Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th November 2009, 14:36
tiedyeguy64 tiedyeguy64 is offline
Junior Member
 
Join Date: Nov 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default OpenVPN configuration / operation issue

I currently have a small office server running Debian Lenny, Samba 3, & dnsmasq (DNS/DHCP). All office based XP clients have access. I now need to add XP road warrior access via VPN, and have installed openvpn. (It was installed per this howto.) All appreaed to go well at both server & client ends (using my XP machine @ home for testing.)

When I start the vpn connection, it appears to connect, I get notified that a TCP connection has been established, but then it resets & closes the socket. It waits 5 seconds, tries to reestablish, and continues in this loop.

I have searched for the openvpn log, but cannot find it in /var/log/ or any other location.

Any help would be much appreciated.

myclient internal IP (at home): 192.168.10.2

office internal network on 192.168.20.xxx
myserver public IP (static): 111.111.111.111
myserver IP (lan): 192.168.20.100
office gateway: 192.168.20.1

Server.conf file:
Quote:
port 443
proto tcp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/myserver.crt
key /etc/openvpn/easy-rsa/keys/myserver.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.20.1 255.255.255.0 192.168.20.151 192.168.20.160
push "route 10.0.0.0 255.0.0.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
verb
Client.ovpn file:
Quote:
client
dev tap
proto tcp
remote 111.111.111.111 443
resolv-retry infinite
nobind
pkcs12 myclient.p12
ns-cert-type server
comp-lzo
verb
Snippet of connection window messages:
Quote:
LZO Compression initialized
Control channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Local Options hash (ver=v4): '31fdf004'
Expected remote options hash (ver=v4): '3e6d1056'
Attempting to establish connection with 111.111.111.111:443
TCP connection established with 111.111.111.111:443
TCPv4_client link local: [undef]
TCPv4_client link remote: 111.111.111.111:443
Connection reset, restarting [-1]
TCP/UDP closing socket
SIGUSR1[soft,connecting-reset] received, process restarting
Restart pause, 5 second(s)
I notice the [undef] notification, but am not sure what it relates to.

Thanks for any tips.
Reply With Quote
Sponsored Links
  #2  
Old 15th November 2009, 10:29
dipeshmehta dipeshmehta is offline
Senior Member
 
Join Date: Nov 2008
Location: Rajkot, India
Posts: 173
Thanks: 5
Thanked 13 Times in 13 Posts
Send a message via Yahoo to dipeshmehta Send a message via Skype™ to dipeshmehta
Default

Quote:
Originally Posted by tiedyeguy64 View Post
server-bridge 192.168.20.1 255.255.255.0 192.168.20.151 192.168.20.160
If you use 'server-bridge', you should have to start and stop bridge with given scripts. In my opinion, its not necessary to use server-bridge, you may use server routing as well. Please change this line with
Code:
server 10.8.0.0 255.255.255.0
and
Quote:
Originally Posted by tiedyeguy64 View Post
push "route 10.0.0.0 255.0.0.0"
with
Code:
push "route 192.168.20.0 255.255.255.0"
Similarly change, 'dev tap' to 'dev tun', and appropriate changes to client config files also.

You may please refer to http://www.openvpn.net/index.php/ope...ion/howto.html It has step-by-step howto and guidance on every parameters, it would ease the things.

Do come back here, if more clearance required.

Dipesh
Reply With Quote
  #3  
Old 16th November 2009, 21:13
tiedyeguy64 tiedyeguy64 is offline
Junior Member
 
Join Date: Nov 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I appreciate the comments. Unfortunately, I still end up with the same issue - no connection.

I have disabled the firewall (at both ends!) as well, and still no luck.

My logs are showing an initial TCP connection, and then it just drops.

In the end, though, I am in a position where I need a bridged connection - my remote hosts need to be able to see & browse the local network, and routed mode will not allow it to happen.
Reply With Quote
  #4  
Old 19th November 2009, 13:06
dipeshmehta dipeshmehta is offline
Senior Member
 
Join Date: Nov 2008
Location: Rajkot, India
Posts: 173
Thanks: 5
Thanked 13 Times in 13 Posts
Send a message via Yahoo to dipeshmehta Send a message via Skype™ to dipeshmehta
Default

Quote:
Originally Posted by tiedyeguy64 View Post
In the end, though, I am in a position where I need a bridged connection - my remote hosts need to be able to see & browse the local network, and routed mode will not allow it to happen.
you still would have access to entire network with routed mode. I use routed mode of openvpn, and while I am on tour I can access all network resources of office.

Dipesh
Reply With Quote
  #5  
Old 19th November 2009, 14:47
tiedyeguy64 tiedyeguy64 is offline
Junior Member
 
Join Date: Nov 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hmmmm...that's interesting. According to everything I have read (which is a LOT lately!!!), bridged mode will allow browsing of the remote network, while routed mode will not - the [windows] client will not be able to see the browse list served up by Samba.

I'm going to have to try it out, as currently I can get a successful connection from any client I have tried - but that is it. No pinging, nothing. I have tried with ALL firewalls disabled, so I know that is not the issue.

Actually, I am beginning to think that my internal DNS is the issue stopping me now. I am using DNSMasq, and have noticed that it is not always pushing the default gateway to clients, and occasionally seems to drop the name resolution of my server (sometimes a ping by name works, other times I must use the IP to get a successful ping).

Unfortunately, I am not sure if the installation of OpenVPN affected DNSMasq, or if there is a deeper issue with it. I am going to set up a non-production server her for testing today, as I had to get some files up for the office based clients. Any changes on that machine are now on a live server...

Again, thanks so-o-o much for all your input. I will keep pushing away, and let you know what I find out.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
All my mail is going to /var/mail/vmail _sluimers_ Installation/Configuration 21 10th January 2011 13:21
The system is currently updating the configuration files. warlock General 8 21st February 2009 18:15
LB1 Not Taking Over Shared IP Using Heartbeat 2.1.3 On FC10 64Bit asyadiqin Installation/Configuration 5 11th February 2009 20:11
[Help!] OpenVPN NAT issue josesan311 Server Operation 0 30th May 2008 09:28
Mail configuration issue bogdinator Installation/Configuration 37 2nd March 2006 17:32


All times are GMT +2. The time now is 20:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.