|
trouble starting the openvpn server!Hi there,
I'm trying to setup an OpenVPN server on my Windows Seven box.
OS: Windows Seven Ultimate DD-wrt: v24-sp2 router: Asus RT-N16
After a few tires and quite a bit of research and troubleshooting, I finally followed all the steps to create cert authority, server and client certificates no problem. I also successfully generated the Diffie-Hellman params and HMAC signature. The port forwarding and dynamic dns and so on is also set up properly.
However, when I tried to start the server: ("right-click on the .ovpn file & hit 'start OpenVPN on this file'), I got: "Options warning: Bad backslash ('\') usage in C:\Program Files\OpenVPN\config\se rver.ovpn:24: remember that backslashes are treated as shell-escapes and if you need to pass backslash characters as part of a Windows filename, you should use double backslashes such as "c:\\openvpn\\static.key" Use --help for more information. Press any key to continue..."
After changing the backslashes to double backslashes in the server.ovpn file and trying again I got: "Options error: --server directive network/netmask combination is invalid Use --help for more information. Press any key to continue..."
Unfortunately, I'm stuck. Have searched a lot, but couldn't find a solution..Please help!!
Thank you very much in advance! |
|
|
Its been a long long time since I ran an OpenVPN server/client but here are my old config files that maybe of interest. Note my small how-to link at the end of this reply no longer exists... » Re: openvpn vista 64 backslash issueMore examples from OZO... » Re: Windows 2003 VPNPerhaps if you posted a copy of your server config file someone could help further. |
|
|
Thanks for your reply!
Below is a copy of my server.ovpn. I've tried it with full addresses also. same thing. Please help!!
### SERVER CONFIG FILE ###
# lines starting with # or ; will not be read by OpenVPN
local 192.168.1.139 #### CHANGE. This is the IP address of the real (not tun/tap) network interface of the server. Find it using 'run > cmd > ipconfig'.
port 11967 #### CHANGE. This is the port the service will listen on. See 'Configure your Router' section for recommendation.
proto udp
mssfix 1400
push "dhcp-option DNS 8.8.8.8" #### CHANGE. Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS).
#push "dhcp-option DNS X.X.X.X" #### CHANGE (OPTIONAL). A second DNS server. If you have one, remove the #.
dev tap
#dev-node MyTAP #### CHECK. If you renamed your TAP interface or have more than one TAP interface, remove the # and change "MyTAP" to its name.
ca "ca.crt"
cert "server.crt"
key "server.key" # Never take this file off the server.
dh "dh2048.pem"
tls-auth ta.key 0 # 'ta.key' must be in the config folder.
server 192.168.1.139 255.255.255.0 #### CHECK. Assigns the virtual IP address and subent to the VPN. Make sure you add this to your Router (section 4i).
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1" # This will force the clients to use the home network's internet connection
keepalive 10 120
cipher AES-128-CBC # Connection will be encrypted with AES 128-bit.
comp-lzo
max-clients 100 #### CHECK. Assigns the maximum number of clients here, change according to your setup.
persist-key
persist-tun
status openvpn-status.log
verb 1 # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting. |
|
1 edit
1 recommendation |
change "server 192.168.1.139 255.255.255.0" to "server 192.168.1.0 255.255.255.0"
server defines the network range, not the ip address. |
|
TheMole |
to parachuter2b
also, i'm guessing your physical NIC IP address is 192.168.1.x, if that is the case you need to ensure your OpenVPN network interface is something other than the 192.168.1.x.
so, to keep things simple, i'd recommend changing the line to:
"server 192.168.200.0 255.255.255.0" where you can change the .200. to some other number than .1.
here is my config, on a unix box. 192.168.1.26 is my physical NIC, 192.168.210.0 is my VPN range:
root@pbx2:/etc/openvpn $ more server.conf port 2010 proto udp dev tap ca ./xxx/ca.crt cert ./xxx/server.crt key ./xxx/server.key dh ./xxx/dh1024.pem tls-auth ./xxx/ta.key 0 server 192.168.210.0 255.255.255.0 ifconfig-pool-persist ./xxx/ipp.txt keepalive 10 120 cipher BF-CBC comp-lzo ;user nobody ;group users persist-key persist-tun status ./xxx/openvpn-status.log client-to-client verb 4 route 192.168.1.0 255.255.255.0 192.168.210.1 route 192.168.5.0 255.255.255.0 192.168.210.2 client-config-dir ./xxx/ClientConfigDir |
|
1 edit |
OMG! Thank you very muhc!!! Servers up now! Cant believe I was tied up over such a stupid mistake.
