|
|
On 2/2/06, Cameron Gocke <livedrive777@xxxxxxxxx> wrote: > One of the things throwing me for a loop is that these errors > are happening in my server log not my clients. From what I understand, OpenVPN is basically a peer-to-peer design. The client/server mode is mainly used as an administrative convenience, to simply things like tunnel configuration. Once the tunnel is up and running, I believe the client/server distinction largely disappears. So it could well be that something is going wrong, and then when something on the server side of the tunnel tries to transmit, the server notices and logs the problem. > Since the log doesn't indicate what session the error applies to I > don't know who or what exactly it thinks it has lost its connection > to. That does make things more difficult. But, with my logs on my server, most of the connection-specific log entries include client IP address, port number, and name. For example (names and addresses changed to protect the guilty): Feb 1 13:57:14 server openvpn[314]: LAPTOP128/192.168.15.16:1192 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key "LAPTOP128" being the pretend client here, with IP address 192.168.15.16 and port 1192. You're not seeing that, I take it? > Now, my firewall doesn't allow any outbound traffic from my > OpenVPN server (which is in my DMZ), but I wouldn't think that it > would need to since all of the connections originate from the clients. Your firewall might not be recognizing the OpenVPN session for what it is (UDP being stateless), or timing out the connection, or some such thing. You might try adding an explicit firewall rule that permits the OpenVPN server to send any packet with an OpenVPN as the source port. > Is there anything else that could cause this that I'm still not getting? Probably. ;-) -- Ben ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00036.html on line 222 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00036.html on line 222 |