[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Connection Reset

  • Subject: [Openvpn-users] Connection Reset
  • From: "Steve Wasser" <steve@xxxxxxx>
  • Date: Tue, 4 Oct 2005 19:01:25 -0700

I’m not even going to pretend to know 1% of what’s going on, so I’ll post my configs and I’m sure someone will have the answer. I’m doing this because this is a work project that has gone on about a week, and I’m a couple steps from completion.

 

I’m running WinXP client connecting to Debian 2.4.27 kernel with openvpn 2.0. Couple of background notes that might help:

 

This is a DSL connected test network that resides in our corporate office. It is totally disconnected from our LAN for testing purposes, but we want to have VPN connectivity. The Linux box sits behind a Linksys WRT54GS that is port forwarding 500, 1194, 1723, and Linux is the Host DMZ. I am not using wireless, that is going out of our LAN to the WAN port of the Linksys, which uses DDNS. For now, I’ve turned firewall protection off. All the assets on that LAN have a 192.168.0.x addressing scheme, which is where I think the problem may reside, understanding Openvpn wants to use a different subnet and route over. Problem is, I’m not too strong on that, so I thought it would be easier to keep it all on the same subnet and assign statically the IP address of the client (not included below since I turned it off for testing). It seems to be working, it makes the connection but I cannot ping, and a minute later I disconnect (see way below) Any help would be more than appreciated.

 

TIA, Steve

 

 

Client config file:

client

dev tun

proto tcp

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client1.crt

key client1.key

comp-lzo

verb 3

 

Server

local 192.168.0.100

port 1194

proto tcp

dev tun

ca ca.crt

cert server.crt

key server.key  # This file should be kept secret

dh dh1024.pem

server 192.168.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo

persist-key

persist-tun

status openvpn-status.log

log-append  openvpn.log

verb 6

 

Client result log:

 

Tue Oct 04 18:29:36 2005 IMPORTANT: OpenVPN's default port number is now 1194, b

ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl

ier used 5000 as the default port.

Tue Oct 04 18:29:36 2005 WARNING: No server certificate verification method has

been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 04 18:29:36 2005 Re-using SSL/TLS context

Tue Oct 04 18:29:36 2005 LZO compression initialized

Tue Oct 04 18:29:36 2005 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:

0 EL:0 ]

Tue Oct 04 18:29:36 2005 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:

0 EL:0 AF:3/1 ]

Tue Oct 04 18:29:36 2005 Local Options hash (VER=V4): '69109d17'

Tue Oct 04 18:29:36 2005 Expected Remote Options hash (VER=V4): 'c0103fa8'

Tue Oct 04 18:29:36 2005 Attempting to establish TCP connection with [removed]

Tue Oct 04 18:30:54 2005 TCP connection established with [removed]

Tue Oct 04 18:30:54 2005 TCP/UDP: Dynamic remote address changed during TCP conn

ection establishment

Tue Oct 04 18:30:54 2005 TCPv4_CLIENT link local: [undef]

Tue Oct 04 18:30:54 2005 TCPv4_CLIENT link remote: [removed]

Tue Oct 04 18:30:54 2005 TLS: Initial packet from [removed], sid=8470e0

2f 13b4526f

Tue Oct 04 18:30:54 2005 VERIFY OK: [removed]

Tue Oct 04 18:30:54 2005 VERIFY OK: [removed]

Tue Oct 04 18:30:55 2005 Data Channel Encrypt: Cipher 'BF-CBC' initialized with

128 bit key

Tue Oct 04 18:30:55 2005 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

 for HMAC authentication

Tue Oct 04 18:30:55 2005 Data Channel Decrypt: Cipher 'BF-CBC' initialized with

128 bit key

Tue Oct 04 18:30:55 2005 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

 for HMAC authentication

Tue Oct 04 18:30:55 2005 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2

56-SHA, 1024 bit RSA

Tue Oct 04 18:30:55 2005 [Aegis] Peer Connection Initiated with [removed]:1194

Tue Oct 04 18:30:56 2005 SENT CONTROL [Aegis]: 'PUSH_REQUEST' (status=1)

Tue Oct 04 18:30:57 2005 PUSH: Received control message: 'PUSH_REPLY,dhcp-option

 DNS 192.168.0.6,dhcp-option WINS 192.168.0.101,route 192.168.0.1,ping 10,ping-r

estart 120,ifconfig 192.168.0.149 192.168.0.150'

Tue Oct 04 18:30:57 2005 OPTIONS IMPORT: timers and/or timeouts modified

Tue Oct 04 18:30:57 2005 OPTIONS IMPORT: --ifconfig/up options modified

Tue Oct 04 18:30:57 2005 OPTIONS IMPORT: route options modified

Tue Oct 04 18:30:57 2005 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options

 modified

Tue Oct 04 18:30:57 2005 Preserving previous TUN/TAP instance: Local Area Connec

tion 4

Tue Oct 04 18:30:57 2005 Initialization Sequence Completed

Tue Oct 04 18:31:26 2005 Connection reset, restarting [-1]

Tue Oct 04 18:31:26 2005 TCP/UDP: Closing socket

Tue Oct 04 18:31:26 2005 SIGUSR1[soft,connection-reset] received, process restar

ting

Tue Oct 04 18:31:26 2005 Restart pause, 5 second(s)