I followed the KB and i still can't connect. I am not using EFW's DHCP
server. Does that matter? I continue to get the same error messages that I
posted earlier.
"
Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed
Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket
Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process
restarting
Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s)
"
I've included an ASCII network diagram below.
EFW Router
|
|
|
------------------------------------------------------
| |
Red Green
(201.x.x.x) (192.168.1.5)
| |
ISP Modem 10/100 Switch
|
Workstations, Linksys
Router w/ 4-port switch (LAN side)
NOTE: Green is plugged into Linksys router's 4-port switch side so it can
communicate with other machines on 192.168.1.0 network. The Linksys is also
the DHCP server as of now. Another thing to note is that i have 4 public IPs
from network provider so EFW has its own public IP as does the Linksys.
Thoughts?
Toby.
On Dec 3, 2007 5:06 AM, <[EMAIL PROTECTED]> wrote:
> It took me several hours to get VPN working. I finally found the KB
> article: http://kb.endian.com/entry/12/ which works exactly as written.
> This eliminated one area for troubleshooting. I copied the certificate and
> named it the same as the article although the name makes no difference as
> long as it matches the conf file.
>
> As you must already know the openvpn section of efw must have an ip range
> set outside of your dynamic range. Of course it is in the same range as
> your green interface.
>
> I was trying to connect my vpn from my machine on my green interface to my
> public red interface public address. This did not work with the same error
> you are getting. I then changed the server in the client.ovpn to my green
> interface ip and then connect my machine to a wireless gateway router. This
> put me on a different subnet than my green interface. The gateway router
> wan connector was connected to the green interface via a switch. I was then
> able to make a vpn connection. Next I put the gateway wireless router on a
> public interface giving the wan connector a public ip address. I made a new
> config for connecting from outside my network via a public interface by
> changing the server parameter in the ovpn file to my red interface public ip
> address. Now I could make a vpn connection from the public side of my
> system. I have two ovpn files. One for connecting within my private net
> and one for connecting from the public.
>
> The other issue I had to overcome was windows vista. I finally noticed
> that openvpn has a vista release canidate version. I do not know if the xp
> version would work on vista or not as I had already upgraded before I fixed
> my other issues.
>
>
>
>
>
> toby-35 wrote:
> >
> > Hello all,
> >
> > I recently installed Endian 2.1.2 community edition and my hope is to
> use
> > it
> > to replace my existing OpenVPN server that is currently being used as a
> > file
> > server as well. I went throught the OpenVPN configuration process,
> > downloaded cert and created client.ovpn configuration file (see below)
> and
> > I
> > get the following error message (also, see below) What have I missed?
> >
> > client.ovpn (using Windows XP OpenVPN GUI client)
> > client
> > dev tun
> > proto udp
> > remote 201.x.x.x
> > resolv-retry infinite
> > nobind
> > persist-key
> > persist-tun
> > ca cacert.pem
> > auth-user-pass
> > comp-lzo
> >
> > error message (received on client)
> > Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
> > Oct 1 2
> > 006
> > Enter Auth Username:test
> > Enter Auth Password:
> > Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now
> > 1194, b
> > ased on an official port number assignment by IANA. OpenVPN 2.0-beta16
> > and
> > earl
> > ier used 5000 as the default port.
> > Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification
> > method
> > has
> > been enabled. See http://openvpn.net/howto.html#mitm for more info.
> > Thu Nov 29 10:25:02 2007 LZO compression initialized
> > Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef]
> > Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194
> >
> > I later added, ns-cert-type server, to server log to resolve the warning
> > message. Now I connection output looks like the following:
> >
> > Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
> > Oct
> > 1 2
> > 006
> > Enter Auth Username:test
> > Enter Auth Password:
> > Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now
> > 1194, b
> > ased on an official port number assignment by IANA. OpenVPN 2.0-beta16
> > and
> > earl
> > ier used 5000 as the default port.
> > Thu Nov 29 10:28:08 2007 LZO compression initialized
> > Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef]
> > Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194
> > Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur
> > within 6
> > 0 seconds (check your network connectivity)
> > Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed
> > Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process
> > restarting
> > Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now
> > 1194, b
> > ased on an official port number assignment by IANA. OpenVPN 2.0-beta16
> > and
> > earl
> > ier used 5000 as the default port.
> > Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context
> > Thu Nov 29 10:29:10 2007 LZO compression initialized
> > Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef]
> > Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194
> >
> > Also, my current OpenVPN server works and is on a different public IP
> and
> > it
> > is not connected to Endian FW. I want to replace current OpenVPN server
> > with
> > Endian FW as it provides more features (content filtering, proxy, etc.)
> >
> > Thanks,
> >
> > Toby.
> >
> >
> -------------------------------------------------------------------------
> > SF.Net email is sponsored by: The Future of Linux Business White Paper
> > from Novell. From the desktop to the data center, Linux is going
> > mainstream. Let it simplify your IT future.
> > http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> > _______________________________________________
> > Efw-user mailing list
> > Efw-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/efw-user
> >
> >
> Quoted from:
>
> http://www.nabble.com/New-efw-2.1.2-installation-unable-to-OpenVPN-tf4898373.html#a14029570
>
>
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
