Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Upon more testing I figured out that the route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 line adds the route to my local network. Problem still remains though, I am unable to browse the web or connect to 10.10.7.1 (Green IP) when connected. I can access web gui from RED on another machine and i see my connection under OpenVPN as established. Something is just screwy with routing looks like. Suggestions? Toby. On Dec 5, 2007 7:57 PM, toby [EMAIL PROTECTED] wrote: NICs are connected correctly. I figured out why i was unable to connect to EFW via public IP. I fat-fingered the gateway :). So now I can connect using OpenVPN. I also enabled DHCP and put it on a 10.10.7.0 network for testing purposes. So now I get a 10.10.7.x address when connecting via VPN. However, I am unable to browse the internet after connecting. My LAN is 192.168.1.0 and after connecting the VPN NIC is 10.10.7.200. So that shouldn't be the problem. I have included text from console after connection has been established. ** begin ** Wed Dec 05 19:48:56 2007 [127.0.0.1] Peer Connection Initiated with 210.x.x.x:1194 Wed Dec 05 19:48:57 2007 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Wed Dec 05 19:48:57 2007 PUSH: Received control message: 'PUSH_REPLY,route-gatew ay 10.10.7.1,route-gateway 10.10.7.1,ping 10,ping-restart 120,redirect-gateway,i fconfig 10.10.7.220 255.255.255.0' Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: timers and/or timeouts modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: --ifconfig/up options modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: route options modified Wed Dec 05 19:48:57 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\ Global\{8F306703-4644-4D92-8D71-50FC27042B8F}.tap Wed Dec 05 19:48:57 2007 TAP-Win32 Driver Version 8.4 Wed Dec 05 19:48:57 2007 TAP-Win32 MTU=1500 Wed Dec 05 19:48:57 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 0.10.7.220/255.255.255.0 on interface {8F306703-4644-4D92-8D71-50FC27042B8F} [DHCP-serv: 10.10.7.0, lease-time: 31536000] Wed Dec 05 19:48:57 2007 Successful ARP Flush on interface [4] {8F306703-4644-4D92-8D71-50FC27042B8F} Wed Dec 05 19:48:57 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:57 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:58 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:58 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:59 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:00 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:00 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:02 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:02 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:03 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Wed Dec 05 19:49:03 2007 route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1 Wed Dec 05 19:49:03 2007 Route deletion via IPAPI succeeded Wed Dec 05 19:49:03 2007 route ADD 0.0.0.0 MASK 0.0.0.0 10.10.7.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 Initialization Sequence Completed ** end ** this line: route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 concerns me because the mask for 210.x.x.x should be 255.255.255.248 and I do not know where it is getting 192.168.1.1. Good news is we are getting closer :) Thanks, Toby On Dec 5, 2007 5:51 PM, compdoc [EMAIL PROTECTED] wrote: Are you sure you've got the red and green nics connected correctly? *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, December 05, 2007 4:12 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I have tried and i cannot connect. I am going to verify I have added port 22 for external access as comp-doc suggested. I thought I had made this change but we shall see. Toby. On Dec 4, 2007 11:08 AM, Kenton and Saundi Brown [EMAIL PROTECTED] wrote: I do now if using an external dhcp will have an affect. I am using the efw dhcp. Are you able to test it from outside the local lan via a public connection using the red interface IP? On 12/3/07, toby [EMAIL PROTECTED] wrote: I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpnto my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Update: I added port 22 for external access and I cannot access public IP via SSH from outside of network. However, if I ssh into a server on LAN ( 192.168.1.0) going through Linksys router WAN (210.x.x.x) I can then SSH 210.x.x.x into efw box. The efw box has its own public IP as does the Linksys box all within the same range that was given to me by ISP. My setup now is as follows: EFW RED: 210.x.x.x EFW GREEN: 10.10.7.1 EFW DHCP: 10.10.7.100 to 10.10.7.120 EFW OpenVPN: 10.10.7.150 to 10.10.7.165 I still can't connect via VPN. I can provide any needed info to further troubleshooting. Toby. On Dec 5, 2007 9:13 AM, toby [EMAIL PROTECTED] wrote: I have tried and i cannot connect. I am going to verify I have added port 22 for external access as comp-doc suggested. I thought I had made this change but we shall see. Toby. On Dec 4, 2007 11:08 AM, Kenton and Saundi Brown [EMAIL PROTECTED] wrote: I do now if using an external dhcp will have an affect. I am using the efw dhcp. Are you able to test it from outside the local lan via a public connection using the red interface IP? On 12/3/07, toby [EMAIL PROTECTED] wrote: I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpnto my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
