Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-19-2012, 02:55 AM
|
#1
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Rep: 
|
Openvpn failed to connect
I have this configuration in the server.conf file on my Debian server:
Code:
local SERVER_IP
port 4444
proto udp
dev tun0
##
tun-mtu 1500
tun-mtu-extra 32
##
ca /etc/openvpn/easy-rsa/keys/ca.crt # generated keys
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # keep secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.44.44.0 255.255.255.0 # internal tun0 connection IP
ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt
push "route 10.3.3.0 255.255.255.0"
##
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo # Compression - must be turned on at both end
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3 # verbose mode
client-to-client
management localhost 7505
verb 3
mute 20
and this ones in the client.conf:
Code:
client
dev tun
port 4444
proto udp
remote SERVER_IP # VPN server IP : PORT
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
resolv-retry infinite
ca ca.crt
cert shahin.crt
key shahin.key
script-security 2
comp-lzo
user nobody
group nobody
persist-key
persist-tun
comp-lzo
log openvpn.log
verb 3
but when I try to connect with nm-applet (NetworkManager) I'll get an `time out error` and nothing will not happen!
I configured a log file that you can find it's output here: http://pastebin.com/nU91bXq9
Last edited by shahinism; 12-19-2012 at 03:04 AM.
|
|
|
|
|
12-19-2012, 02:59 AM
|
#2
|
|
Member
Registered: Aug 2010
Location: Seattle
Distribution: CentOS, RHEL, Oracle Enterprise Linux, Solaris, BSD
Posts: 64
Rep: 
|
Quote:
Originally Posted by shahinism
I have this configuration in the server.conf file on my Debian server:
Code:
local 88.198.156.177
port 4444
proto udp
dev tun0
##
tun-mtu 1500
tun-mtu-extra 32
##
ca /etc/openvpn/easy-rsa/keys/ca.crt # generated keys
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # keep secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.44.44.0 255.255.255.0 # internal tun0 connection IP
ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt
push "route 10.3.3.0 255.255.255.0"
##
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo # Compression - must be turned on at both end
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3 # verbose mode
client-to-client
management localhost 7505
verb 3
mute 20
and this ones in the client.conf:
Code:
client
dev tun
port 4444
proto udp
remote SERVER_IP # VPN server IP : PORT
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
resolv-retry infinite
ca ca.crt
cert shahin.crt
key shahin.key
script-security 2
comp-lzo
user nobody
group nobody
persist-key
persist-tun
comp-lzo
log openvpn.log
verb 3
but when I try to connect with nm-applet (NetworkManager) I'll get an `time out error` and nothing will not happen!
I configured a log file that you can find it's output here: http://pastebin.com/nU91bXq9 |
There is a problem with your certificate, more than likely a date mismatch. On the system that generated the cerificate (the CA), what is the date? Does it match current time? |
|
|
|
|
12-19-2012, 03:03 AM
|
#3
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Original Poster
Rep:
|
Quote:
Originally Posted by solarisguy
There is a problem with your certificate, more than likely a date mismatch. On the system that generated the cerificate (the CA), what is the date? Does it match current time?
|
on the server it is:
Code:
Wed Dec 19 12:19:33 CST 2012
and on my client it is:
Code:
Wed Dec 19 12:29:34 IRST 2012
do you think is there a problem with it? my server is in Germany and I'm from Iran.
Last edited by shahinism; 12-19-2012 at 03:06 AM.
|
|
|
|
|
12-19-2012, 03:24 AM
|
#4
|
|
Member
Registered: Aug 2010
Location: Seattle
Distribution: CentOS, RHEL, Oracle Enterprise Linux, Solaris, BSD
Posts: 64
Rep:
|
Quote:
Originally Posted by shahinism
on the server it is:
Code:
Wed Dec 19 12:19:33 CST 2012
and on my client it is:
Code:
Wed Dec 19 12:29:34 IRST 2012
do you think is there a problem with it? my server is in Germany and I'm from Iran. |
Run "openssl x509 -noout -text -in <CERTIFICATE>.pem" replacing <CERTIICATE>.pem with your certificate file.
