Cannot connect - from tutorial…

bushtor

Hi,

I have followed the OpenVPN <-> windows client tutorial, but despite that I cannot get a successful connect.  My ovpn client file looks like this:

float
port 1194
dev tun
dev-node ovpn
proto tcp-client
remote 100.110.120.130 1194
ping 10
persist-tun
persist-key
tls-client
ca ca.crt
cert tor.crt
key tor.key
ns-cert-type server
#comp-lzo ? to enable LZO remove the #
pull
verb 4

… and here is an excerpt from the client's log for an attempted connect:

Fri Aug 29 20:31:15 2008 us=875259   dhcp_release = DISABLED
Fri Aug 29 20:31:15 2008 us=875350   domain = '[UNDEF]'
Fri Aug 29 20:31:15 2008 us=875428   netbios_scope = '[UNDEF]'
Fri Aug 29 20:31:15 2008 us=875507   netbios_node_type = 0
Fri Aug 29 20:31:15 2008 us=875585   disable_nbt = DISABLED
Fri Aug 29 20:31:15 2008 us=875669 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Fri Aug 29 20:31:15 2008 us=946480 WARNING: –ping should normally be used with--ping-restart or --ping-exit
Fri Aug 29 20:31:15 2008 us=949445 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Aug 29 20:31:15 2008 us=980737 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Fri Aug 29 20:31:15 2008 us=981033 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Aug 29 20:31:15 2008 us=981188 Expected Remote Options String: 'V4,dev-typetun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Aug 29 20:31:15 2008 us=981360 Local Options hash (VER=V4): 'db02a8f8'
Fri Aug 29 20:31:15 2008 us=981451 Expected Remote Options hash (VER=V4): '7e068940'
Fri Aug 29 20:31:15 2008 us=981579 Attempting to establish TCP connection with 100.110.120.130:1194
Fri Aug 29 20:31:16 2008 us=946158 TCP: connect to 100.110.120.130:1194 failed, will try again in 5 seconds
Fri Aug 29 20:31:22 2008 us=965857 TCP: connect to 100.110.120.130:1194 failed, will try again in 5 seconds
Fri Aug 29 20:31:28 2008 us=983611 TCP: connect to 100.110.120.130:1194 failed, will try again in 5 seconds

I have also attached an image of pfsense's  OpenVPN config window, and the required fw rules have been created.  I have noticed that in this forum there are differences in the client's ovpn files in the different examples (some use UPD and the tutorial uses TCP) etc.

Thanks if someone would comment on my config and suggest amendments to try..?

Tor

GruensFroeschli

Are you sure your firewall rule allows the right procoll?

Could you show a screenshot of the firewallrules allowing the traffic to the OpenVPN server?

bushtor

Unfortunately I haven't the pfsense box in front of me, but I have enabled two rules on its WAN if:

One for ICMP which enables me to ping pfsense from the client (and when I disables this rule it does not respond to pings) hence I can be sure that I have contact with the proper external IP.

The WAN OVPN rule opens for port 1194 with protocol TCP/UDP all other columns are asterisks….

I tried another client ovpn file using UDP as protocol and changed pfsense's OVPN config to use UDP instead of TCP.  Then I got lots of 'Connection reset by peer' messages at the client.

Tor

bushtor

Screenshot of WAN rule and OpenVPN log (I think for the ovpn client config above).  I hope this may give some more clues.

rgds Tor