So I tethered my phone to connect my two laptops to it and run tests:
1. Lenovo. OS: Win Seven Ultimate 2. Asus. OS: Win 8
Both clients do connect to the server (or at least the OpenVPN says so), but the Lenovo has no internet connection and the Asus, though connected to the internet, doesn't show a different global IP. Here's the IP of the Asus before and after connecting to the OpenVPN server:
IP Information: 199.119.232.226 ISP: Globalive Wireless Management Corp. Organization: Globalive Wireless Management Corp. Services: Suspected Network Sharing Device City: Toronto Region: Ontario Country: Canada
Two more things: 1. I disabled the firewall momentarily on both the server and the Lenovo just to rule out the possibility. No change. 2. The Lenovo connects to a StrongVPN OpenVPN server no problem.
I am going to post what ipconfig gives me on both machines before & after connecting to openvpn (not sure if it's gonna help though?)
I'm running out of ideas. What else should I check for? Thank you for your time again!!!!
ps. There was no IP conflict. The laptops weren't connected to the server at the same time.
Lenovo before connecting to OpenVPN:
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::bdf0:a7b3:681b:a5df%13 IPv4 Address. . . . . . . . . . . : 192.168.43.9 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.43.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : wireless.utoronto.ca
Tunnel adapter isatap.{28F9D4EC-5F4F-46E3-BDA5-A5D0522DA30D}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FDE6457B-0A62-49C5-9760-C080A123566D}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:345f:5e98:3888:1718 Link-local IPv6 Address . . . . . : fe80::345f:5e98:3888:1718%14 Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.wireless.utoronto.ca:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Lenovo after connecting to OpenVPN:
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::b990:7cf3:4348:ac47%16 IPv4 Address. . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.128 Default Gateway . . . . . . . . . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::bdf0:a7b3:681b:a5df%13 IPv4 Address. . . . . . . . . . . : 192.168.43.9 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.43.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : wireless.utoronto.ca
Tunnel adapter isatap.{28F9D4EC-5F4F-46E3-BDA5-A5D0522DA30D}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FDE6457B-0A62-49C5-9760-C080A123566D}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:c5d:36c3:3f57:f5fd Link-local IPv6 Address . . . . . : fe80::c5d:36c3:3f57:f5fd%14 Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.wireless.utoronto.ca:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Asus before connect to OpenVPN:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : WDS01.COM
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12 IPv4 Address. . . . . . . . . . . : 192.168.43.130 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.43.1
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:a2:3297:3888:171d Link-local IPv6 Address . . . . . : fe80::a2:3297:3888:171d%19 Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Asus after connect to OpenVPN:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::d0dd:ae92:cf0a:6c7f%20 IPv4 Address. . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.128 Default Gateway . . . . . . . . . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : WDS01.COM
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12 IPv4 Address. . . . . . . . . . . : 192.168.43.130 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.43.1
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:202b:1d4c:3888:171d Link-local IPv6 Address . . . . . : fe80::202b:1d4c:3888:171d%19 Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter isatap.{A2729BBC-3A7E-403C-A2CB-3B88C1409E9C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
|
|
|
TheMole
Member
2013-Apr-23 12:38 pm
I'm not entirely sure what you are attempting to accomplish.
Maybe you can summarize and give us a little drawing with the different machines and how you want them to connect to each other? |
|
|
I'm trying to setup an OpenVPN server on my desktop (which I have already, with your help that is:) and make sure I can connect to it from outside.
so in order to really test out the server, I tethered my phone and had my laptops connect to it (as opposed to my wifi), so they wouldn't be dialing into my OpenVPN server from inside my LAN. Then, using the client certs that I had created, I tried to connect to the server and was faced with the 2 scenarios I described earlier.
Both machines managed to connect (according to OpenVPN). Asus had internet connection, but used the same global IP as before and the Lenovo did not have internet connection what so ever.