There is definitely something wrong with the time on the certificate vs actual time. |
|
|
|
|
12-19-2012, 03:30 AM
|
#5
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Original Poster
Rep:
|
Quote:
Originally Posted by solarisguy
Run "openssl x509 -noout -text -in <CERTIFICATE>.pem" replacing <CERTIICATE>.pem with your certificate file.
There is definitely something wrong with the time on the certificate vs actual time.
|
It'll return:
Code:
unable to load certificate
1844:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
it seems you are right. but what can I do now? |
|
|
|
|
12-19-2012, 03:36 AM
|
#6
|
|
Member
Registered: Aug 2010
Location: Seattle
Distribution: CentOS, RHEL, Oracle Enterprise Linux, Solaris, BSD
Posts: 64
Rep:
|
Quote:
Originally Posted by shahinism
It'll return:
Code:
unable to load certificate
1844:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
it seems you are right. but what can I do now? |
How did you generate the certificate? |
|
|
|
|
12-19-2012, 03:54 AM
|
#7
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Original Poster
Rep:
|
Quote:
Originally Posted by solarisguy
How did you generate the certificate?
|
by build-dh script from Easy-rsa directory. |
|
|
|
|
12-20-2012, 02:50 AM
|
#8
|
|
Member
Registered: Aug 2010
Location: Seattle
Distribution: CentOS, RHEL, Oracle Enterprise Linux, Solaris, BSD
Posts: 64
Rep:
|
Quote:
Originally Posted by shahinism
by build-dh script from Easy-rsa directory.
|
This should have been created using the build-key certificate in that directory (server side cert should be created using build-key-server). |
|
|
|
|
12-20-2012, 02:56 AM
|
#9
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Original Poster
Rep:
|
Quote:
Originally Posted by solarisguy
This should have been created using the build-key certificate in that directory (server side cert should be created using build-key-server).
|
I used build-key-server to make server.{key,crt}. but for dh1024.pem I used build-dh ;-) |
|
|
|
|
12-20-2012, 04:53 AM
|
#10
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Original Poster
Rep:
|
It seems my problem was from my configs. I used example configs and now I'm connected. but speed is too low! I turned off comp-lzo, but speed is too down and I don't like it :-(
|
|
|
|
|
12-20-2012, 08:31 PM
|
#11
|
|
Member
Registered: Aug 2010
Location: Seattle
Distribution: CentOS, RHEL, Oracle Enterprise Linux, Solaris, BSD
Posts: 64
Rep:
|
Quote:
Originally Posted by shahinism
It seems my problem was from my configs. I used example configs and now I'm connected. but speed is too low! I turned off comp-lzo, but speed is too down and I don't like it :-(
|
Did you compile OpenVPN or install from an RPM? What distro are you using? If you compiled, you'll want to make sure the development libraries are installed for LZO also. It's what supports compression for OpenVPN. If the install wasn't compiled with LZO, you'll need to compile and install the binaries again. |
|
|
|
|
12-21-2012, 12:48 AM
|
#12
|
|
LQ Newbie
Registered: Aug 2012
Distribution: Slackware
Posts: 15
Original Poster
Rep:
|
Quote:
Originally Posted by solarisguy
Did you compile OpenVPN or install from an RPM? What distro are you using? If you compiled, you'll want to make sure the development libraries are installed for LZO also. It's what supports compression for OpenVPN. If the install wasn't compiled with LZO, you'll need to compile and install the binaries again.
|
I'm using Debian, and I used apt-get to install openvpn. LZO worked fine, but after turning it off, openvpn becomes faster, but not enough ;-) |
|
|
|
All times are GMT -5. The time now is 12:29 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
