[svlug] OpenVPN
Tin Le
tin at le.org
Sun Mar 18 21:00:01 PDT 2007
1. Did you open the firewall on FreeBSD for OpenVPN port? That's UDP 1194.
2. No, you can not test OpenVPN by telneting to port 1194, since it's
UDP. You can test using nc.
3. Turn on more verbosity in server.conf when you start OpenVPN, do the
same on client.conf. Post both logs here.
I am running OpenVPN and OpenBSD 4.0 and supporting Windoze, Linux,
MacOSX, FreeBSD and OpenBSD clients. Work flawlessly.
Tin Le
--
"Never continue in a job you don't enjoy. If you're happy in what you're
doing, you'll like yourself, you'll have inner peace. And if you have
that, along with physical health, you will have had more success than you
could possibly have imagined." - Johnny Carson (1925-2005)
> Hey all,
>
> (I apologize if you've already seen this, but I
> think my first attempt to send it went out the wrong
> mailbox because I got a message back saying it had
> been queued because it came from a non-member address.)
>
> I've just installed OpenVPN on a FreeBSD 6.1 machine
> at my office and my Xubuntu workstation here at home.
>
> I think I have all the settings correct in both
> server.conf and client.conf for the ca, cert, key
> and dh settings in the files (no dh in client, right?)
>
> And I started them up on both machines, but I get
> the following on the client, and am unable to ping
> 10.8.0.1, which is what the server is supposed to be at:
>
> WARNING: No server certificate verification method
> has been enabled. See
> http://openvpn.net/howto.html#mitm for more info.
>
> Also, as openvpn on the client remains running, it
> then periodically spits out the following:
>
> root at Xu-100:/etc/openvpn# Sun Mar 18 17:43:01 2007
> TLS Error: TLS key negotiation failed to occur
> within 60 seconds (check your network connectivity)
> Sun Mar 18 17:43:01 2007 TLS Error: TLS handshake failed
> Sun Mar 18 17:43:01 2007 TCP/UDP: Closing socket
> Sun Mar 18 17:43:01 2007 SIGUSR1[soft,tls-error]
> received, process restarting
> Sun Mar 18 17:43:01 2007 Restart pause, 2 second(s)
> Sun Mar 18 17:43:03 2007 IMPORTANT: OpenVPN's
> default port number is now 1194, based on an
> official port number assignment by IANA. OpenVPN
> 2.0-beta16 and earlier used 5000 as the default port.
> Sun Mar 18 17:43:03 2007 WARNING: No server
> certificate verification method has been enabled.
> See http://openvpn.net/howto.html#mitm for more info.
> Sun Mar 18 17:43:03 2007 Re-using SSL/TLS context
> Sun Mar 18 17:43:03 2007 LZO compression initialized
> Sun Mar 18 17:43:03 2007 Control Channel MTU parms [
> L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
> Sun Mar 18 17:43:04 2007 Data Channel MTU parms [
> L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Sun Mar 18 17:43:04 2007 Local Options hash
> (VER=V4): '41690919'
> Sun Mar 18 17:43:04 2007 Expected Remote Options
> hash (VER=V4): '530fdded'
> Sun Mar 18 17:43:04 2007 UDPv4 link local: [undef]
> Sun Mar 18 17:43:04 2007 UDPv4 link remote:
> 71.36.241.186:1194
>
> The server is not connected through a firewall or
> anything, but directly to the Internet. All the
> suggestions I find on Google about this warning say
> to check firewall settings.
>
> Can someone tell me what I should look at next? I'm
> brand new to OpenVPN and a bit stumped.
> --
> Skip Evans
> Big Sky Penguin, LLC
> 61 W Broadway
> Butte, Montana 59701
> 406-782-2240
>
> =-=-=-=-=-=-=-=-=-=-=
>
> Check out PHPenguin, a lightweight and versatile
> PHP/MySQL development framework.
>
> http://phpenguin.bigskypenguin.com
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
More information about the Svlug
mailing list