Re: openvpn - client not connecting
On Thu, 2009-11-19 at 22:20 +1300, Roger Searle wrote: > Thu Nov 19 19:34:33 2009 TLS Error: TLS key negotiation failed to > occur > within 60 seconds (check your network connectivity) > Thu Nov 19 19:34:33 2009 TLS Error: TLS handshake failed It is a networking problem somewhere along the line. Is the OpenVPN server recognising the clients attempt to connect? Could you show the config files for bth client and server?? Cheers, Steve
Re: openvpn - client not connecting
Steve Holdoway wrote: On Thu, 2009-11-19 at 22:20 +1300, Roger Searle wrote: Thu Nov 19 19:34:33 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Nov 19 19:34:33 2009 TLS Error: TLS handshake failed It is a networking problem somewhere along the line. Is the OpenVPN server recognising the clients attempt to connect? Could you show the config files for bth client and server?? Cheers, Steve Sure, unfortunately will have to wait until tonight as I can't get to the client config partition from here. I can get to the server from home though. Is it better to send full config files, or remove all the commented lines? Where would I look to see if the server is seeing the client connect attempts? 2 places I know to look are /var/log/messages and log file as specified via the server config - is there anywhere else I should be looking? Cheers, Roger
Re: openvpn - client not connecting
From your logs, it looks like the incoming packet is being sent to your server. Could it be that IPCop is blocking the outgoing traffic on 1194/UDP? You can wind up the debugging on the server ( verb 9 ) to get it to log just about everything. It'd be good to see the packets arriving from the outside world. For example... -- 8< -- port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 192.168.99.0 255.255.255.0 push "route 192.168.99.0 255.255.255.0" route 192.168.99.0 255.255.255.0 keepalive 10 120 comp-lzo status /var/log/openvpn/status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 9 -- 8< -- creates all virtual interfaces on the 192.168.99.0/24 subnet, and at least 6 tons of logging. ( and ensure /var/log/openvpn exists! ) On Fri, 2009-11-20 at 11:18 +1300, Roger Searle wrote: > Steve Holdoway wrote: > > On Thu, 2009-11-19 at 22:20 +1300, Roger Searle wrote: > > > >> Thu Nov 19 19:34:33 2009 TLS Error: TLS key negotiation failed to > >> occur > >> within 60 seconds (check your network connectivity) > >> Thu Nov 19 19:34:33 2009 TLS Error: TLS handshake failed > >> > > > > It is a networking problem somewhere along the line. Is the OpenVPN > > server recognising the clients attempt to connect? > > > > Could you show the config files for bth client and server?? > > > > Cheers, > > > > Steve > > > > > Sure, unfortunately will have to wait until tonight as I can't get to > the client config partition from here. I can get to the server from > home though. Is it better to send full config files, or remove all the > commented lines? > > Where would I look to see if the server is seeing the client connect > attempts? 2 places I know to look are /var/log/messages and log file as > specified via the server config - is there anywhere else I should be > looking? > > Cheers, > Roger -- Steve Holdoway http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0 signature.asc Description: This is a digitally signed message part
Re: openvpn - client not connecting
Hi have something quite similar here, except: Not the "push route" and "route" lines - comments in the file say "Push routes to the client to allow it to reach other private subnets behind the server". Since I don't want to do so, wanting to connect to the server only, this line is commented out. Thought that is correct/OK? I'm using log-append, not log. Have set verb 9 and will examine tonight. steve wrote: From your logs, it looks like the incoming packet is being sent to your server. Could it be that IPCop is blocking the outgoing traffic on 1194/UDP? You can wind up the debugging on the server ( verb 9 ) to get it to log just about everything. It'd be good to see the packets arriving from the outside world. For example... -- 8< -- port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 192.168.99.0 255.255.255.0 push "route 192.168.99.0 255.255.255.0" route 192.168.99.0 255.255.255.0 keepalive 10 120 comp-lzo status /var/log/openvpn/status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 9 -- 8< -- creates all virtual interfaces on the 192.168.99.0/24 subnet, and at least 6 tons of logging. ( and ensure /var/log/openvpn exists! ) On Fri, 2009-11-20 at 11:18 +1300, Roger Searle wrote: Steve Holdoway wrote: On Thu, 2009-11-19 at 22:20 +1300, Roger Searle wrote: Thu Nov 19 19:34:33 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Nov 19 19:34:33 2009 TLS Error: TLS handshake failed It is a networking problem somewhere along the line. Is the OpenVPN server recognising the clients attempt to connect? Could you show the config files for bth client and server?? Cheers, Steve Sure, unfortunately will have to wait until tonight as I can't get to the client config partition from here. I can get to the server from home though. Is it better to send full config files, or remove all the commented lines? Where would I look to see if the server is seeing the client connect attempts? 2 places I know to look are /var/log/messages and log file as specified via the server config - is there anywhere else I should be looking? Cheers, Roger
Re: openvpn - client not connecting
Would any IPCop gurus be able to confirm the correct way to configure, or of confirming/testing, so that I know outgoing UDP/1194 is allowed? I have a port forwarding rule as follows - is this all I need: Protocol UDP, Alias IP = Default IP, Source port 1194, Destination IP 10.2.1.201, Destination Port 1194. with the additional "Add external access" enabled. Cheers, Roger steve wrote: From your logs, it looks like the incoming packet is being sent to your server. Could it be that IPCop is blocking the outgoing traffic on 1194/UDP?
Re: openvpn - client not connecting
On Fri, Nov 20, 2009 at 2:19 PM, Roger Searle wrote: > Would any IPCop gurus be able to confirm the correct way to configure, or of > confirming/testing, so that I know outgoing UDP/1194 is allowed? > > I have a port forwarding rule as follows - is this all I need: > Protocol UDP, Alias IP = Default IP, Source port 1194, Destination IP > 10.2.1.201, Destination Port 1194. > > with the additional "Add external access" enabled. IPCOP does not have restrictions on outgoing traffic (unless that has been added since I last used it).
Re: Change gnome mount point
On Thu, 12 Nov 2009, Douglas Royds wrote: Why can't I convince hal to mount by USB drive where I want it to? I need it to mount at /media/Port-Docs (as it used to) so that I can use my old Unison Can I suggest the evil, but very pragmatic... ln -s /wherever/gmount/put/the/damn/thing /media/Port-Docs John Carter Phone : (64)(3) 358 6639 Tait ElectronicsFax : (64)(3) 359 4632 PO Box 1645 ChristchurchEmail : john.car...@tait.co.nz New Zealand