Does that make sense? Isn't that a good way to go about testing the server? |
|
|
once you are connected to the VPN server (your "desktop"), can you ping the server VPN IP from the client (your "asus" and "leveno")?
one part i don't follow: when you say "both used the same global IP as before and the Lenovo did not have internet what so ever"
what does that mean, exactly? |
|
|
Thank you for your quick reply. said by TheMole:one part i don't follow: when you say "both used the same global IP as before and the Lenovo did not have internet what so ever" Sorry about the confusion. That is not what I meant. Ok so here's what happens: Lenovo: OpenVPN client connects, but then after that there is no internet connection, so no IP either. ping fails as well. Asus: OpenVPN client connects. It has internet and ping works fine. Basically everything is fine, except that Asus's global IP is the same as before: 199.119.232.226. It doesn't take on my server's IP, which starts with: 99.231 Thanks again! |
|
1 recommendation |
I think a better test would be to take the laptops down to a local open/free hotspot like the library or favorite bar or etc and test the VPN link from there. Some cell links just fail when trying to use a VPN over them or are simply not allowed by the carrier. Make sure you open the proper port on any router/firewall the OpenVPN server box is behind to the static LAN IP address of the server. |
|
|
to parachuter2b
First, I'd agree with what SoonerAl recommends. Don't attempt to tether to your phone until you have known good setup. Second, the OpenVPN client will never take on the public IP address of your server. OpenVPN is simply an application that connects two endpoints that are on different local networks together, on to a new private local network (securely). So your server will first assign itself an IP on the new local network, something like 192.168.X.1 where X = the range you've assigned to the VPN. This must be different from the range your home router has assigned your server's physical LAN connection and it must be different from the client's other physical IPs. OpenVPN will then assign some second IP from the same range, for example 192.168.X.2. Now 192.168.X.1 and 192.168.X.2 are connected on the same local LAN. They can now talk to each other over that link. (if you want to allow, for example, the client to talk to another machine that the server can naively talk to, you need to add routing rules. worry about that after you have successfully established a simple VPN connection). All OpenVPN does is allows those two network IPs to communicate with each other. It does not replace or remove any other network adaptors and their respective IPs on a PC/device. When you launched OpenVPN, your server now has two local IP addresses, the one it received (presumably via DHCP) from the router and the one that OpenVPN assigned to itself. They are different. When the client connects, it is assigned an IP address on the VPN network. I think your next step is ensuring you can ping from the client to the server over the VPN connection using the VPN IPs. Once that is successful, the rest should be fairly straight forward. |
|
|
to SoonerAl
Ok, thanks for the insight. I'll head to a coffee shop in a bit |
|
parachuter2b 1 edit |
to TheMole
Thank you for your thorough reply! I did quite a bit of research after getting your latest message. It turns out that (as you said) the inherent behavior of OpenVPN is not* to change the client's vpn. Searching for ways to tweak that behavior, I found out that I gotta: 1. add a [push "redirect-gateway def1" to my server.ovpn] (which was already there - so consider this step done!) 2. add a route to my router: Gateway: 192.168.10.1 (start of the range defined in the server command in server.ovpn [server 192.168.10.0 255.255.255.128]) Subnet Masket: 255.255.255.128 (end of the range defined in the server command in server.ovpn) Destination LAN NET: 192.168.1.139 (server LAN ip) Done! source: » forums.openvpn.net/topic ··· 706.html3. Tweak Win 7 for forwarding VPN traffic: a. Start -> Right-click My Computer -> Manage Services Right-click Routing and Remote Access -> Properties -> Automatic Right-click Routing and Remote Access -> Start Done! b. modify "Local Area Connection" on server to allow TAP server connection to connect "through this computer's internet connection" Done! c. change IPEnablerRouter in registry to 1 Done! source: » forums.openvpn.net/topic ··· 806.htmlSo all changes were made, but the client (Asus) still showed the same old IP: 199.119.232.214 Please let me know what you think! Thanks again |
|
HarryH3 Premium Member join:2005-02-21 |
HarryH3
Premium Member
2013-Apr-25 8:30 am
Are you looking at ALL the network connections after you start the VPN? Your client will have TWO IP addresses after the VPN starts. The 199.119.232.214 address will still be listed, for the local LAN, and then there will be another network connection listed when you run ipconfig that shows the IP address of the VPN network connection. |
|
|
|
