LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-01-2006, 08:01 AM   #1
elliotfuller
Member
 
Registered: Apr 2005
Location: San Francisco, CA
Distribution: Ubuntu, Debian
Posts: 83

Rep: Reputation: 15
Open VPN - Linking Client to Server


I have a file server with SuSE Linux 9.3 installed. The server is located behind a linksys router with a built in firewall. The Server itself has its own software firewall. My ISP has granted me 6 Static IP adresses. The 3 computers inside our internal network (also behind the linksys router and firewall) are x.x.x.2-4, the server is x.x.x.1 and the router is x.x.x.6! I got my coworker to forward port 22 UDP and TCP and 1194 UDP and TCP on the router to the server and enable IPsec passthrough. I then SSH'd into the machine in California from Tokyo where I live. I then successfully installed the default openvpn package for SuSE 9.3. I then immediately began following the tutorial for creating a Routed VPN. I moved the eas-rsa directory to /etc/openvpn as the guide recommended. I edited the vars file to point to my intended directories. I then successfully built my server, client and ca keys. I also generated the Diffie Helman parameters. I then securely moved the appropriate keys to the appropriate computers.
I then edited the server.conf to point to the correct keys on the server as well as the DH parameters.

I am currently trying to connect my first client to the server. I installed openvpn on my Ubuntu satellite computer. I edited the vars file to again point to the correct locations (although I am not generating keys)
Code:
. ./vars
./clean-all
But I did not run ./build-ca because I already generated the key on another computer. I then moved the correct keys into place: client1.ca, client1.crt and ca.crt! I then edited the client.conf file to point to the correct keys.

When I run
Code:
openvpn /etc/openvpn/server.conf
I get
Code:
Wed Mar  1 05:37:10 2006 OpenVPN 2.0_rc14 i686-suse-linux [SSL] [LZO] [EPOLL] built on Nov  3 2005
Wed Mar  1 05:37:10 2006 Diffie-Hellman initialized with 1024 bit key
Wed Mar  1 05:37:10 2006 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar  1 05:37:10 2006 TUN/TAP device tun0 opened
Wed Mar  1 05:37:10 2006 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Mar  1 05:37:10 2006 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Mar  1 05:37:10 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:23 ET:0 EL:0 AF:3/1 ]
Wed Mar  1 05:37:10 2006 GID set to nobody
Wed Mar  1 05:37:10 2006 UID set to nobody
Wed Mar  1 05:37:10 2006 UDPv4 link local (bound): [undef]:1194
Wed Mar  1 05:37:10 2006 UDPv4 link remote: [undef]
Wed Mar  1 05:37:10 2006 MULTI: multi_init called, r=256 v=256
Wed Mar  1 05:37:10 2006 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Mar  1 05:37:10 2006 IFCONFIG POOL LIST
Wed Mar  1 05:37:10 2006 Initialization Sequence Completed
Nothing seems too suspicious to me there.
Then on the client side I run
Code:
openvpn /etc/openvpn/client.conf
And all I get is:
Code:
Wed Mar  1 22:53:20 2006 OpenVPN 2.0.2 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Aug 31 2005
Wed Mar  1 22:53:20 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Mar  1 22:53:20 2006 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Mar  1 22:53:20 2006 LZO compression initialized
Wed Mar  1 22:53:20 2006 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar  1 22:53:20 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar  1 22:53:20 2006 Local Options hash (VER=V4): '41690919'
Wed Mar  1 22:53:20 2006 Expected Remote Options hash (VER=V4): '530fdded'
Wed Mar  1 22:53:20 2006 UDPv4 link local: [undef]
Wed Mar  1 22:53:20 2006 UDPv4 link remote: 69.233.233.206:1194
Wed Mar  1 22:53:20 2006 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Mar  1 22:53:24 2006 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Mar  1 22:53:26 2006 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
The verification method part it spit back seems a bit suspicous but I think that is just extra security. It should be able to connect. I checked my server firewall software to make sure the firewall was allowing port 1194 on both UDP and TCP. I also made sure the firewall on the server allowed IPsec protocol. The router before the server has ports 22 and 1194 forwarded to the address of the server. I decided to run a portscan on the IP address I was trying to connect to. When I run a port scan on x.x.x.6 (which is the router, and the ip I use to SSH into the server) all it shows is port 22. Shouldn't it also show 1194? Is this an openvpn set up problem or am I not breaking down the firewall correctly? Any hints or suggestions? What am I leaving out?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN client and server zillah Solaris / OpenSolaris 5 05-14-2005 02:11 AM
Linux client over vpn to win2000/2003 server xristos Linux - Wireless Networking 1 05-21-2004 05:45 AM
I want to make a linux vpn server for my windows client Raphael_T Linux - Networking 7 01-16-2004 06:42 AM
How do i connect Ciscos VPN client to Checkpoint VPN server Klas Linux - Networking 1 11-29-2003 08:00 AM
Linux Client Configuration for MS VPN Server friendklay Linux - Networking 0 01-31-2003 03:07 AM


All times are GMT -5. The time now is 10:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration