Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 26 November 2024, 04:39:40 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  how to customize OpenVPN .conf?
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: how to customize OpenVPN .conf?  (Read 35801 times)
BillyEndian
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 03 July 2009, 04:11:52 pm »

is it possible to customize the OpenVPN .conf?
I am trying to make a Net-to-Net OpenVPN connection.

the other side is not an Endian Firewall.


How do I customize the OpenVPN configuration beyond the bounds of the Endian GUI.

Logged
santo
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Saturday 08 August 2009, 08:32:01 am »

Hi, I have a similar request.

I want to switch from DD-WRT to Endian, but issues with the openvpn client are preventing me from doing so.

More specifically, when I try to setup my openvpn client connection on my endian firewall towards our company's openvpn server (old SUSE system, not Endian),
I receive the following errors on the client side:

Code:
[...]
Aug 7 22:24:44 MyVpnConnection[19207] OpenVPN 2.1_rc7 i586-endian-linux [SSL] [LZO2] [EPOLL] built on Nov 13 2008
Aug 7 22:24:44 MyVpnConnection[19207] WARNING: file '/var/efw/openvpnclients/MyVpnConnection/certs.p12' is group or others accessible
Aug 7 22:24:44 MyVpnConnection[19207] LZO compression initialized
Aug 7 22:24:44 MyVpnConnection[19207] UDPv4 link local: [undef]
Aug 7 22:24:44 MyVpnConnection[19207] UDPv4 link remote: <openvpn-server-ip>:1194
Aug 7 22:24:44 MyVpnConnection[19207] TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 7 22:24:44 MyVpnConnection[19207] TLS Error: TLS object -> incoming plaintext read error
Aug 7 22:24:44 MyVpnConnection[19207] TLS Error: TLS handshake failed
Aug 7 22:24:44 MyVpnConnection[19207] SIGUSR1[soft,tls-error] received, process restarting
Aug 7 22:24:46 MyVpnConnection[19207] WARNING: file '/var/efw/openvpnclients/MyVpnConnection/certs.p12' is group or others accessible
Aug 7 22:24:46 MyVpnConnection[19207] LZO compression initialized
Aug 7 22:24:46 MyVpnConnection[19207] UDPv4 link local: [undef]
Aug 7 22:24:46 MyVpnConnection[19207] UDPv4 link remote: <openvpn-server-ip>:1194
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: TLS object -> incoming plaintext read error
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: TLS handshake failed
Aug 7 22:24:46 MyVpnConnection[19207] SIGUSR1[soft,tls-error] received, process restarting
Aug 7 22:24:48 MyVpnConnection[19207] WARNING: file '/var/efw/openvpnclients/MyVpnConnection/certs.p12' is group or others accessible
Aug 7 22:24:48 MyVpnConnection[19207] LZO compression initialized
Aug 7 22:24:48 MyVpnConnection[19207] UDPv4 link local: [undef]
Aug 7 22:24:48 MyVpnConnection[19207] UDPv4 link remote: <openvpn-server-ip>:1194
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_ACK_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_ACK_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_ACK_V1)
Aug 7 22:24:55 MyVpnConnection[19207] event_wait : Interrupted system call (code=4)
Aug 7 22:24:55 MyVpnConnection[19207] OpenVPN STATISTICS
Aug 7 22:24:55 MyVpnConnection[19207] Updated,Fri Aug 7 22:24:55 2009
Aug 7 22:24:55 MyVpnConnection[19207] TUN/TAP read bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] TUN/TAP write bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] TCP/UDP read bytes,3726
Aug 7 22:24:55 MyVpnConnection[19207] TCP/UDP write bytes,56
Aug 7 22:24:55 MyVpnConnection[19207] Auth read bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] pre-compress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] post-compress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] pre-decompress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] post-decompress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] END
Aug 7 22:24:55 MyVpnConnection[19207] event_wait : Interrupted system call (code=4)
Aug 7 22:24:55 MyVpnConnection[19207] SIGTERM[hard,] received, process exiting

(Message too large, starting second post...)
Logged
santo
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Saturday 08 August 2009, 08:32:32 am »

(Continuing from previous post...)

And this is the log on the server side:

Code:
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: MULTI: multi_create_instance called
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Re-using SSL/TLS context
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 LZO compression initialized
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:19 ET:0 EL:0 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Local Options hash (VER=V4): '530fdded'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Expected Remote Options hash (VER=V4): '41690919'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [14] from <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 TLS: Initial packet from <openvpn-client-ip>:32778, sid=ee595157 b74fc774
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [26] to <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 0 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [114] from <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [126] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 1 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 2 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 3 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 4 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 5 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 6 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 7 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 8 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 9 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 10 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 11 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 12 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 13 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 14 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 15 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 16 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 17 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Aug  7 23:59:14 OpenVPNServer last message repeated 2 times
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [14] from <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 TLS: new session incoming connection from <openvpn-client-ip>:32778
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [26] to <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 0 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [114] from <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [126] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 1 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 2 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 3 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 4 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 5 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 6 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 7 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 8 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 9 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 10 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 11 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 12 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 13 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 14 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 15 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 16 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 17 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

First of all I am using 3 separate certificates on my DD-WRT system, namely the CA cert, client cert and client key.
Endian doesn't seem to support this, so I created a p12 certificate that contains all 3 files with the following command:

Code:
openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -out myopenvpncert.p12

When comparing the client configs on DD-WRT and Endian, I see some differences which might be important, but I have no clue how I can override some of those settings
because the openvpn conf file is being overwritten by endian.
The most important difference that I notice is that the openvpn client conf on endian uses "dev tap" while the openvpn server is configured to use "dev tun"
(the client config on DD-WRT also uses "dev tun")

Can someone put me in the right direction please ?
Logged
santo
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Thursday 13 August 2009, 05:52:10 pm »

After a lot of trial and error I found the culprit to be the following line in openvpnclient.conf.tmpl:

Code:
ns-cert-type server

after commenting that line, the vpn connection *seems* to work as expected.
I said *seems* because the status in the web interface is set to "closed" and I noticed the following errors in the openvpn client log:

Code:
Aug 13 09:40:59 	local 	usage: openvpnbridge.py [init|restart]
Aug 13 09:40:59 local
Aug 13 09:40:59 local openvpnbridge.py: error: Invalid ip or netmask '10.1.10.10 10.1.10.9'
Aug 13 09:40:59  local  run-parts: /etc/openvpn/ifup.client.d//00bridge exited with return code 2

Any ideas what this means and why the status is showed as "closed" in the web interface ?

Note:
Just in case someone else is looking for a way to customize the openvpn client config:
Code:
- /etc/openvpn/openvpnclient.conf.tmpl
- /var/efw/openvpnclients/<your-client-connection-name>/settings
Those files are used to generate the openvpnclient_<your-client-connection-name>.conf file (which is used to setup the connection).

UPDATE:
When I change something in the vpn client settings through the GUI, the device is set to TAP2 in the settings file.
This is very irritating, as the device can't be configured through the GUI and I definitely need it to be TUN
So when I change a setting in the GUI, the vpn doesn't work anymore as the dev is changed to TAP.

Something else I noticed is that the status in the GUI is set to closed when I use dev=tun (but then the vpn connection works for me (apart from the openvpnbridge.py errors in the log)
When the device is set to tap2 (dev=tap2, the default of endian it seems) the status becomes established in the GUI but then the vpn connection doesn't work for me !!
Logged
santo
Jr. Member
*
Offline Offline

Posts: 4


« Reply #4 on: Thursday 20 August 2009, 11:35:23 pm »

Apparently the vpn connection is only working for the Endian server itself.
In other words, the clients in the LAN (i.e. behind Endian) can't access anything at all on the remote network.

I think it must be something on the Endian box itself, as I don't get any logmessages on the remote openvpn server.
Logged
matias
Jr. Member
*
Offline Offline

Posts: 8


« Reply #5 on: Thursday 29 October 2009, 02:55:56 am »

Unfortunately this seems to been the same problem on the newly released 2.3.

I'm trying to connect an Endian 2.3 (as client) to a pfSense server running 1.2.2.
All sorts of problem.
pfSense expects TUN (since it's not bridged).
Endian tries with TAP.
Doesn't work at all with all sorts of problems indicated by both Endian and pfSense.

After altering /etc/openvpn/openvpnclient.conf.tmpl and setting dev tun0 it establishes connection properly. pfSense shows everything as green. The pushed routes shows up in Endians routing table as expected and the Endian box can access all the published nets.
Trying to access anything over the OpenVPN-connection via any of the clients connected behind the Endian fails doesn't work at all.
Only the Endian box itself can access the remote subnets.
I can't find anything in the logs that suggests that anything is wrong.

In the web gui the connection shows as closed.

Havn't seen this problem in the Endian Issue Tracker.
I'll file a new ticket just in case.

Matias
Logged
matias
Jr. Member
*
Offline Offline

Posts: 8


« Reply #6 on: Thursday 29 October 2009, 03:36:07 am »

Posted a ticked with ID #2310

Matias
Logged
matias
Jr. Member
*
Offline Offline

Posts: 8


« Reply #7 on: Friday 30 October 2009, 12:44:38 am »

Well that ticket got closed fast.

== Answer from Peter ====================
Quote
well, tun is not implemented yet. we will, but not right now.
right now openvpn server and client use only tap.

routed mode of openvpn client means in "endianish" only that the tap device is not bridged to a zone, but is routed.
======================

That's unfortunate for me.
Only being able to use GW to GW to another Endian server severely limits our possibilities to implement Endian in our environment.

Endian looks promising but lacks in some ways.
That's too bad.

Maybe we'll just revert back to good 'ol pfSense or try something different like Untangle or EBox.

Hopefully we get a chance to evaluate Endian at at later stage when it has m.a.t.u.r.e.d somewhat.

Matias
Logged
matias
Jr. Member
*
Offline Offline

Posts: 8


« Reply #8 on: Friday 30 October 2009, 04:18:14 am »

OMG

The profanity filter on forum is a bit too strickt.

Can't even write m.a.t.u.r.e.d nor p.a.s.s.e.d .

Matias
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.172 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com