Hi,
On Wed, Mar 04, 2009 at 10:17:40AM +0200, Yuriy A. Dmitrishin wrote: > Hi. I'm using OpenVPN server with such configuration: > > /etc/openvpn/server.conf: > > daemon openvpn > local 192.168.0.1 You are listening on 192.168.0.1 with the openvpn server. > port 1194 > proto udp > dev tun1 > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/server.crt > key /etc/openvpn/keys/server.key # This file should be kept secret > dh /etc/openvpn/keys/dh1024.pem > server 10.10.10.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > push "redirect-gateway local def1" > keepalive 10 120 > cipher BF-CBC # Blowfish (default) > comp-lzo > max-clients 10 > user _openvpn > group _openvpn > persist-key > persist-tun > status /var/log/openvpn-status.log > log /var/log/openvpn.log > log-append /var/log/openvpn.log > verb 3 > > Here's my log: > > Fri Feb 20 12:46:10 2009 OpenVPN 2.0.9 i386-unknown-openbsd4.3 [SSL] [LZO] > built on Oct 24 2008 > Fri Feb 20 12:46:10 2009 Diffie-Hellman initialized with 1024 bit key > Fri Feb 20 12:46:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 > EL:0 ] > Fri Feb 20 12:46:10 2009 gw 66.66.66.66 > Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 destroy > Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 create > Fri Feb 20 12:46:10 2009 NOTE: Tried to delete pre-existing tun/tap > instance -- No Problem if failure > Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 10.10.10.1 10.10.10.2 mtu 1500 > netmask 255.255.255.255 up > Fri Feb 20 12:46:10 2009 TUN/TAP device /dev/tun1 opened > Fri Feb 20 12:46:10 2009 /sbin/route add -net 10.10.10.0 10.10.10.2 -netmask > 255.255.255.0 > add net 10.10.10.0: gateway 10.10.10.2 > Fri Feb 20 12:46:10 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 > ET:0 EL:0 AF:3/1 ] > Fri Feb 20 12:46:10 2009 GID set to _openvpn > Fri Feb 20 12:46:10 2009 UID set to _openvpn > Fri Feb 20 12:46:10 2009 UDPv4 link local (bound): 192.168.0.1:1194 You succesfully bound 192.168.0.1 port 1194 on the server. > Fri Feb 20 12:46:10 2009 UDPv4 link remote: [undef] > Fri Feb 20 12:46:10 2009 MULTI: multi_init called, r=256 v=256 > Fri Feb 20 12:46:10 2009 IFCONFIG POOL: base=10.10.10.4 size=62 > Fri Feb 20 12:46:10 2009 IFCONFIG POOL LIST > Fri Feb 20 12:46:10 2009 Initialization Sequence Completed > > Now I'm trying to make a connection on my Linux mashine. > > /etc/openvpn/client.conf: > > client > dev tun > proto udp > remote 66.66.66.66 1194 You are connecting to a public ip address? Instead of 192.168.0.1? Is your server behind a nat rules? Please check your firewall and nat rules. > resolv-retry infinite > nobind > persist-key > persist-tun > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/client1.crt > key /etc/openvpn/keys/client1.key > ns-cert-type server > comp-lzo > verb 3 > ping 10 > ping-restart 60 > > $ openvpn --config /etc/openvpn/client.conf > Wed Mar 4 10:15:51 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] > [EPOLL] [PKCS11] built on Oct 15 2008 > Wed Mar 4 10:15:51 2009 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus > omitted> > Wed Mar 4 10:15:52 2009 LZO compression initialized > Wed Mar 4 10:15:52 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 > ET:0 EL:0 ] > Wed Mar 4 10:15:52 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 > ET:0 EL:0 AF:3/1 ] > Wed Mar 4 10:15:52 2009 Local Options hash (VER=V4): '41690919' > Wed Mar 4 10:15:52 2009 Expected Remote Options hash (VER=V4): '530fdded' > Wed Mar 4 10:15:52 2009 Socket Buffers: R=[112640->131072] > S=[112640->131072] > Wed Mar 4 10:15:52 2009 UDPv4 link local: [undef] > Wed Mar 4 10:15:52 2009 UDPv4 link remote: 66.66.66.66:1194 > Wed Mar 4 10:15:52 2009 read UDPv4 [ECONNREFUSED]: Connection refused > (code=111) > Wed Mar 4 10:15:54 2009 read UDPv4 [ECONNREFUSED]: Connection refused > (code=111) > Wed Mar 4 10:15:56 2009 read UDPv4 [ECONNREFUSED]: Connection refused > (code=111) > ^CWed Mar 4 10:16:24 2009 event_wait : Interrupted system call (code=4) > Wed Mar 4 10:16:24 2009 TCP/UDP: Closing socket > Wed Mar 4 10:16:24 2009 SIGINT[hard,] received, process exiting > > Thanks for your help. No problem. Robert