[arch-general] Help me with OpenVPN
Hi, I am trying to connect to a OpenVPN but no success. it says "openvpn[5052]: TCP: connect to xx.xx.xx.xx:1723 failed, will try again in 5 seconds: Connection refused" and this goes on. On Server Side, I checked openVPN is running OKAY but its not listing to port 1723. here is my server config: port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" client-to-client comp-lzo max-clients 10 user nobody group users Here is the log on server: Sat Jun 5 06:13:37 2010 us=301342 Diffie-Hellman initialized with 1024 bit key Sat Jun 5 06:13:37 2010 us=301881 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Jun 5 06:13:37 2010 us=302048 ROUTE default_gateway=96.44.148.129 Sat Jun 5 06:13:37 2010 us=314676 TUN/TAP device tun0 opened Sat Jun 5 06:13:37 2010 us=314709 TUN/TAP TX queue length set to 100 Sat Jun 5 06:13:37 2010 us=314744 /sbin/ip link set dev tun0 up mtu 1500 Sat Jun 5 06:13:37 2010 us=315382 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 Sat Jun 5 06:13:37 2010 us=316319 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2 RTNETLINK answers: File exists Sat Jun 5 06:13:37 2010 us=316774 ERROR: Linux route add command failed: external program exited with error status: 2 Sat Jun 5 06:13:37 2010 us=316797 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jun 5 06:13:37 2010 us=317235 GID set to users Sat Jun 5 06:13:37 2010 us=317305 UID set to nobody Sat Jun 5 06:13:37 2010 us=317324 Socket Buffers: R=[129024->131072] S=[129024->131072] Sat Jun 5 06:13:37 2010 us=317338 UDPv4 link local (bound): [undef]:1194 Sat Jun 5 06:13:37 2010 us=317347 UDPv4 link remote: [undef] Sat Jun 5 06:13:37 2010 us=317361 MULTI: multi_init called, r=256 v=256 Sat Jun 5 06:13:37 2010 us=317417 IFCONFIG POOL: base=10.8.0.4 size=62 Sat Jun 5 06:13:37 2010 us=317429 IFCONFIG POOL LIST Sat Jun 5 06:13:37 2010 us=317454 Initialization Sequence Completed i have already tried switching IPtables on or OFF but still can't connect. Any tips? Regards, Gaurish Sharma www.gaurishsharma.com
"openvpn[5052]: TCP: connect to xx.xx.xx.xx:1723 failed, will try again in 5 seconds: Connection refused" ... here is my server config: port 1194 proto udp
Does this ^^ ring a bell? Just to make sure it's clear, your server listens on UDP 1194, your client tries to connect to TCP 1723. -- damjan
On Sat, Jun 5, 2010 at 6:04 PM, Damjan Georgievski <gdamjan@gmail.com>wrote:
"openvpn[5052]: TCP: connect to xx.xx.xx.xx:1723 failed, will try again in 5 seconds: Connection refused" ... here is my server config: port 1194 proto udp
Does this ^^ ring a bell?
Just to make sure it's clear, your server listens on UDP 1194, your client tries to connect to TCP 1723.
-- damjan
That would seem too easy, but yeah... That is OpenVPN's "default" port. "Port 1194 is the official IANA<http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority>assigned port number for OpenVPN. Newer versions of the program now default to that port." -- Wikipedia<http://en.wikipedia.org/wiki/OpenVPN#Networking> Ben
On Sun, Jun 6, 2010 at 1:15 AM, Benjamin Campbell <benji.campbell@gmail.com> wrote:
"Port 1194 is the official IANA<http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority>assigned port number for OpenVPN. Newer versions of the program now default to that port." -- Wikipedia<http://en.wikipedia.org/wiki/OpenVPN#Networking>
Cant you pass --port and --proto to force client using the default port and udp? (I dont use openvpn, only read the manual to try to help, so sorry if this dont make sense) Regards, Kazuo -- «Dans la vie, rien n'est à craindre, tout est à comprendre» Marie Sklodowska Curie.
Hi, Thank you all. you been great. With your help, I am now able to connect but small problem. I can't transfer/ping any data. I think there is some problem with firewall rules with Iptables. But I don't know much about iptables. Any guide which would be get started with IPtables? Regards, Gaurish Sharma On Sun, Jun 6, 2010 at 2:13 PM, Kazuo Teramoto <kaz.rag@gmail.com> wrote:
On Sun, Jun 6, 2010 at 1:15 AM, Benjamin Campbell <benji.campbell@gmail.com> wrote:
"Port 1194 is the official IANA<http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority>assigned port number for OpenVPN. Newer versions of the program now default to that port." -- Wikipedia<http://en.wikipedia.org/wiki/OpenVPN#Networking>
Cant you pass --port and --proto to force client using the default port and udp? (I dont use openvpn, only read the manual to try to help, so sorry if this dont make sense)
Regards, Kazuo
-- «Dans la vie, rien n'est à craindre, tout est à comprendre» Marie Sklodowska Curie.
On Sun, Jun 6, 2010 at 11:28 AM, Gaurish Sharma <contact@gaurishsharma.com>wrote:
Hi, Thank you all. you been great. With your help, I am now able to connect but small problem. I can't transfer/ping any data. I think there is some problem with firewall rules with Iptables.
But I don't know much about iptables. Any guide which would be get started with IPtables?
Regards, Gaurish Sharma
On Sun, Jun 6, 2010 at 2:13 PM, Kazuo Teramoto <kaz.rag@gmail.com> wrote:
On Sun, Jun 6, 2010 at 1:15 AM, Benjamin Campbell <benji.campbell@gmail.com> wrote:
"Port 1194 is the official IANA<http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority assigned port number for OpenVPN. Newer versions of the program now default to that port." -- Wikipedia< http://en.wikipedia.org/wiki/OpenVPN#Networking>
Cant you pass --port and --proto to force client using the default port and udp? (I dont use openvpn, only read the manual to try to help, so sorry if this dont make sense)
Regards, Kazuo
-- «Dans la vie, rien n'est à craindre, tout est à comprendre» Marie Sklodowska Curie.
Here is a high abstraction based howto... That may get your gears turning. http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html<Here%20is%20a%20high%20abstraction%20based%20howto...%20That%20may%20get%20your%20gears%20turning.%20%20http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html> -- Thanks Ben Campbell
participants (4)
-
Benjamin Campbell
-
Damjan Georgievski
-
Gaurish Sharma
-
Kazuo Teramoto