If you cant connect to openvpn or ssh, your ports are being blocked. Could be several reasons: Public ip setup is wrong (such as the wrong subnet mask, etc), or someone else is using the ip address you’re trying to use. The dsl modem isn’t in bridged mode and is using nat instead. A cable is bad, or the cabling is not correct. The ISP blocks those ports. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Wednesday, December 05, 2007 3:36 PM To: Kenton and Saundi Brown Cc: Efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Update: I added port 22 for external access and I cannot access public IP via SSH from outside of network. However, if I ssh into a server on LAN (HYPERLINK http://192.168.1.0192.168.1.0) going through Linksys router WAN ( 210.x.x.x) I can then SSH 210.x.x.x into efw box. The efw box has its own public IP as does the Linksys box all within the same range that was given to me by ISP. My setup now is as follows: EFW RED: 210.x.x.x EFW GREEN: HYPERLINK http://10.10.7.110.10.7.1 EFW DHCP: HYPERLINK http://10.10.7.10010.10.7.100 to HYPERLINK http://10.10.7.12010.10.7.120 EFW OpenVPN: HYPERLINK http://10.10.7.15010.10.7.150 to HYPERLINK http://10.10.7.16510.10.7.165 I still can't connect via VPN. I can provide any needed info to further troubleshooting. Toby. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
on 12/5/2007 3:12 PM toby spake the following: No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) List the arp entries on your T1 router and compare to the mac address of the EFW routers red card. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) On Dec 5, 2007 5:11 PM, compdoc [EMAIL PROTECTED] wrote: If you cant connect to openvpn or ssh, your ports are being blocked. Could be several reasons: Public ip setup is wrong (such as the wrong subnet mask, etc), or someone else is using the ip address you're trying to use. The dsl modem isn't in bridged mode and is using nat instead. A cable is bad, or the cabling is not correct. The ISP blocks those ports. *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, December 05, 2007 3:36 PM *To:* Kenton and Saundi Brown *Cc:* Efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Update: I added port 22 for external access and I cannot access public IP via SSH from outside of network. However, if I ssh into a server on LAN ( 192.168.1.0) going through Linksys router WAN ( 210.x.x.x) I can then SSH 210.x.x.x into efw box. The efw box has its own public IP as does the Linksys box all within the same range that was given to me by ISP. My setup now is as follows: EFW RED: 210.x.x.x EFW GREEN: 10.10.7.1 EFW DHCP: 10.10.7.100 to 10.10.7.120 EFW OpenVPN: 10.10.7.150 to 10.10.7.165 I still can't connect via VPN. I can provide any needed info to further troubleshooting. Toby. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Are you sure you’ve got the red and green nics connected correctly? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Wednesday, December 05, 2007 4:12 PM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
NICs are connected correctly. I figured out why i was unable to connect to EFW via public IP. I fat-fingered the gateway :). So now I can connect using OpenVPN. I also enabled DHCP and put it on a 10.10.7.0 network for testing purposes. So now I get a 10.10.7.x address when connecting via VPN. However, I am unable to browse the internet after connecting. My LAN is 192.168.1.0and after connecting the VPN NIC is 10.10.7.200. So that shouldn't be the problem. I have included text from console after connection has been established. ** begin ** Wed Dec 05 19:48:56 2007 [127.0.0.1] Peer Connection Initiated with 210.x.x.x:1194 Wed Dec 05 19:48:57 2007 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Wed Dec 05 19:48:57 2007 PUSH: Received control message: 'PUSH_REPLY,route-gatew ay 10.10.7.1,route-gateway 10.10.7.1,ping 10,ping-restart 120,redirect-gateway,i fconfig 10.10.7.220 255.255.255.0' Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: timers and/or timeouts modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: --ifconfig/up options modified Wed Dec 05 19:48:57 2007 OPTIONS IMPORT: route options modified Wed Dec 05 19:48:57 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\ file://./ Global\{8F306703-4644-4D92-8D71-50FC27042B8F}.tap Wed Dec 05 19:48:57 2007 TAP-Win32 Driver Version 8.4 Wed Dec 05 19:48:57 2007 TAP-Win32 MTU=1500 Wed Dec 05 19:48:57 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 0.10.7.220/255.255.255.0 on interface {8F306703-4644-4D92-8D71-50FC27042B8F} [DHCP-serv: 10.10.7.0, lease-time: 31536000] Wed Dec 05 19:48:57 2007 Successful ARP Flush on interface [4] {8F306703-4644-4D92-8D71-50FC27042B8F} Wed Dec 05 19:48:57 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:57 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:58 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:58 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:48:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:48:59 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:00 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:00 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:02 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Wed Dec 05 19:49:02 2007 Route: Waiting for TUN/TAP interface to come up... Wed Dec 05 19:49:03 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Wed Dec 05 19:49:03 2007 route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1 Wed Dec 05 19:49:03 2007 Route deletion via IPAPI succeeded Wed Dec 05 19:49:03 2007 route ADD 0.0.0.0 MASK 0.0.0.0 10.10.7.1 Wed Dec 05 19:49:03 2007 Route addition via IPAPI succeeded Wed Dec 05 19:49:03 2007 Initialization Sequence Completed ** end ** this line: route ADD 210.x.x.x MASK 255.255.255.255 192.168.1.1 concerns me because the mask for 210.x.x.x should be 255.255.255.248 and I do not know where it is getting 192.168.1.1. Good news is we are getting closer :) Thanks, Toby On Dec 5, 2007 5:51 PM, compdoc [EMAIL PROTECTED] wrote: Are you sure you've got the red and green nics connected correctly? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Wednesday, December 05, 2007 4:12 PM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN No ports are blocked as this is a commercial T1 account. I have modem connected to gigabit switch and devices needing public IPs are connected to it and said devices are setup with static IPs from range given by ISP. I will check to make sure I haven't given another device the IP address and just forgot that I set it :) No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.14/1172 - Release Date: 12/5/2007 8:41 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpn to my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Certainly worth enabling for testing. I once had trouble connecting. I found that the user account I had created had stopped working. I had to delete the account and recreate it. This seemed to occur after I had created and then edited the account, or maybe made some major change to the system. I don’t really know why it stopped working, but after recreating it, it worked. You seem to not be receiving the key (cert), or you’re not sending it. The client is outside the lan? Can you connect by ssh? Also, maybe rename the cert to .cer, or find out why yours are ending in .pem Map looks fine. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Monday, December 03, 2007 9:54 PM To: [EMAIL PROTECTED] Cc: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. 007 12:20 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.13/1167 - Release Date: 12/3/2007 12:20 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
This is very odd. I simply click the Download CA link in web interface and it saves as .pem. Changing the file to .crt and modifying client.ovpn file to reflect the change makes no difference. The only way I can ssh into the EFW box is to ssh into another machine on LAN and then SSH into the GREEN NIC. It would be nice if I could SSH into the RED NIC and just disable root from SSH. Toby. On Dec 4, 2007 12:14 AM, compdoc [EMAIL PROTECTED] wrote: Certainly worth enabling for testing. I once had trouble connecting. I found that the user account I had created had stopped working. I had to delete the account and recreate it. This seemed to occur after I had created and then edited the account, or maybe made some major change to the system. I don't really know why it stopped working, but after recreating it, it worked. You seem to not be receiving the key (cert), or you're not sending it. The client is outside the lan? Can you connect by ssh? Also, maybe rename the cert to .cer, or find out why yours are ending in .pem Map looks fine. *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Monday, December 03, 2007 9:54 PM *To:* [EMAIL PROTECTED] *Cc:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. 007 12:20 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.13/1167 - Release Date: 12/3/2007 12:20 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I don’t think we’re on the same page. It’s ok to use whatever DHCP server you wish, but I’m pretty sure that openvpn needs to provide the client with an ip address that’s in the same range as the green. And it should be a range that’s not used by your DHCP server. That’s what the ip pool on the openvpn server tab is for. I believe that besides just an ip addy, other info like routes are provided when the client connects. Also, your client’s (home PC?) local lan, and the green lan should be different ip ranges. Otherwise it wont be able to route traffic properly. And by ‘broadband router’, I meant the dsl/cable modem. All of your servers/routers/firewalls have to be behind that. And if that modem is port forwarding 1194 to the other openvpn server, then you’ll never get to the efw box. Is the modem in bridge mode with external ip addresses assigned directly to your firewalls? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Friday, November 30, 2007 11:37 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN I am not allowing EFW to be DHCP server as I have another box doing that (Linksys) once I iron out VPN issue I will make EFW DHCP server. You do bring up a good point about OVPN IPs being same as GREEN. GREEN is HYPERLINK http://192.168.1.0192.168.1.0 and OVPN is HYPERLINK http://10.8.0.010.8.0.0 I will make this change and see if that works. I do have cert in same folder and client config. Thing is I can connect to current OVPN server fine. Clueless as to why I can't from EFW using cert from EFW and user created in EFW. Again, remember EFW is on its own separate public IP and is not going through linksys router that is on its own separate public IP. I also have everything else setup like you mentioned in previous post. Any other ideas? Toby. On