Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: shawnbishop on October 09, 2007, 11:39:35 AM
-
Good day
I am using OpenVPN and using OpenVPN client 2.0.9 from the openvpn.se site
When I try to connect I get the following error
connection reset by peer
Tue Oct 09 11:26:05 2007 us=356163 domain = '[UNDEF]'
Tue Oct 09 11:26:05 2007 us=356172 netbios_scope = '[UNDEF]'
Tue Oct 09 11:26:05 2007 us=356180 netbios_node_type = 0
Tue Oct 09 11:26:05 2007 us=356189 disable_nbt = DISABLED
Tue Oct 09 11:26:05 2007 us=399980 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Oct 09 11:26:35 2007 us=740722 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Oct 09 11:26:35 2007 us=770516 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:26:35 2007 us=770540 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:26:35 2007 us=841552 LZO compression initialized
Tue Oct 09 11:26:35 2007 us=860599 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Oct 09 11:26:38 2007 us=371186 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Oct 09 11:26:38 2007 us=397406 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Oct 09 11:26:38 2007 us=397432 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Oct 09 11:26:38 2007 us=425961 Local Options hash (VER=V4): '13a273ba'
Tue Oct 09 11:26:38 2007 us=425997 Expected Remote Options hash (VER=V4): '360696c5'
Tue Oct 09 11:26:38 2007 us=426046 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 09 11:26:38 2007 us=426872 UDPv4 link local: [undef]
Tue Oct 09 11:26:38 2007 us=426888 UDPv4 link remote: 41.243.241.12:1194
Tue Oct 09 11:27:38 2007 us=944765 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Oct 09 11:27:38 2007 us=944811 TLS Error: TLS handshake failed
Tue Oct 09 11:27:38 2007 us=945769 TCP/UDP: Closing socket
Tue Oct 09 11:27:38 2007 us=946237 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 09 11:27:38 2007 us=946256 Restart pause, 2 second(s)
Tue Oct 09 11:27:40 2007 us=990859 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Oct 09 11:27:40 2007 us=990907 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:27:40 2007 us=990923 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 09 11:27:40 2007 us=990950 LZO compression initialized
Tue Oct 09 11:27:40 2007 us=991016 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Oct 09 11:27:41 2007 us=373580 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Oct 09 11:27:41 2007 us=373639 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Oct 09 11:27:41 2007 us=373653 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Oct 09 11:27:41 2007 us=373679 Local Options hash (VER=V4): '13a273ba'
Tue Oct 09 11:27:41 2007 us=373696 Expected Remote Options hash (VER=V4): '360696c5'
Tue Oct 09 11:27:41 2007 us=373735 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 09 11:27:41 2007 us=373753 UDPv4 link local: [undef]
Tue Oct 09 11:27:41 2007 us=373765 UDPv4 link remote: 41.243.240.178:1194
Tue Oct 09 11:27:41 2007 us=399752 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:43 2007 us=427323 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:45 2007 us=459354 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:47 2007 us=489637 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:49 2007 us=520797 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:51 2007 us=552516 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:53 2007 us=976862 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:56 2007 us=379844 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:27:58 2007 us=785998 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:01 2007 us=192173 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:02 2007 us=395198 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:04 2007 us=863822 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:07 2007 us=332426 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:09 2007 us=801113 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:12 2007 us=269704 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:13 2007 us=504055 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:15 2007 us=879026 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:18 2007 us=253872 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:19 2007 us=441317 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:21 2007 us=816174 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:24 2007 us=191206 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:25 2007 us=347259 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:27 2007 us=659711 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:29 2007 us=972018 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:32 2007 us=284392 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:33 2007 us=440632 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Oct 09 11:28:35 2007 us=510479 TCP/UDP: Closing socket
Tue Oct 09 11:28:35 2007 us=510767 SIGTERM[hard,] received, process exiting
The server was working a couple of weeks ago since I last used it, I am not aware if the server did nay YUM updates...
I have checked through the forum and there doesnt appear to be a resolution??
REgards
Shawn
-
It looks like you have some TLS errors
TLS Error: TLS key negotiation failed to occur within 60 seconds.
TLS Error: TLS handshake failed
This could mean your packets are being blocked by a firewall, your certificates on both ends don't match, or the IPs or subnet masks are wrong in your config files. A common problem is that users forget that Windows XP now comes with its own firewall enabled by default. Check to make sure Norton Security or some other security program is not running on the Windows client. It may be necessary to log out of Windows and login again before the changes take effect.
My guess would be certificates (can/will be regenerated if some config items have changed on your server - eg. server name, domain).
Good Luck
Trevor B
-
Do you have access to the server-manager without the openvpn connection? It seems that your server is resetting the connection, there should be a clue in the log files, which can be viewed using the server-manager or a (remote) SSH connection form the server shell.
Perhaps there are clues in the /var/log/openvpn/server-bridge.log or the /var/log/messages file.
-
Great
THanks guys, will have a look, come to think of it all the users had Nortons on their laptops...will check
-
Good day
I still seem to be having this error, I disabled the firewall on the Windows box.
Other users can connect to the VPN, so it must be an issue with the MS Windoze box, this is the config
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my-server-1 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
And the log file from the connection is
Fri Oct 12 10:37:26 2007 us=166948 Current Parameter Settings:
Fri Oct 12 10:37:26 2007 us=167014 config = 'client.ovpn'
Fri Oct 12 10:37:26 2007 us=167024 mode = 0
Fri Oct 12 10:37:26 2007 us=167033 show_ciphers = DISABLED
Fri Oct 12 10:37:26 2007 us=167043 show_digests = DISABLED
Fri Oct 12 10:37:26 2007 us=167052 show_engines = DISABLED
Fri Oct 12 10:37:26 2007 us=167061 genkey = DISABLED
Fri Oct 12 10:37:26 2007 us=167070 key_pass_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167080 show_tls_ciphers = DISABLED
Fri Oct 12 10:37:26 2007 us=167088 proto = 0
Fri Oct 12 10:37:26 2007 us=167097 local = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167108 remote_list[0] = {'my-server-1', 1194}
Fri Oct 12 10:37:26 2007 us=167119 remote_list[1] = {'bandbmanagement.dyndns.org', 1194}
Fri Oct 12 10:37:26 2007 us=167129 remote_random = DISABLED
Fri Oct 12 10:37:26 2007 us=167138 local_port = 1194
Fri Oct 12 10:37:26 2007 us=167148 remote_port = 1194
Fri Oct 12 10:37:26 2007 us=167156 remote_float = DISABLED
Fri Oct 12 10:37:26 2007 us=167165 ipchange = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167176 bind_local = DISABLED
Fri Oct 12 10:37:26 2007 us=167186 dev = 'tap'
Fri Oct 12 10:37:26 2007 us=167195 dev_type = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167204 dev_node = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167214 tun_ipv6 = DISABLED
Fri Oct 12 10:37:26 2007 us=167223 ifconfig_local = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167232 ifconfig_remote_netmask = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167242 ifconfig_noexec = DISABLED
Fri Oct 12 10:37:26 2007 us=167251 ifconfig_nowarn = DISABLED
Fri Oct 12 10:37:26 2007 us=167260 shaper = 0
Fri Oct 12 10:37:26 2007 us=167269 tun_mtu = 1500
Fri Oct 12 10:37:26 2007 us=167286 tun_mtu_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=167295 link_mtu = 1500
Fri Oct 12 10:37:26 2007 us=167305 link_mtu_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=167314 tun_mtu_extra = 32
Fri Oct 12 10:37:26 2007 us=167324 tun_mtu_extra_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=167332 fragment = 0
Fri Oct 12 10:37:26 2007 us=167342 mtu_discover_type = -1
Fri Oct 12 10:37:26 2007 us=167350 mtu_test = 1
Fri Oct 12 10:37:26 2007 us=167359 mlock = DISABLED
Fri Oct 12 10:37:26 2007 us=167369 keepalive_ping = 0
Fri Oct 12 10:37:26 2007 us=167378 keepalive_timeout = 0
Fri Oct 12 10:37:26 2007 us=167387 inactivity_timeout = 0
Fri Oct 12 10:37:26 2007 us=167397 ping_send_timeout = 0
Fri Oct 12 10:37:26 2007 us=167408 ping_rec_timeout = 120
Fri Oct 12 10:37:26 2007 us=167418 ping_rec_timeout_action = 2
Fri Oct 12 10:37:26 2007 us=167427 ping_timer_remote = DISABLED
Fri Oct 12 10:37:26 2007 us=167438 remap_sigusr1 = 0
Fri Oct 12 10:37:26 2007 us=167448 explicit_exit_notification = 0
Fri Oct 12 10:37:26 2007 us=167458 persist_tun = ENABLED
Fri Oct 12 10:37:26 2007 us=167468 persist_local_ip = DISABLED
Fri Oct 12 10:37:26 2007 us=167478 persist_remote_ip = DISABLED
Fri Oct 12 10:37:26 2007 us=167489 persist_key = ENABLED
Fri Oct 12 10:37:26 2007 us=167498 mssfix = 1450
Fri Oct 12 10:37:26 2007 us=167508 resolve_retry_seconds = 1000000000
Fri Oct 12 10:37:26 2007 us=167519 connect_retry_seconds = 5
Fri Oct 12 10:37:26 2007 us=167528 username = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167538 groupname = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167548 chroot_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167558 cd_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167568 writepid = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167578 up_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167588 down_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=167598 down_pre = DISABLED
Fri Oct 12 10:37:26 2007 us=167608 up_restart = DISABLED
Fri Oct 12 10:37:26 2007 us=167618 up_delay = DISABLED
Fri Oct 12 10:37:26 2007 us=167628 daemon = DISABLED
Fri Oct 12 10:37:26 2007 us=167637 inetd = 0
Fri Oct 12 10:37:26 2007 us=167646 log = DISABLED
Fri Oct 12 10:37:26 2007 us=167656 suppress_timestamps = DISABLED
Fri Oct 12 10:37:26 2007 us=359472 nice = 0
Fri Oct 12 10:37:26 2007 us=359492 verbosity = 4
Fri Oct 12 10:37:26 2007 us=359501 mute = 0
Fri Oct 12 10:37:26 2007 us=359509 gremlin = 0
Fri Oct 12 10:37:26 2007 us=359519 status_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=359527 status_file_version = 1
Fri Oct 12 10:37:26 2007 us=359536 status_file_update_freq = 60
Fri Oct 12 10:37:26 2007 us=359545 occ = ENABLED
Fri Oct 12 10:37:26 2007 us=359553 rcvbuf = 0
Fri Oct 12 10:37:26 2007 us=359561 sndbuf = 0
Fri Oct 12 10:37:26 2007 us=359571 socks_proxy_server = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=359586 socks_proxy_port = 0
Fri Oct 12 10:37:26 2007 us=359595 socks_proxy_retry = DISABLED
Fri Oct 12 10:37:26 2007 us=359604 fast_io = DISABLED
Fri Oct 12 10:37:26 2007 us=359612 comp_lzo = ENABLED
Fri Oct 12 10:37:26 2007 us=359621 comp_lzo_adaptive = ENABLED
Fri Oct 12 10:37:26 2007 us=359630 route_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=359639 route_default_gateway = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368560 route_noexec = DISABLED
Fri Oct 12 10:37:26 2007 us=368582 route_delay = 0
Fri Oct 12 10:37:26 2007 us=368592 route_delay_window = 30
Fri Oct 12 10:37:26 2007 us=368601 route_delay_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=368611 management_addr = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368620 management_port = 0
Fri Oct 12 10:37:26 2007 us=368630 management_user_pass = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368639 management_log_history_cache = 250
Fri Oct 12 10:37:26 2007 us=368649 management_echo_buffer_size = 100
Fri Oct 12 10:37:26 2007 us=368659 management_query_passwords = DISABLED
Fri Oct 12 10:37:26 2007 us=368669 management_hold = DISABLED
Fri Oct 12 10:37:26 2007 us=368678 shared_secret_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=368689 key_direction = 2
Fri Oct 12 10:37:26 2007 us=368698 ciphername_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=368708 ciphername = 'BF-CBC'
Fri Oct 12 10:37:26 2007 us=391982 authname_defined = ENABLED
Fri Oct 12 10:37:26 2007 us=392003 authname = 'SHA1'
Fri Oct 12 10:37:26 2007 us=392012 keysize = 0
Fri Oct 12 10:37:26 2007 us=392021 engine = DISABLED
Fri Oct 12 10:37:26 2007 us=392030 replay = ENABLED
Fri Oct 12 10:37:26 2007 us=392039 mute_replay_warnings = DISABLED
Fri Oct 12 10:37:26 2007 us=392048 replay_window = 64
Fri Oct 12 10:37:26 2007 us=392058 replay_time = 15
Fri Oct 12 10:37:26 2007 us=392067 packet_id_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=392076 use_iv = ENABLED
Fri Oct 12 10:37:26 2007 us=392084 test_crypto = DISABLED
Fri Oct 12 10:37:26 2007 us=392093 tls_server = DISABLED
Fri Oct 12 10:37:26 2007 us=392102 tls_client = ENABLED
Fri Oct 12 10:37:26 2007 us=392111 key_method = 2
Fri Oct 12 10:37:26 2007 us=392120 ca_file = 'ca.crt'
Fri Oct 12 10:37:26 2007 us=392130 dh_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=392140 cert_file = 'chamainebandb.crt'
Fri Oct 12 10:37:26 2007 us=414858 priv_key_file = 'chamainebandb.key'
Fri Oct 12 10:37:26 2007 us=414878 pkcs12_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414888 cryptoapi_cert = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414897 cipher_list = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414906 tls_verify = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414915 tls_remote = 'server'
Fri Oct 12 10:37:26 2007 us=414923 crl_file = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=414932 ns_cert_type = 64
Fri Oct 12 10:37:26 2007 us=414941 tls_timeout = 2
Fri Oct 12 10:37:26 2007 us=414950 renegotiate_bytes = 0
Fri Oct 12 10:37:26 2007 us=414958 renegotiate_packets = 0
Fri Oct 12 10:37:26 2007 us=414968 renegotiate_seconds = 3600
Fri Oct 12 10:37:26 2007 us=414977 handshake_window = 60
Fri Oct 12 10:37:26 2007 us=414985 transition_window = 3600
Fri Oct 12 10:37:26 2007 us=414994 single_session = DISABLED
Fri Oct 12 10:37:26 2007 us=415003 tls_exit = DISABLED
Fri Oct 12 10:37:26 2007 us=440225 tls_auth_file = 'ta.key'
Fri Oct 12 10:37:26 2007 us=440259 server_network = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440270 server_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440281 server_bridge_ip = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440291 server_bridge_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440301 server_bridge_pool_start = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440312 server_bridge_pool_end = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440322 ifconfig_pool_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=440333 ifconfig_pool_start = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440344 ifconfig_pool_end = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440355 ifconfig_pool_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=440365 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=440375 ifconfig_pool_persist_refresh_freq = 600
Fri Oct 12 10:37:26 2007 us=440385 ifconfig_pool_linear = DISABLED
Fri Oct 12 10:37:26 2007 us=440394 n_bcast_buf = 256
Fri Oct 12 10:37:26 2007 us=464413 tcp_queue_limit = 64
Fri Oct 12 10:37:26 2007 us=464430 real_hash_size = 256
Fri Oct 12 10:37:26 2007 us=464440 virtual_hash_size = 256
Fri Oct 12 10:37:26 2007 us=464449 client_connect_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464459 learn_address_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464469 client_disconnect_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464478 client_config_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464487 ccd_exclusive = DISABLED
Fri Oct 12 10:37:26 2007 us=464495 tmp_dir = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=464505 push_ifconfig_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=464529 push_ifconfig_local = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=464540 push_ifconfig_remote_netmask = 0.0.0.0
Fri Oct 12 10:37:26 2007 us=464550 enable_c2c = DISABLED
Fri Oct 12 10:37:26 2007 us=464559 duplicate_cn = DISABLED
Fri Oct 12 10:37:26 2007 us=485138 cf_max = 0
Fri Oct 12 10:37:26 2007 us=485156 cf_per = 0
Fri Oct 12 10:37:26 2007 us=485166 max_clients = 1024
Fri Oct 12 10:37:26 2007 us=485175 max_routes_per_client = 256
Fri Oct 12 10:37:26 2007 us=485184 client_cert_not_required = DISABLED
Fri Oct 12 10:37:26 2007 us=485194 username_as_common_name = DISABLED
Fri Oct 12 10:37:26 2007 us=485204 auth_user_pass_verify_script = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=485215 auth_user_pass_verify_script_via_file = DISABLED
Fri Oct 12 10:37:26 2007 us=485224 client = ENABLED
Fri Oct 12 10:37:26 2007 us=485232 pull = ENABLED
Fri Oct 12 10:37:26 2007 us=485241 auth_user_pass_file = 'stdin'
Fri Oct 12 10:37:26 2007 us=485255 show_net_up = DISABLED
Fri Oct 12 10:37:26 2007 us=485264 route_method = 0
Fri Oct 12 10:37:26 2007 us=485273 ip_win32_defined = DISABLED
Fri Oct 12 10:37:26 2007 us=485282 ip_win32_type = 3
Fri Oct 12 10:37:26 2007 us=485291 dhcp_masq_offset = 0
Fri Oct 12 10:37:26 2007 us=507245 dhcp_lease_time = 31536000
Fri Oct 12 10:37:26 2007 us=507261 tap_sleep = 0
Fri Oct 12 10:37:26 2007 us=507270 dhcp_options = DISABLED
Fri Oct 12 10:37:26 2007 us=507279 dhcp_renew = DISABLED
Fri Oct 12 10:37:26 2007 us=507287 dhcp_pre_release = DISABLED
Fri Oct 12 10:37:26 2007 us=507296 dhcp_release = DISABLED
Fri Oct 12 10:37:26 2007 us=507304 domain = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=507313 netbios_scope = '[UNDEF]'
Fri Oct 12 10:37:26 2007 us=507322 netbios_node_type = 0
Fri Oct 12 10:37:26 2007 us=507330 disable_nbt = DISABLED
Fri Oct 12 10:37:26 2007 us=507351 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Fri Oct 12 10:37:35 2007 us=944666 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Oct 12 10:37:35 2007 us=944709 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 12 10:37:35 2007 us=944725 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 12 10:37:35 2007 us=944753 LZO compression initialized
Fri Oct 12 10:37:35 2007 us=944861 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Oct 12 10:37:38 2007 us=244810 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
Fri Oct 12 10:37:38 2007 us=244850 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Oct 12 10:37:38 2007 us=244894 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Oct 12 10:37:38 2007 us=244908 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Oct 12 10:37:38 2007 us=244940 Local Options hash (VER=V4): '13a273ba'
Fri Oct 12 10:37:38 2007 us=244957 Expected Remote Options hash (VER=V4): '360696c5'
Fri Oct 12 10:37:40 2007 us=491712 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
Fri Oct 12 10:37:40 2007 us=491817 TCP/UDP: Closing socket
Fri Oct 12 10:37:40 2007 us=495031 SIGUSR1[soft,init_instance] received, process restarting
Fri Oct 12 10:37:40 2007 us=495054 Restart pause, 2 second(s)
Fri Oct 12 10:37:42 2007 us=491490 Re-using SSL/TLS context
Fri Oct 12 10:37:42 2007 us=491549 LZO compression initialized
Fri Oct 12 10:37:42 2007 us=491635 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Oct 12 10:37:42 2007 us=849591 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Oct 12 10:37:42 2007 us=849646 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Oct 12 10:37:42 2007 us=849660 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Oct 12 10:37:42 2007 us=849685 Local Options hash (VER=V4): '13a273ba'
Fri Oct 12 10:37:42 2007 us=849702 Expected Remote Options hash (VER=V4): '360696c5'
Fri Oct 12 10:37:42 2007 us=849733 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Oct 12 10:37:42 2007 us=858090 UDPv4 link local: [undef]
Fri Oct 12 10:37:42 2007 us=858116 UDPv4 link remote: 41.243.240.178:1194
