Help with OpenVPN

Home Page Forums Network Management ZeroShell Help with OpenVPN

This topic contains 0 replies, has 0 voices, and was last updated by  kuros 9 years, 10 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #41635

    kuros
    Member

    Hello,

    I am having problems getting OpenVPN working, and I would greatly appreciate some help.

    My network set up is as follows:

    Cable Modem —- Netgear Router


    Virtual Zeroshell Machine

    The router has an IP of 192.168.5.1. I boot up the ZS VM and give it a new IP address of 192.168.5.15. I then set it as the DMZ on the router (I have also tried forwarding the traffic, both tcp and udp, from the router to that machine).

    I then go to the ZS web manager and enable the OpenVPN server, changing no settings. I then make a user, and export the CA.pem file, and upload it to my remote machine I am trying to use as a client.

    The remote machine is running ubuntu, and I have installed the openvpn package. I used the ZS client template conf file, entering the appropriate IP address in the file.

    On the remote machine, if I do “sudo openvpn –config confile.conf”, I get this:

    Thu Apr 16 00:20:57 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Thu Apr 16 00:20:57 2009 LZO compression initialized
    Thu Apr 16 00:20:57 2009 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Thu Apr 16 00:20:57 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
    Thu Apr 16 00:20:57 2009 Local Options hash (VER=V4): '31fdf004'
    Thu Apr 16 00:20:57 2009 Expected Remote Options hash (VER=V4): '3e6d1056'
    Thu Apr 16 00:20:57 2009 Attempting to establish TCP connection with 24.21.10.76:1194 [nonblock]
    Thu Apr 16 00:21:07 2009 TCP: connect to 24.21.x.x:1194 failed, will try again in 5 seconds: Connection timed out
    Thu Apr 16 00:21:22 2009 TCP: connect to 24.21.x.x:1194 failed, will try again in 5 seconds: Connection timed out

    Now, the log on the ZS machine shows no activity:

    21:20:28 	OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Sep 23 2008
    21:20:28 WARNING: This configuration may accept clients which do not present a certificate
    21:20:28 TUN/TAP device VPN99 opened
    21:20:28 Listening for incoming TCP connection on [undef]:1194
    21:20:28 TCPv4_SERVER link local (bound): [undef]:1194
    21:20:28 TCPv4_SERVER link remote: [undef]
    21:20:28 Initialization Sequence Completed

    I can see no connected clients from the ZS interface, either.

    However, if I change things to UDP, I get the following on the server:

    21:22:59 	70.87.222.254:39023 11 variation(s) on previous 3 message(s) suppressed by --mute
    21:22:59 70.87.222.254:39023 Re-using SSL/TLS context
    21:22:59 70.87.222.254:39023 LZO compression initialized
    21:22:59 70.87.222.254:39023 write UDPv4 []: Network is unreachable (code=101)
    21:23:00 24.21.10.76:50039 write UDPv4 []: Network is unreachable (code=101)
    21:23:01 70.87.222.254:39023 write UDPv4 []: Network is unreachable (code=101)
    21:23:01 24.21.10.76:50039 NOTE: --mute triggered...
    21:23:45 24.21.10.76:50039 74 variation(s) on previous 3 message(s) suppressed by --mute
    21:23:45 24.21.10.76:50039 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    21:23:45 24.21.10.76:50039 TLS Error: TLS handshake failed
    21:23:45 70.87.222.254:39023 write UDPv4 []: Network is unreachable (code=101)
    21:23:47 message repeated 2 times
    21:23:49 70.87.222.254:39023 NOTE: --mute triggered...

    and I get this on the client:



    Thu Apr 16 00:24:46 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Thu Apr 16 00:24:46 2009 Re-using SSL/TLS context
    Thu Apr 16 00:24:46 2009 LZO compression initialized
    Thu Apr 16 00:24:46 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Thu Apr 16 00:24:46 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Thu Apr 16 00:24:46 2009 Local Options hash (VER=V4): 'd79ca330'
    Thu Apr 16 00:24:46 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Thu Apr 16 00:24:46 2009 Socket Buffers: R=[110592->131072] S=[110592->131072]
    Thu Apr 16 00:24:46 2009 UDPv4 link local: [undef]
    Thu Apr 16 00:24:46 2009 UDPv4 link remote: 24.21.x.x:1194

    I can see it trying to connect in the “Show Clients” window on ZS, but they never finish. I have been all over the forums and the internet trying to figure out what is going on. Any help would be GREATLY appreciated.

    Thanks!

    #48022

    “I then go to the ZS web manager and enable the OpenVPN server, changing no settings. I then make a user, and export the CA.pem file, and upload it to my remote machine I am trying to use as a client.

    The remote machine is running ubuntu, and I have installed the openvpn package. I used the ZS client template conf file, entering the appropriate IP address in the file. “

    What is your specific implementation.
    Client uses what? certificate only? password only? certificate + password?
    Server configured to allow? certificate only? password only? certificate + password?
    Kerberos 5 Authentication enabled for user?
    Do you have the correct certificates located in the openvpn client folder?

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.