EFW Support

Support => VPN Support => Topic started by: ty628659 on Monday 23 August 2010, 06:28:45 am



Title: vpn wtih endian v2.4
Post by: ty628659 on Monday 23 August 2010, 06:28:45 am
Hi, everyone
I just download version 2.4 and try to installed everything worked, excite OpenVpn , and download the windows client from openvpn.net
then install on Windows XP Pro with sp3 system
on client PC always said : The connection timed out.
on same network my webserver working fine.
VPN Firewall: Enable or Disable (Both) has same issue.

Need help on this.

Thanks.

OpenVPN Configuration: OpenVPN Server Tab
    Server configuration:  OpenVPN server enabled: (Check), Dynamic IP pool start address:192.168.1.30,  Dynamic IP pool end address:192.168.1.39
    Account information: Username:  DEMO  Password:XXXXXXXX        Verify password:XXXXXXXX
    Client routing:  Direct all client traffic through the VPN server: Enable     Don't push any routes to client: Enable
    Advanced settings: Port:  1194       Block DHCP responses coming from tunnel: Disable    
    Protocol: UDP      Don't block traffic between clients:    Enable

OPENVNP log:
Quote
OpenVPN
2010-08-22 09:46:27
openvpn[6528]: SIGTERM[hard,] received, process exiting
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: OpenVPN 2.1_rc15 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 11 2009
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: NOTE: --script-security method="system" is deprecated due to the fact that passed parameters will be subject to shell expansion
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: WARNING: file "/var/efw/openvpn/pkcs12.p12" is group or others accessible
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
OpenVPN
2010-08-22 09:46:28
openvpn[6607]: TUN/TAP device tap0 opened
OpenVPN
2010-08-22 09:46:28
openvpn[6609]: GID set to openvpn
OpenVPN
2010-08-22 09:46:28
openvpn[6609]: UID set to openvpn
OpenVPN
2010-08-22 09:46:28
openvpn[6609]: UDPv4 link local (bound): [undef]:1194
OpenVPN
2010-08-22 09:46:28
openvpn[6609]: UDPv4 link remote: [undef]
OpenVPN
2010-08-22 09:46:28
openvpn[6609]: Initialization Sequence Completed
OpenVPN
2010-08-22 10:13:14
openvpn[6609]: event_wait : Interrupted system call (code=4)
OpenVPN
2010-08-22 10:13:14
openvpn[6609]: SIGTERM[hard,] received, process exiting
OpenVPN
2010-08-22 10:15:15
openvpn[4550]: OpenVPN 2.1_rc15 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 11 2009
OpenVPN
2010-08-22 10:15:15
openvpn[4550]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
OpenVPN
2010-08-22 10:15:15
openvpn[4550]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenVPN
2010-08-22 10:15:15
openvpn[4550]: NOTE: --script-security method="system" is deprecated due to the fact that passed parameters will be subject to shell expansion
OpenVPN
2010-08-22 10:15:16
openvpn[4550]: WARNING: file "/var/efw/openvpn/pkcs12.p12" is group or others accessible
OpenVPN
2010-08-22 10:15:16
openvpn[4550]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
OpenVPN
2010-08-22 10:15:16
openvpn[4550]: TUN/TAP device tap0 opened
OpenVPN
2010-08-22 10:15:16
openvpn[4574]: GID set to openvpn
OpenVPN
2010-08-22 10:15:16
openvpn[4574]: UID set to openvpn
OpenVPN
2010-08-22 10:15:16
openvpn[4574]: UDPv4 link local (bound): [undef]:1194
OpenVPN
2010-08-22 10:15:16
openvpn[4574]: UDPv4 link remote: [undef]
OpenVPN
2010-08-22 10:15:16
openvpn[4574]: Initialization Sequence Completed
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: event_wait : Interrupted system call (code=4)
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: OpenVPN CLIENT LIST
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: Updated,Sun Aug 22 11:41:18 2010
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: ROUTING TABLE
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: Virtual Address,Common Name,Real Address,Last Ref
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: GLOBAL STATS
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: Max bcast/mcast queue length,0
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: END
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: event_wait : Interrupted system call (code=4)
OpenVPN
2010-08-22 11:41:18
openvpn[4574]: SIGTERM[hard,] received, process exiting
OpenVPN
2010-08-22 11:41:18
openvpn[18213]: OpenVPN 2.1_rc15 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 11 2009
OpenVPN
2010-08-22 11:41:18
openvpn[18213]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
OpenVPN
2010-08-22 11:41:18
openvpn[18213]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenVPN
2010-08-22 11:41:18
openvpn[18213]: NOTE: --script-security method="system" is deprecated due to the fact that passed parameters will be subject to shell expansion
OpenVPN
2010-08-22 11:41:19
openvpn[18213]: WARNING: file "/var/efw/openvpn/pkcs12.p12" is group or others accessible
OpenVPN
2010-08-22 11:41:19
openvpn[18213]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
OpenVPN
2010-08-22 11:41:19
openvpn[18213]: TUN/TAP device tap0 opened
OpenVPN
2010-08-22 11:41:19
openvpn[18215]: GID set to openvpn
OpenVPN
2010-08-22 11:41:19
openvpn[18215]: UID set to openvpn
OpenVPN
2010-08-22 11:41:19
openvpn[18215]: UDPv4 link local (bound): [undef]:1194
OpenVPN
2010-08-22 11:41:19
openvpn[18215]: UDPv4 link remote: [undef]
OpenVPN
2010-08-22 11:41:19
openvpn[18215]: Initialization Sequence Completed


Title: Re: vpn wtih endian v2.4
Post by: llysty on Thursday 16 September 2010, 09:30:43 pm
Someone may offer up something else but note the "Don't push any routes to client: Enable"

I would have thought that your problem could be due to no return route from the lan and would suggest pushing routes to client (particularly if using windows/ad)
   


Title: Re: vpn wtih endian v2.4
Post by: e-telligent on Thursday 23 September 2010, 11:29:56 pm
Hi,


add this in your sudoers:


openvpn  ALL=NOPASSWD: /usr/local/bin/remoteroute.py