OpenVPN connection problem

dpeterson3 · 08-24-2009, 11:01 AM

I installed OpenVPN so I could do NFS at school. My server and client are both Debian Lenny. My server seems to be working fine. My laptop is having trouble communicating with the server once it connects. The connection initialization is fine. There are no errors spit back. When I try to ping the server, I can not. I get the message

Code:

sudo ping 10.78.11.1
ping: sendmsg: Operation not permitted

I know my server is 10.78.11.1, but my route command spits back

Code:

sudo route
10.78.11.5      *               255.255.255.255 UH    0      0        0 tun0
10.78.11.0      10.78.11.5      255.255.255.0   UG    0      0        0 tun0

I have never used a VPN before, but I am thinking my gateway should be 10.78.11.1 instead of 10.78.11.5. Also, I opened port 1194 in my firewall, but seemyport.com lists this error.

Quote:

Could not connect to 1194 on 131.151.212.175 (Connection refused). Bummer.
It appears you have the port forwarding set up, but nothing is answering on port 1194.

My computer is directly on the internet and I have the rule made in Firestarter to allow connections on 1194. I can't figure out why I can't ping my server.

teebones · 08-24-2009, 12:33 PM

to mods, this belongs to linux networking category

to the OP:
please provide a clear situation overview, and post your vpn configs, so we can have a look, maybe you've missed something.
Or wrong ip's on the wrong places.. etc

Also give us ip addresses, of machines (wan side, internal site, virtual sides, etcetc)
you can mask some addresses for privacy reasons, e.g. 123.543.223.123 could be written as 123.xxx.xxx.123.
of it's provided that the middle numbers/octets are not important.

uteck · 08-24-2009, 12:39 PM

What ISP do you use?
Some ISP's block VPN ports and make you 'upgrade' to business class service for it.

When you connect from the client to the server, what output do you see?
Are you testing from inside your network? I know I can't use my OpenVPN inside the network, so I had to test from a friends house.

dpeterson3 · 08-24-2009, 04:34 PM

Sorry about the wrong section. I don't know what posessed me to put it here instead of in networking. My files are attached. Client is the client that is being a pain. The server file is there also. I am on a campus network. Rather than having a private network, my computer has its own dns name. I can access it directly from the internet. Its current IP is 131.xxx.xxx.101. I would rather have a private network, but campus policy will not allow it. Everything here gets its own DNS name and takes a DHCP lease when it connects (no exceptions). In my config file, my server has its DNS name listed. I still think it is a problem on the client side just because I can't ping it (the client) on port 1194 even though my port is open in my firewall (firestarter).

thanks for the replies

uteck · 08-25-2009, 08:04 AM

Have you tried doing a portscan of your machine to ensure that the port is not being blocked? Use your laptop from another location and try using nmap/wireshark to find out what ports are visible. I have a feeling that your campus network may not allow access to this port.

http://www.wireshark.org/
Youtube has a few howto's posted on using it.
http://www.youtube.com/watch?v=jzkUuc5jK8Q

dpeterson3 · 08-25-2009, 09:53 PM

Found the problem.
http://www.fs-security.com/docs/vpn.php
Opening the port in the firewall is not enough. The interface can not be firewalled. Firestarter doesn't support this yet. Adding the lines there to both linux boxes took care of my problem. I can now ping my server no problem. Thanks for all the help.