Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 02 November 2024, 04:22:57 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  certificate issue
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: certificate issue  (Read 14839 times)
kevsworld
Full Member
***
Offline Offline

Gender: Male
Posts: 12



« on: Tuesday 13 April 2010, 12:42:04 am »

Hi,

I wonder if anyone can shed any light on my issue that I have or point in the right direction if not.

I am running 2.3 and using OpenVPN.  I have been using OpenVPN in PSK (username / password) for dial in clients and gateway to gateway connections to other endian boxes sucessfully for a few years now.  I have always wanted to try X509 PKI mode but never had the time to test it out. 

Well I about to deploy a Linksys router to site and I have loaded on the ddwrt openvpn firmware to it.  Due to NAT at this site over which I have no control, I wish to use the Linksys as the VPN client dialing back into my endian box as the server.

I have used easyrsa to generate cerficates and can use them to connect to my endian from my laptop using the windows GUI.  So I guess the certs I have are ok. 

I am currently testing this on a connection at my office with the Linksys directly on a WAN (no NAT / firewall etc) and have disabled the Firewall on the Linksys too.

This is the log when I attempt to connect:

2010-04-12 15:18:44
**name of remote**[8882]:  Mon Apr 12 15:18:44 2010 [UNDEF] Inactivity timeout (--ping-restart), restartingOpenVPN2010-04-12 15:18:44
**name of remote**[8882]:  Mon Apr 12 15:18:44 2010 SIGUSR1[soft,ping-restart] received, process restartingOpenVPN2010-04-12 15:18:46
**name of remote**[8882]:  Mon Apr 12 15:18:46 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scriptsOpenVPN2010-04-12 15:18:46
**name of remote**[8882]:  Mon Apr 12 15:18:46 2010 NOTE: --script-security method="system" is deprecated due to the fact that passed parameters will be subject to shell expansionOpenVPN2010-04-12 15:18:46
**name of remote**[8882]:  Mon Apr 12 15:18:46 2010 WARNING: file "/var/efw/openvpnclients/**name of remote**/certs.p12" is group or others accessibleOpenVPN2010-04-12 15:18:46
**name of remote**[8882]:  Mon Apr 12 15:18:46 2010 LZO compression initializedOpenVPN2010-04-12 15:18:46
**name of remote**[8882]:  Mon Apr 12 15:18:46 2010 UDPv4 link local: [undef]OpenVPN2010-04-12 15:18:46
**name of remote**[8882]:  Mon Apr 12 15:18:46 2010 UDPv4 link remote: **wan ip-address**:1194OpenVPN2010-04-12 15:18:49
**name of remote**[8882]:  Mon Apr 12 15:18:49 2010 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)Firewall2010-04-12 15:18:52
INPUTFW:DROP UDP  (tap3) 192.168.200.20:138 -> 192.168.200.255:138MAC=00:50:04:3f:c4:d6:ff:ff:14:00:03:00 LEN=242 TOS=00 PREC=0x00 TTL=128 ID=49958 LEN=222 OpenVPN2010-04-12 15:18:53
**name of remote**[8882]:  Mon Apr 12 15:18:53 2010 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)Firewall2010-04-12 15:18:59
INPUTFW:DROP UDP  (tap6) 192.168.211.101:138 -> 192.168.211.255:138MAC=00:0d:60:3e:8b:5d:ff:ff:14:00:03:00 LEN=246 TOS=00 PREC=0x00 TTL=128 ID=13414 LEN=226 OpenVPN2010-04-12 15:18:59
**name of remote**[8882]:  Mon Apr 12 15:18:59 2010 read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113)

And the EHOSTUNREACH just keeps occuring until it attempts to reconnect.

I have searched for EHOSTUNREACH problems without much success, so currently am not sure what to try next

Thanks for any help

Kevin
Logged

"unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep"  - my daily unix command list
kevsworld
Full Member
***
Offline Offline

Gender: Male
Posts: 12



« Reply #1 on: Wednesday 14 April 2010, 08:59:04 pm »

Just as an update to my previous post, it seems that the error message EHOSTUNREACH is a red herring and was actually relating to another connection that I had been testing before where the Endian is the client and the Linksys router was the server and this connection from the Gateway2Gateway on the Endian was still trying to connect. 

But I still can't get it to connect but now I think it is due to a problem with the certificates or the config files. 

So I would still appreciate any suggestions if someone else is using X509 VPN with 3rd party OpenVPN hardware clients. 

Is it possible to edit more settings for the OpenVPN server on endian than are viewable from the web GUI.  I guess there is a conf file somewhere?

Thanks
Logged

"unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep"  - my daily unix command list
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.051 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com