Nov 30, 2007 12:12 PM, compdoc HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: Well, you do need to place the cert from the efw into the config folder on your windows pc, and have an account set up for the user with the proper password. If the GUI client works on another server, then Im guessing you know these things. I use all lower case letters for usernames, since nix tends to go that way, but I don't know if efw cares about uppercase or not. And do not port forward the openvpn port (1194 udp) anywhere in the port forwarding section, or add it to the External Access section of the Firewall tab. That's not necessary. Also, make sure the OpenVPN Server is enabled, and I set the Block DHCP responses coming from tunnel, but that shouldn't stop you either way. Do you have an ip address pool set in the server? Should be in the same range as the lan on green... I don't see any errors in your sample logons below, unless Im missing something. What do you think is the problem? Is it possible your broadband router or ISP is blocking 1194? From: HYPERLINK mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:HYPERLINK mailto:[EMAIL PROTECTED] \n [EMAIL PROTECTED] On Behalf Of toby Sent: Friday, November 30, 2007 8:19 AM To: HYPERLINK mailto:efw-user@lists.sourceforge.net; [EMAIL PROTECTED] Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Any ideas why I can't connect to Endian's OpenVPN server? Toby. On Nov 29, 2007 1:11 PM, toby HYPERLINK mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have no blank lines in my client.ovpn file. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.11/1161 - Release Date: 11/30/2007 12:12 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. HYPERLINK http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4; \nhttp://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list HYPERLINK mailto:Efw-user@lists.sourceforge.net[EMAIL PROTECTED] forge.net HYPERLINK https://lists.sourceforge.net/lists/listinfo/efw-user; \nhttps://lists.sourceforge.net/lists/listinfo/efw-user No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.11/1161 - Release Date: 11/30/2007 12:12 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.11/1161 - Release Date: 11/30/2007 12:12 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I am not allowing EFW to be DHCP server as I have another box doing that (Linksys) once I iron out VPN issue I will make EFW DHCP server. You do bring up a good point about OVPN IPs being same as GREEN. GREEN is 192.168.1.0 and OVPN is 10.8.0.0 I will make this change and see if that works. I do have cert in same folder and client config. Thing is I can connect to current OVPN server fine. Clueless as to why I can't from EFW using cert from EFW and user created in EFW. Again, remember EFW is on its own separate public IP and is not going through linksys router that is on its own separate public IP. I also have everything else setup like you mentioned in previous post. Any other ideas? Toby. On Nov 30, 2007 12:12 PM, compdoc [EMAIL PROTECTED] wrote: Well, you do need to place the cert from the efw into the config folder on your windows pc, and have an account set up for the user with the proper password. If the GUI client works on another server, then Im guessing you know these things. I use all lower case letters for usernames, since nix tends to go that way, but I don't know if efw cares about uppercase or not. And do not port forward the openvpn port (1194 udp) anywhere in the port forwarding section, or add it to the External Access section of the Firewall tab. That's not necessary. Also, make sure the OpenVPN Server is enabled, and I set the Block DHCP responses coming from tunnel, but that shouldn't stop you either way. Do you have an ip address pool set in the server? Should be in the same range as the lan on green... I don't see any errors in your sample logons below, unless Im missing something. What do you think is the problem? Is it possible your broadband router or ISP is blocking 1194? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Friday, November 30, 2007 8:19 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Any ideas why I can't connect to Endian's OpenVPN server? Toby. On Nov 29, 2007 1:11 PM, toby [EMAIL PROTECTED] wrote: I have no blank lines in my client.ovpn file. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.11/1161 - Release Date: 11/30/2007 12:12 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Well, you do need to place the cert from the efw into the config folder on your windows pc, and have an account set up for the user with the proper password. If the GUI client works on another server, then Im guessing you know these things. I use all lower case letters for usernames, since nix tends to go that way, but I don’t know if efw cares about uppercase or not. And do not port forward the openvpn port (1194 udp) anywhere in the port forwarding section, or add it to the External Access section of the Firewall tab. That’s not necessary. Also, make sure the OpenVPN Server is enabled, and I set the Block DHCP responses coming from tunnel, but that shouldn’t stop you either way. Do you have an ip address pool set in the server? Should be in the same range as the lan on green... I don’t see any errors in your sample logons below, unless Im missing something. What do you think is the problem? Is it possible your broadband router or ISP is blocking 1194? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Friday, November 30, 2007 8:19 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Any ideas why I can't connect to Endian's OpenVPN server? Toby. On Nov 29, 2007 1:11 PM, toby HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: I have no blank lines in my client.ovpn file. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.11/1161 - Release Date: 11/30/2007 12:12 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Any ideas why I can't connect to Endian's OpenVPN server? Toby. On Nov 29, 2007 1:11 PM, toby [EMAIL PROTECTED] wrote: I have no blank lines in my client.ovpn file. On Nov 29, 2007 12:53 PM, compdoc [EMAIL PROTECTED] wrote: In the email I sent, there were no blank lines between the commands in the client.ovpn. But there are in your reply. Is that my mail client adding those extra blank lines? They shouldn't be there... *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 10:02 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Seriously, when I download cert from EFW web interface it saves as .pem automatically I did not have to rename it or anything. On Nov 29, 2007 10:57 AM, compdoc [EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 9:33 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
When I save a cert from any efw, it gets a .cer file name extension. How’d you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Thursday, November 29, 2007 9:33 AM To: efw-user@lists.sourceforge.net Subject: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See HYPERLINK http://openvpn.net/howto.html#mitmhttp://openvpn.net/howto .html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I just renamed it .pem :) On Nov 29, 2007 10:57 AM, compdoc [EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 9:33 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
In the email I sent, there were no blank lines between the commands in the client.ovpn. But there are in your reply. Is that my mail client adding those extra blank lines? They shouldn’t be there... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Thursday, November 29, 2007 10:02 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Seriously, when I download cert from EFW web interface it saves as .pem automatically I did not have to rename it or anything. On Nov 29, 2007 10:57 AM, compdoc HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... From: HYPERLINK mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:HYPERLINK mailto:[EMAIL PROTECTED] \n [EMAIL PROTECTED] On Behalf Of toby Sent: Thursday, November 29, 2007 9:33 AM To: HYPERLINK mailto:efw-user@lists.sourceforge.net; [EMAIL PROTECTED] Subject: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See HYPERLINK http://openvpn.net/howto.html#mitm; \nhttp://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. HYPERLINK http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4; \nhttp://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list HYPERLINK mailto:Efw-user@lists.sourceforge.net[EMAIL PROTECTED] forge.net HYPERLINK https
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I have no blank lines in my client.ovpn file. On Nov 29, 2007 12:53 PM, compdoc [EMAIL PROTECTED] wrote: In the email I sent, there were no blank lines between the commands in the client.ovpn. But there are in your reply. Is that my mail client adding those extra blank lines? They shouldn't be there... *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 10:02 AM *To:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN Seriously, when I download cert from EFW web interface it saves as .pem automatically I did not have to rename it or anything. On Nov 29, 2007 10:57 AM, compdoc [EMAIL PROTECTED] wrote: When I save a cert from any efw, it gets a .cer file name extension. How'd you get .pem? Heres my working client.ovpn: client float dev tap proto udp port 1194 remote xxx.xxx.xxx.xxx resolv-retry infinite nobind persist-key persist-tun ca lasvegas.cer auth-user-pass pull comp-lzo Name the cert whatever makes sense... *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Thursday, November 29, 2007 9:33 AM *To:* efw-user@lists.sourceforge.net *Subject:* [Efw-user] New efw 2.1.2 installation unable to OpenVPN Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:28:08 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:28:08 2007 LZO compression initialized Thu Nov 29 10:28:08 2007 UDPv4 link local: [undef] Thu Nov 29 10:28:08 2007 UDPv4 link remote: 201.x.x.x:1194 Thu Nov 29 10:29:08 2007 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Thu Nov 29 10:29:08 2007 TLS Error: TLS handshake failed Thu Nov 29 10:29:08 2007 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 29 10:29:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16and earl ier used 5000 as the default port. Thu Nov 29 10:29:10 2007 Re-using SSL/TLS context Thu Nov 29 10:29:10 2007 LZO compression initialized Thu Nov 29 10:29:10 2007 UDPv4 link local: [undef] Thu Nov 29 10:29:10 2007 UDPv4 link remote: 201.x.x.x:1194 Also, my current OpenVPN server works and is on a different public IP and it is not connected to Endian FW. I want to replace current OpenVPN server with Endian FW as it provides more features (content filtering, proxy, etc.) Thanks, Toby. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007 11:10 AM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists