Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN connecting error! Process restart

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kabiraftab
      last edited by

      Hi Everyone!

      Fingers are crossed as i have worked on this issue from few days but no success yet. I have configured VPN at my VPS following this tutorial: http://servertutz.wordpress.com/2011/08/14/installing-openvpn-on-centos/

      Here is my server.conf settings:

      local 192.***.**.*** #- IP address hidden at forum
      port 9911 #- change the port you want
      proto tcp #- protocol can be tcp or udp
      dev tun
      tun-mtu 1500
      tun-mtu-extra 32
      mssfix 1450
      ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
      cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
      key /etc/openvpn/easy-rsa/2.0/keys/server.key
      dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
      plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
      client-cert-not-required
      username-as-common-name
      server 1.2.4.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      push "redirect-gateway def1"
      push "dhcp-option DNS 208.67.222.222"
      push "dhcp-option DNS 4.2.2.1"
      #keepalive 5 30
      comp-lzo
      persist-key
      persist-tun
      status server-tcp.log
      verb 3
      
      

      I configured it to work on Pfsense. I have 2.0.3-RELEASE (amd64) FreeBSD 8.1-RELEASE-p13 installed. Here is the configuration at my Pfsense:

      and here is the log error i get:

      
      Jan 10 13:14:10	openvpn[55177]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Jan 10 13:14:10	openvpn[55177]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jan 10 13:14:10	openvpn[55177]: Re-using SSL/TLS context
      Jan 10 13:14:10	openvpn[55177]: LZO compression initialized
      Jan 10 13:14:10	openvpn[55177]: Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
      Jan 10 13:14:10	openvpn[55177]: Socket Buffers: R=[65228->65536] S=[65228->65536]
      Jan 10 13:14:10	openvpn[55177]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
      Jan 10 13:14:10	openvpn[55177]: Local Options hash (VER=V4): 'bc07730e'
      Jan 10 13:14:10	openvpn[55177]: Expected Remote Options hash (VER=V4): 'b695cb4a'
      Jan 10 13:14:10	openvpn[55177]: Attempting to establish TCP connection with 192.174.27.227:9911 [nonblock]
      Jan 10 13:14:11	openvpn[55177]: TCP connection established with 192.174.27.227:9911
      Jan 10 13:14:11	openvpn[55177]: TCPv4_CLIENT link local (bound): 192.168.40.2
      Jan 10 13:14:11	openvpn[55177]: TCPv4_CLIENT link remote: 192.174.27.227:9911
      Jan 10 13:14:12	openvpn[55177]: TLS: Initial packet from 192.174.27.227:9911, sid=8850ea05 a04dce17
      Jan 10 13:14:17	openvpn[55177]: VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Aftab/emailAddress=me@myhost.mydomain
      Jan 10 13:14:17	openvpn[55177]: VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Aftab/emailAddress=me@myhost.mydomain
      Jan 10 13:14:21	openvpn[55177]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1576'
      Jan 10 13:14:21	openvpn[55177]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
      Jan 10 13:14:21	openvpn[55177]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
      Jan 10 13:14:21	openvpn[55177]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Jan 10 13:14:21	openvpn[55177]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Jan 10 13:14:21	openvpn[55177]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Jan 10 13:14:21	openvpn[55177]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Jan 10 13:14:21	openvpn[55177]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
      Jan 10 13:14:21	openvpn[55177]: [Aftab] Peer Connection Initiated with 192.174.27.227:9911
      Jan 10 13:14:21	openvpn[55177]: Connection reset, restarting [0]
      Jan 10 13:14:21	openvpn[55177]: TCP/UDP: Closing socket
      Jan 10 13:14:21	openvpn[55177]: SIGUSR1[soft,connection-reset] received, process restarting
      Jan 10 13:14:21	openvpn[55177]: Restart pause, 5 second(s
      

      So what to do? Is there anyway to solve it? I have setup some other free vpn providers VPN and they are workig,,,, so please help me!
      scrnshot.png
      scrnshot.png_thumb

      1 Reply Last reply Reply Quote 0
      • K
        kabiraftab
        last edited by

        Okay I solved it. Don't know how exactly! but let me tell if someone like me having issue with this.

        What I have done:=>

        1. In sever conf file, i have changed TCP into uDP and port into 2500. looks probably it was because port before was blocked or something like that.

        But now another problem,, I cant browse anything from that VPN? Is this problem from Server-side or client-side pfsense?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.