Cannot connect - from tutorial…



  • Hi,

    I have followed the OpenVPN <-> windows client tutorial, but despite that I cannot get a successful connect.  My ovpn client file looks like this:

    float
    port 1194
    dev tun
    dev-node ovpn
    proto tcp-client
    remote 100.110.120.130 1194
    ping 10
    persist-tun
    persist-key
    tls-client
    ca ca.crt
    cert tor.crt
    key tor.key
    ns-cert-type server
    #comp-lzo ? to enable LZO remove the #
    pull
    verb 4

    … and here is an excerpt from the client's log for an attempted connect:

    Fri Aug 29 20:31:15 2008 us=875259   dhcp_release = DISABLED
    Fri Aug 29 20:31:15 2008 us=875350   domain = '[UNDEF]'
    Fri Aug 29 20:31:15 2008 us=875428   netbios_scope = '[UNDEF]'
    Fri Aug 29 20:31:15 2008 us=875507   netbios_node_type = 0
    Fri Aug 29 20:31:15 2008 us=875585   disable_nbt = DISABLED
    Fri Aug 29 20:31:15 2008 us=875669 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Fri Aug 29 20:31:15 2008 us=946480 WARNING: –ping should normally be used with--ping-restart or --ping-exit
    Fri Aug 29 20:31:15 2008 us=949445 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Fri Aug 29 20:31:15 2008 us=980737 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
    Fri Aug 29 20:31:15 2008 us=981033 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Fri Aug 29 20:31:15 2008 us=981188 Expected Remote Options String: 'V4,dev-typetun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Fri Aug 29 20:31:15 2008 us=981360 Local Options hash (VER=V4): 'db02a8f8'
    Fri Aug 29 20:31:15 2008 us=981451 Expected Remote Options hash (VER=V4): '7e068940'
    Fri Aug 29 20:31:15 2008 us=981579 Attempting to establish TCP connection with 100.110.120.130:1194
    Fri Aug 29 20:31:16 2008 us=946158 TCP: connect to 100.110.120.130:1194 failed, will try again in 5 seconds
    Fri Aug 29 20:31:22 2008 us=965857 TCP: connect to 100.110.120.130:1194 failed, will try again in 5 seconds
    Fri Aug 29 20:31:28 2008 us=983611 TCP: connect to 100.110.120.130:1194 failed, will try again in 5 seconds

    I have also attached an image of pfsense's  OpenVPN config window, and the required fw rules have been created.  I have noticed that in this forum there are differences in the client's ovpn files in the different examples (some use UPD and the tutorial uses TCP) etc.

    Thanks if someone would comment on my config and suggest amendments to try..?

    Tor




  • Are you sure your firewall rule allows the right procoll?

    Could you show a screenshot of the firewallrules allowing the traffic to the OpenVPN server?



  • Unfortunately I haven't the pfsense box in front of me, but I have enabled two rules on its WAN if:

    One for ICMP which enables me to ping pfsense from the client (and when I disables this rule it does not respond to pings) hence I can be sure that I have contact with the proper external IP.

    The WAN OVPN rule opens for port 1194 with protocol TCP/UDP all other columns are asterisks….

    I tried another client ovpn file using UDP as protocol and changed pfsense's OVPN config to use UDP instead of TCP.  Then I got lots of 'Connection reset by peer' messages at the client.

    Tor



  • Screenshot of WAN rule and OpenVPN log (I think for the ovpn client config above).  I hope this may give some more clues.

    rgds Tor





Log in to reply