I get 199.119.232.214 from » www.whatismyip.com/and ipconfig gives me the same result as before (pretty much): Ethernet adapter Local Area Connection: .. IPv4 Address. . . . . . . . . . . : 192.168.10.2 .. Wireless LAN adapter Wi-Fi: IPv4 Address. . . . . . . . . . . : 192.168.43.130
Only thing that's different since I've made the routing changes and Win 7 tweaks is that there was no Default Gateway under Ethernet adapter Local Area Connection, but now I have: Default Gateway . . . . . . . . . : fe80::8019:8c68:75a2:b046%20
Here's a complete snippet: ipconfig -> after I made routing changes:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::d0dd:ae92:cf0a:6c7f%20 IPv4 Address. . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.128 Default Gateway . . . . . . . . . : fe80::8019:8c68:75a2:b046%20
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : WDS01.COM
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12 IPv4 Address. . . . . . . . . . . : 192.168.43.130 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.43.1
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c9a:6dac:3888:1729 Link-local IPv6 Address . . . . . : fe80::3c9a:6dac:3888:1729%19 Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter isatap.{A2729BBC-3A7E-403C-A2CB-3B88C1409E9C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Ipconfig -> before I made routing changes (also posted previously):
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::d0dd:ae92:cf0a:6c7f%20 IPv4 Address. . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.128 Default Gateway . . . . . . . . . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : WDS01.COM
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::adf5:2da0:f72d:2e90%12 IPv4 Address. . . . . . . . . . . : 192.168.43.130 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.43.1
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:202b:1d4c:3888:171d Link-local IPv6 Address . . . . . : fe80::202b:1d4c:3888:171d%19 Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{1166AC31-5AE6-44B4-B8CC-D147C5BCA01C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Tunnel adapter isatap.{A2729BBC-3A7E-403C-A2CB-3B88C1409E9C}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
Please advice! Thank you very much for your time! |
|
|
TheMole
Member
2013-Apr-25 12:18 pm
you're getting the 199.119.x.x address because that is your computer's IP address. Your "asus" is using that IP address to get to the web. that has nothing to do with the VPN. I think you still need to report back the results of the ping between the two openVPN ip addresses to ensure you have a good connection between the two machines over the vpn. from one machine, type ping 192.168.X.Y where 192.168.X.Y is the IP address of the OTHER side of the vpn. ------ correct me if i'm wrong: i believe you are attempting to use the VPN to proxy all your traffic while at a remote site over the VPN connection, so that it appears to the outside world you are connected from home? if that is what you want to do, read this section " Routing all client traffic (including web-traffic) through the VPN" from here AFTER you have a working VPN connection: » openvpn.net/index.php/op ··· wto.html |
|
HarryH3 Premium Member join:2005-02-21 |
to parachuter2b
Why are you using a hardwired NIC connection and a wireless connection at the same time? I'm confused... Is one going to your LAN and the other to your tethered cell's network? If so, you need to disconnect from your LAN (assuming this is where the OpenVPN server that you're trying to connect to is also located) and [i]then[\i] try to connect to the OpenVPN server using the 2nd IP range. Otherwise it seems to me that you're trying to create a network loop when the VPN tries to create an IP address in the range that your LAN NIC is already connected to. |
|
|
to TheMole
said by TheMole : you're getting the 199.119.x.x address because that is your computer's IP address. Your "asus" is using that IP address to get to the web.
I understand what you were saying about how it's not OpenVPN's inherent behavior to change the client's global IP. However, aren't the 3 steps I've taken and described above (adding the redirect command to server.ovpn, adding an extra route to my router and twaeking Win services) supposed to make the router take on the server's global IP? said by TheMole : correct me if i'm wrong: I believe you are attempting to use the VPN to proxy all your traffic while at a remote site over the VPN connection, so that it appears to the outside world you are connected from home?
if that is what you want to do, read this section "Routing all client traffic (including web-traffic) through the VPN" from here AFTER you have a working VPN connection: »openvpn.net/index.php/open-sourc···wto.html
That's exactly what I'm trying to do. I'm trying to help my friends abroad to get around the internet censorship in their country. Thanks for referring me that guide and I'll check it out in a couple hours when I get back. said by TheMole : I think you still need to report back the results of the ping between the two openVPN ip addresses to ensure you have a good connection between the two machines over the vpn. from one machine, type ping 192.168.X.Y where 192.168.X.Y is the IP address of the OTHER side of the vpn.
