368678   shared_secret_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368689   key_direction = 2
Fri Oct 12 10:37:26 2007 us=368698   ciphername_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=368708   ciphername = 'BF-CBC'
Fri Oct 12 10:37:26 2007 us=391982   authname_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=392003   authname = 'SHA1'
Fri Oct 12 10:37:26 2007 us=392012   keysize = 0
Fri Oct 12 10:37:26 2007 us=392021   engine = DISABLED
Fri Oct 12 10:37:26 2007 us=392030   replay = ENABLED
Fri Oct 12 10:37:26 2007 us=392039   mute_replay_warnings = DISABLED
Fri Oct 12 10:37:26 2007 us=392048   replay_window = 64
Fri Oct 12 10:37:26 2007 us=392058   replay_time = 15
Fri Oct 12 10:37:26 2007 us=392067   packet_id_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=392076   use_iv = ENABLED
Fri Oct 12 10:37:26 2007 us=392084   test_crypto = DISABLED
Fri Oct 12 10:37:26 2007 us=392093   tls_server = DISABLED
Fri Oct 12 10:37:26 2007 us=392102   tls_client = ENABLED
Fri Oct 12 10:37:26 2007 us=392111   key_method = 2
Fri Oct 12 10:37:26 2007 us=392120   ca_file = 'ca.crt'
Fri Oct 12 10:37:26 2007 us=392130   dh_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=392140   cert_file = 'chamainebandb.crt'
Fri Oct 12 10:37:26 2007 us=414858   priv_key_file = 'chamainebandb.key'
Fri Oct 12 10:37:26 2007 us=414878   pkcs12_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414888   cryptoapi_cert = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414897   cipher_list = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414906   tls_verify = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414915   tls_remote = 'server'
Fri Oct 12 10:37:26 2007 us=414923   crl_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414932   ns_cert_type = 64
Fri Oct 12 10:37:26 2007 us=414941   tls_timeout = 2
Fri Oct 12 10:37:26 2007 us=414950   renegotiate_bytes = 0
Fri Oct 12 10:37:26 2007 us=414958   renegotiate_packets = 0
Fri Oct 12 10:37:26 2007 us=414968   renegotiate_seconds = 3600
Fri Oct 12 10:37:26 2007 us=414977   handshake_window = 60
Fri Oct 12 10:37:26 2007 us=414985   transition_window = 3600
Fri Oct 12 10:37:26 2007 us=414994   single_session = DISABLED
Fri Oct 12 10:37:26 2007 us=415003   tls_exit = DISABLED
Fri Oct 12 10:37:26 2007 us=440225   tls_auth_file = 'ta.key'
Fri Oct 12 10:37:26 2007 us=440259   server_network = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440270   server_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440281   server_bridge_ip = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440291   server_bridge_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440301   server_bridge_pool_start = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440312   server_bridge_pool_end = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440322   ifconfig_pool_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=440333   ifconfig_pool_start = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440344   ifconfig_pool_end = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440355   ifconfig_pool_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440365   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=440375   ifconfig_pool_persist_refresh_freq = 600
Fri Oct 12 10:37:26 2007 us=440385   ifconfig_pool_linear = DISABLED
Fri Oct 12 10:37:26 2007 us=440394   n_bcast_buf = 256
Fri Oct 12 10:37:26 2007 us=464413   tcp_queue_limit = 64
Fri Oct 12 10:37:26 2007 us=464430   real_hash_size = 256
Fri Oct 12 10:37:26 2007 us=464440   virtual_hash_size = 256
Fri Oct 12 10:37:26 2007 us=464449   client_connect_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464459   learn_address_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464469   client_disconnect_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464478   client_config_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464487   ccd_exclusive = DISABLED
Fri Oct 12 10:37:26 2007 us=464495   tmp_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464505   push_ifconfig_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=464529   push_ifconfig_local = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=464540   push_ifconfig_remote_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=464550   enable_c2c = DISABLED
Fri Oct 12 10:37:26 2007 us=464559   duplicate_cn = DISABLED
Fri Oct 12 10:37:26 2007 us=485138   cf_max = 0