Fri Oct 12 10:37:42 2007 us=864089 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:45 2007 us=320153 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:47 2007 us=788792 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:50 2007 us=257477 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:52 2007 us=726017 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:55 2007 us=194740 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:57 2007 us=663297 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:37:58 2007 us=897678 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Oct 12 10:38:00 2007 us=245404 TCP/UDP: Closing socket
Fri Oct 12 10:38:00 2007 us=245576 SIGTERM[hard,] received, process exiting
Cheers
Thanks for the help
-
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my-server-1 1194
;remote my-server-2 1194
<<lots gone>>
Fri Oct 12 10:37:38 2007 us=244810 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
<<more gone>>
Fri Oct 12 10:37:40 2007 us=491712 RESOLVE: Cannot resolve host address: my-server-1: [HOST_NOT_FOUND] The specified host is unknown.
Fri Oct 12 10:37:40 2007 us=491817 TCP/UDP: Closing socket
Fri Oct 12 10:37:40 2007 us=495031 SIGUSR1[soft,init_instance] received, process restarting
Shawn,
It doesn't sem to be resloving my-server-1.
Was this defined in a hosts file that has been deleted? Any other change is dns that may have been supplying the IP address for my-server-1?
Trevor B
-
Good day
The Host that it is trying to connect to is a dyndns hostname, supplied by DynDNS.org.I made sure that the IP address was correct and so forth.
The wierd thing is the 4 other laptops in the office, they can connect...so I think it is something on the laptop...I am going to uninstall all Anti Virus programs and so forth, will update the forum once done.
-
Good Day
I am getting quite frustrated with this VPN story now.....SOme machines connect some dont??
The error message I now get after going slowley through all the settings is as follows
Tue Oct 16 09:54:34 2007 us=603787 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=711501 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=852699 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
I assume I need to add those settings, but how do I??
-
Good Day
I am getting quite frustrated with this VPN story now.....SOme machines connect some dont??
The error message I now get after going slowley through all the settings is as follows
Tue Oct 16 09:54:34 2007 us=603787 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=711501 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Oct 16 09:54:35 2007 us=852699 TCP/UDP: Incoming packet rejected from 192.168.0.201:1194[2], expected peer address: 196.31.37.194:1194 (allow this incoming source address/port by removing --remote or adding --float)
I assume I need to add those settings, but how do I??
Some quick googling and there are many posts on the openvpn-users list re: this style of error. Most appear to be when the client is on a network with multiple gateways. eg. from the OpenVPN Users list, someone who had a similar problemThe problem with the "Incoming packet rejected from..." error is caused by the DNS broadcast 2 IP addresses to a single domain name which are 192.168.4.0 and 192.168.9.0. The 192.168.4.254 is the gateway IP address where 192.168.9.254 is the destination address that the vpn tunnel is going to be redirected to.
Openvpn will choose one of them randomly. When 192.168.4.254 is selected as the gateway address, openvpn vpn server accepts it; when 192.168.9.254 is selected, openvpn rejects the connection. This is beause the gateway address can't be the same as the destination address that the openvpn is going to redirect to.
Other items appear to point at the 'remote' option, but you don't appear to have anything weird there.
Can you post a copy of your server config file (with any incriminating ip's etc commented out :-) ).
Trevor B