So after running the server and connecting to it from the client, I have: server: static ip: 192.168.1.139 OpenVPN's: 192.168.10.1 client: wireless: 192.168.1.113 OpenVPN's: 192.168.10.2 I can ping the server IPs from the client and the client IPs from the server no problem. Please advise! thanks |
|
parachuter2b |
Some more research lead me to believe that it was the Win 8 routing bug that prevented the client from acquiring the server's global IP: » visualplanet.org/blog/?p=127Unfortunately, I don't have my Asus anymore to confirm the workaround mentioned above.. just thought I throw it out there for anyone else who may run into the same issue. My Lenovo (running Win seven) is connecting fine and catching the server's IP. Thanks for your help! I guess the next step is to test it from overseas! |
|
parachuter2b 1 edit |
no good news :( Testing from the internet banned state failed! Here's what OpenVPN gui spits out: Sat Apr 27 11:12:55 2013 LZO compression initialized
Sat Apr 27 11:12:55 2013 UDPv4 link local: [undef]
Sat Apr 27 11:12:55 2013 UDPv4 link remote: 99.231.x.x:11967
Sat Apr 27 11:13:55 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 27 11:13:55 2013 TLS Error: TLS handshake failed
Sat Apr 27 11:13:55 2013 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 27 11:13:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 27 11:13:57 2013 Re-using SSL/TLS context
Sat Apr 27 11:13:57 2013 LZO compression initialized
Sat Apr 27 11:13:57 2013 UDPv4 link local: [undef]
Sat Apr 27 11:13:57 2013 UDPv4 link remote: 99.231.x.x:11967
Sat Apr 27 11:15:44 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sat Apr 27 11:15:44 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 27 11:15:44 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Apr 27 11:15:44 2013 LZO compression initialized
Sat Apr 27 11:15:44 2013 UDPv4 link local: [undef]
Sat Apr 27 11:15:44 2013 UDPv4 link remote: 99.231.x.x:11967
..
I tried to connect from a few other places within my town..all successful! Any idea why it's happening from there? Thanks! |
|
|
said by parachuter2b:no good news :(
Testing from the internet banned state failed! Here's what OpenVPN gui spits out:
Sat Apr 27 11:13:55 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 27 11:13:55 2013 TLS Error: TLS handshake failed
I tried to connect from a few other places within my town..all successful! Any idea why it's happening from there? Thanks! if the time between the client and server are not sync'd, TLS will fail. ensure the remote client in the "banned state" has the correct UTC time (time zone does not matter, it should know localtime vs UTC). OR the "banned state" is banning VPNs and you need to either switch to another port for VPN to operate on or figure out a more complicated way of avoiding the blockage. |
|
|
Do you mean it should show the correct local time? That is, at the time of the attempt, the actual time over there was 11:13?
Thanks! |
|
|
Correct local time - so just ensure the computer is correctly sync'd to a timeserver and has the correct local timezone set.
Remember it could also be that VPNs are blocked by the remote ISP. |
|
|
I checked the time zone; It was set correctly. did some research on the net..turns out that OpenVPN was recently blocked in Iran. Alternatives seem to be: 1. proxy and then OpenVPN (gotta look into how that's done. Also not sure about the drop in speed) 2. SSTP: also unsure about the "how to"? so it seems like I got a lot of homework to do. However, feel free to share your thoughts. Always appreciated! |
|
1 edit |
Oye, iran. Be careful - they might chop off your fingers for trying to avoid their filters.
I'm not sure how to proceed.
Be careful. |
|
|
ha! funny how the media instills these baseless fears in our heads lol I've been to Iran many times..It's not like that. Lots of societal and political restrictions for sure, but it's no Saudi Arabia! |
|
|
I'm sure it is a charming place, in its own way.
Try changing the port openvpn runs on (don't forget to change the client config file to reflect the change).
I'm sure it will not work, but hey you never know. |
|
TheMole |
to parachuter2b
|
|
|
to parachuter2b
|
|