Fri Oct 12 10:37:26 2007 us=485156   cf_per = 0
Fri Oct 12 10:37:26 2007 us=485166   max_clients = 1024
Fri Oct 12 10:37:26 2007 us=485175   max_routes_per_client = 256
Fri Oct 12 10:37:26 2007 us=485184   client_cert_not_required = DISABLED
Fri Oct 12 10:37:26 2007 us=485194   username_as_common_name = DISABLED
Fri Oct 12 10:37:26 2007 us=485204   auth_user_pass_verify_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=485215   auth_user_pass_verify_script_via_file = DISABLED
Fri Oct 12 10:37:26 2007 us=485224   client = ENABLED
Fri Oct 12 10:37:26 2007 us=485232   pull = ENABLED
Fri Oct 12 10:37:26 2007 us=485241   auth_user_pass_file = 'stdin'
Fri Oct 12 10:37:26 2007 us=485255   show_net_up = DISABLED
Fri Oct 12 10:37:26 2007 us=485264   route_method = 0
Fri Oct 12 10:37:26 2007 us=485273   ip_win32_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=485282   ip_win32_type = 3
Fri Oct 12 10:37:26 2007 us=485291   dhcp_masq_offset = 0
Fri Oct 12 10:37:26 2007 us=507245   dhcp_lease_time = 31536000
Fri Oct 12 10:37:26 2007 us=507261   tap_sleep = 0
Fri Oct 12 10:37:26 2007 us=507270   dhcp_options = DISABLED
Fri Oct 12 10:37:26 2007 us=507279   dhcp_renew = DISABLED
Fri Oct 12 10:37:26 2007 us=507287   dhcp_pre_release = DISABLED
Fri Oct 12 10:37:26 2007 us=507296   dhcp_release = DISABLED
Fri Oct 12 10:37:26 2007 us=507304   domain = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=507313   netbios_scope = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=507322   netbios_node_type = 0
Fri Oct 12 10:37:26 2007 us=507330   disable_nbt = DISABLED
Fri Oct 12 10:37:26 2007 us=507351 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Fri Oct 12 10:37:35 2007 us=944666 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Oct 12 10:37:35 2007 us=944709 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 12 10:37:35 2007 us=944725 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 12 10:37:35 2007 us=944753 LZO compression initialized
Fri Oct 12 10:37:35 2007 us=944861 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Oct 12 10:37:38 2007 us=244810 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
Fri Oct 12 10:37:38 2007 us=244850 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Oct 12 10:37:38 2007 us=244894 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Oct 12 10:37:38 2007 us=244908 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Oct 12 10:37:38 2007 us=244940 Local Options hash (VER=V4): '13a273ba'
Fri Oct 12 10:37:38 2007 us=244957 Expected Remote Options hash (VER=V4): '360696c5'
Fri Oct 12 10:37:40 2007 us=491712 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
Fri Oct 12 10:37:40 2007 us=491817 TCP/UDP: Closing socket
Fri Oct 12 10:37:40 2007 us=495031 SIGUSR1[soft,init_instance] received, process restarting
Fri Oct 12 10:37:40 2007 us=495054 Restart pause, 2 second(s)
Fri Oct 12 10:37:42 2007 us=491490 Re-using SSL/TLS context
Fri Oct 12 10:37:42 2007 us=491549 LZO compression initialized
Fri Oct 12 10:37:42 2007 us=491635 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Oct 12 10:37:42 2007 us=849591 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Oct 12 10:37:42 2007 us=849646 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Oct 12 10:37:42 2007 us=849660 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Oct 12 10:37:42 2007 us=849685 Local Options hash (VER=V4): '13a273ba'
Fri Oct 12 10:37:42 2007 us=849702 Expected Remote Options hash (VER=V4): '360696c5'
Fri Oct 12 10:37:42 2007 us=849733 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Oct 12 10:37:42 2007 us=858090 UDPv4 link local: [undef]
Fri Oct 12 10:37:42 2007 us=858116 UDPv4 link remote: 41.243.240.178:1194
Fri Oct 12 10:37:42 2007 us=864089 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:45 2007 us=320153 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:47 2007 us=788792 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:50 2007 us=257477 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:52 2007 us=726017 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:55 2007 us=194740 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:57 2007 us=663297 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:58 2007 us=897678 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:38:00 2007 us=245404 TCP/UDP: Closing socket
Fri Oct 12 10:38:00 2007 us=245576 SIGTERM[hard,] received, process exiting



