You are not logged in.
I'm trying to create openvpn config, i was succeeded but can't ping to the destination router. Any idea? Thanks
Offline
Please show us your openvpn configuration files.
EDIT: ... and the openvpn log entries.
Last edited by demaio (2015-09-12 08:40:22)
Offline
here's my config
client
dev tun
proto tcp
remote xxx
resolv-retry infinite
auth-nocache
script-security 2
nobind
persist-key
persist-tun
mute-replay-warnings
#ca cert.crt
ns-cert-type server
auth-user-pass
comp-lzo
verb 3
#http-proxy xxx xxx
#http-proxy-retry
and here's the log
Sun Sep 13 23:53:08 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 2 2014
Sun Sep 13 23:53:08 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Enter Auth Username: ***************
Enter Auth Password: ****************
Sun Sep 13 23:54:05 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 13 23:54:05 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock]
Sun Sep 13 23:54:06 2015 TCP connection established with [AF_INET]xx:1194
Sun Sep 13 23:54:06 2015 TCPv4_CLIENT link local: [undef]
Sun Sep 13 23:54:06 2015 TCPv4_CLIENT link remote: [AF_INET]xx:1194
*****
*****
Sun Sep 13 23:54:06 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 13 23:54:06 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 13 23:54:06 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 13 23:54:06 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 13 23:54:06 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Sep 13 23:54:06 2015 [server] Peer Connection Initiated with [AF_INET]xx:1194
Sun Sep 13 23:54:09 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Sep 13 23:54:09 2015 PUSH: Received control message: 'PUSH_REPLY,route xx 255.255.0.0,route xx 255.255.255.252,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.255.0,route xx 255.255.255.0,route 192.168.50.0 255.255.255.0,dhcp-option DNS xx,route xx,topology net30,ping 10,ping-restart 120,ifconfig xx xx'
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: route options modified
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 13 23:54:09 2015 ROUTE_GATEWAY xx/255.255.252.0 IFACE=wlp2s0 HWADDR=yyyy
Sun Sep 13 23:54:09 2015 TUN/TAP device tun0 opened
Sun Sep 13 23:54:09 2015 TUN/TAP TX queue length set to 100
Sun Sep 13 23:54:09 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Sep 13 23:54:09 2015 /usr/bin/ip link set dev tun0 up mtu 1500
Sun Sep 13 23:54:09 2015 /usr/bin/ip addr add dev tun0 local xx peer xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/30 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/24 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/24 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/24 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/32 via xx
Sun Sep 13 23:54:09 2015 Initialization Sequence Completed
Sun Sep 13 23:56:09 2015 [server] Inactivity timeout (--ping-restart), restarting
Sun Sep 13 23:56:09 2015 SIGUSR1[soft,ping-restart] received, process restarting
Sun Sep 13 23:56:09 2015 Restart pause, 5 second(s)
Sun Sep 13 23:56:14 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 13 23:56:14 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock]
Sun Sep 13 23:56:24 2015 TCP: connect to [AF_INET]xx:1194 failed, will try again in 5 seconds: Connection timed out
Last edited by rvu95 (2015-09-13 17:06:37)
Offline
Offline
Is "comp-lzo" enabled on the server side? I had ping/routing errors when it is enabled on one side but not the other.
Offline
How I could used it?
Is "comp-lzo" enabled on the server side? I had ping/routing errors when it is enabled on one side but not the other.
It's enabled on the server side.
Last edited by rvu95 (2015-09-14 11:46:51)
Offline
jasonwryan wrote:How I could used it?
Use the code tags for pasting config and log files, so that others can distinguish between code and your own words.
It's enabled on the server side.
The next things I would try are:
make sure that all other settings are compatible between server and client config
disable all possible firewalls between server and client
switch to UDP (not really sure about that, but we only use UDP in all our VPN tunnels)
ping IP address of server instead name to eliminate DNS problems
ping directly from client to server to eliminate routing problems
EDIT: check MTU sizes on all networks, I have seen problems with MTU on some home DSL modem-routers
Our VPN setup uses certificates instead of username/password auth, so I'm not sure if the latter can cause the problems.
Last edited by demaio (2015-09-15 06:13:36)
Offline