EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 21 December 2024, 04:18:16 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
certificate issue
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: certificate issue (Read 16821 times)
kevsworld
Full Member
Offline
Gender:
Posts: 12
certificate issue
«
on:
Tuesday 13 April 2010, 12:42:04 am »
Hi,
I wonder if anyone can shed any light on my issue that I have or point in the right direction if not.
I am running 2.3 and using OpenVPN. I have been using OpenVPN in PSK (username / password) for dial in clients and gateway to gateway connections to other endian boxes sucessfully for a few years now. I have always wanted to try X509 PKI mode but never had the time to test it out.
Well I about to deploy a Linksys router to site and I have loaded on the ddwrt openvpn firmware to it. Due to NAT at this site over which I have no control, I wish to use the Linksys as the VPN client dialing back into my endian box as the server.
I have used easyrsa to generate cerficates and can use them to connect to my endian from my laptop using the windows GUI. So I guess the certs I have are ok.
I am currently testing this on a connection at my office with the Linksys directly on a WAN (no NAT / firewall etc) and have disabled the Firewall on the Linksys too.
This is the log when I attempt to connect:
2010-04-12 15:18:44
**name of remote**[8882]: Mon Apr 12 15:18:44 2010 [UNDEF] Inactivity timeout (--ping-restart), restartingOpenVPN2010-04-12 15:18:44
**name of remote**[8882]: Mon Apr 12 15:18:44 2010 SIGUSR1[soft,ping-restart] received, process restartingOpenVPN2010-04-12 15:18:46
**name of remote**[8882]: Mon Apr 12 15:18:46 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scriptsOpenVPN2010-04-12 15:18:46
**name of remote**[8882]: Mon Apr 12 15:18:46 2010 NOTE: --script-security method="system" is deprecated due to the fact that passed parameters will be subject to shell expansionOpenVPN2010-04-12 15:18:46
**name of remote**[8882]: Mon Apr 12 15:18:46 2010 WARNING: file "/var/efw/openvpnclients/**name of remote**/certs.p12" is group or others accessibleOpenVPN2010-04-12 15:18:46
**name of remote**[8882]: Mon Apr 12 15:18:46 2010 LZO compression initializedOpenVPN2010-04-12 15:18:46
**name of remote**[8882]: Mon Apr 12 15:18:46 2010 UDPv4 link local: [undef]OpenVPN2010-04-12 15:18:46
**name of remote**[8882]: Mon Apr 12 15:18:46 2010 UDPv4 link remote: **wan ip-address**:1194OpenVPN2010-04-12 15:18:49
**name of remote**[8882]: Mon Apr 12 15:18:49 2010 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)Firewall2010-04-12 15:18:52
INPUTFW:DROP UDP (tap3) 192.168.200.20:138 -> 192.168.200.255:138MAC=00:50:04:3f:c4:d6:ff:ff:14:00:03:00 LEN=242 TOS=00 PREC=0x00 TTL=128 ID=49958 LEN=222 OpenVPN2010-04-12 15:18:53
**name of remote**[8882]: Mon Apr 12 15:18:53 2010 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)Firewall2010-04-12 15:18:59
INPUTFW:DROP UDP (tap6) 192.168.211.101:138 -> 192.168.211.255:138MAC=00:0d:60:3e:8b:5d:ff:ff:14:00:03:00 LEN=246 TOS=00 PREC=0x00 TTL=128 ID=13414 LEN=226 OpenVPN2010-04-12 15:18:59
**name of remote**[8882]: Mon Apr 12 15:18:59 2010 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)
And the EHOSTUNREACH just keeps occuring until it attempts to reconnect.
I have searched for EHOSTUNREACH problems without much success, so currently am not sure what to try next
Thanks for any help
Kevin
Logged
"unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep" - my daily unix command list
kevsworld
Full Member
Offline
Gender:
Posts: 12
Re: certificate issue
«
Reply #1 on:
Wednesday 14 April 2010, 08:59:04 pm »
Just as an update to my previous post, it seems that the error message EHOSTUNREACH is a red herring and was actually relating to another connection that I had been testing before where the Endian is the client and the Linksys router was the server and this connection from the Gateway2Gateway on the Endian was still trying to connect.
But I still can't get it to connect but now I think it is due to a problem with the certificates or the config files.
So I would still appreciate any suggestions if someone else is using X509 VPN with 3rd party OpenVPN hardware clients.
Is it possible to edit more settings for the OpenVPN server on endian than are viewable from the web GUI. I guess there is a conf file somewhere?
Thanks
Logged
"unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep" - my daily unix command list
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 17 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com