Cheers

  Thanks for the help
Logged

Offline TrevorB

  • *
  • 259
  • +0/-0
    • http://www.batley.id.au
Re: Open VPN error when connecting
« Reply #5 on: October 12, 2007, 10:52:35 AM »
Quote from: shawnbishop on October 12, 2007, 10:42:57 AM
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my-server-1 1194
;remote my-server-2 1194
<<lots gone>>
Fri Oct 12 10:37:38 2007 us=244810 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
<<more gone>>
Fri Oct 12 10:37:40 2007 us=491712 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
Fri Oct 12 10:37:40 2007 us=491817 TCP/UDP: Closing socket
Fri Oct 12 10:37:40 2007 us=495031 SIGUSR1[soft,init_instance] received, process restarting
Shawn,

It doesn't sem to be resloving my-server-1.

Was this defined in a hosts file that has been deleted? Any other change is dns that may have been supplying the IP address for my-server-1?

Trevor B
Logged

Offline shawnbishop

  • *****
  • 298
  • +0/-0
Re: Open VPN error when connecting
« Reply #6 on: October 15, 2007, 08:30:49 AM »
Good day

The Host that it is trying to connect to is a dyndns hostname, supplied by DynDNS.org.I made sure that the IP address was correct and so forth.

The wierd thing is the 4 other laptops in the office, they can connect...so I think it is something on the laptop...I am going to uninstall all Anti Virus programs and so forth, will update the forum once done.
Logged

Offline shawnbishop

  • *****
  • 298
  • +0/-0
Re: Open VPN error when connecting
« Reply #7 on: October 16, 2007, 10:21:22 AM »
Good Day

I am getting quite frustrated with this VPN story now.....SOme machines connect some dont??

The error message I now get after going slowley through all the settings is as follows

Tue Oct 16 09:54:34 2007 us=603787 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=711501 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=852699 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)

I assume I need to add those settings, but how do I??
Logged

Offline TrevorB

  • *
  • 259
  • +0/-0
    • http://www.batley.id.au
Re: Open VPN error when connecting
« Reply #8 on: October 16, 2007, 11:14:28 AM »
Quote from: shawnbishop on October 16, 2007, 10:21:22 AM
Good Day

I am getting quite frustrated with this VPN story now.....SOme machines connect some dont??

The error message I now get after going slowley through all the settings is as follows

Tue Oct 16 09:54:34 2007 us=603787 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=711501 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=852699 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)

I assume I need to add those settings, but how do I??
Some quick googling and there are many posts on the openvpn-users list re: this style of error. Most appear to be when the client is on a network with multiple gateways. eg. from the OpenVPN Users list, someone who had a similar problem
Quote
The problem with the "Incoming packet rejected from..." error is caused by the DNS broadcast 2 IP addresses to a single domain name which are 192.168.4.0 and 192.168.9.0. The 192.168.4.254 is the gateway IP address where 192.168.9.254 is the destination address that the vpn tunnel is going to be redirected to.

Openvpn will choose one of them randomly. When 192.168.4.254 is selected as the gateway address, openvpn vpn server accepts it; when 192.168.9.254 is selected, openvpn rejects the connection. This is beause the gateway address can't be the same as the destination address that the openvpn is going to redirect to.
Other items appear to point at the 'remote' option, but you don't appear to have anything weird there.

Can you post a copy of your server config file (with any incriminating ip's etc commented out :-) ).

Trevor B
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: Open VPN error when connecting