hi guys
I've got a problem on implementin openvpn So I'm here and hope some one could help me
the story:
I've installed openvpn server on a ubuntu server VPS and I've used the tun point-to-point instead of tap bridge.
there is no error caused by miss configuration on the server.
When I issue the openvpn client.conf command on the client, it gives me:
Code:
Thu Oct 27 15:17:39 2011 OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Thu Oct 27 15:17:39 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Oct 27 15:17:39 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Oct 27 15:17:39 2011 LZO compression initialized
Thu Oct 27 15:17:39 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Oct 27 15:17:39 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Oct 27 15:17:39 2011 Local Options hash (VER=V4): '69109d17'
Thu Oct 27 15:17:39 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Oct 27 15:17:39 2011 Attempting to establish TCP connection with [AF_INET]VPS_IP_ADDR:4242 [nonblock]
Thu Oct 27 15:17:40 2011 TCP connection established with [AF_INET]VPS_IP_ADDR:PORT_NUM
Thu Oct 27 15:17:40 2011 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Oct 27 15:17:40 2011 TCPv4_CLIENT link local: [undef]
Thu Oct 27 15:17:40 2011 TCPv4_CLIENT link remote: [AF_INET]VPS_IP_ADDR:4242
Thu Oct 27 15:17:40 2011 TLS: Initial packet from [AF_INET]VPS_IP_ADDR:4242, sid=b78095e0 079e400c
Thu Oct 27 15:18:40 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Oct 27 15:18:40 2011 TLS Error: TLS handshake failed
Thu Oct 27 15:18:40 2011 Fatal TLS error (check_tls_errors_co), restarting
Thu Oct 27 15:18:40 2011 TCP/UDP: Closing socket
Thu Oct 27 15:18:40 2011 SIGUSR1[soft,tls-error] received, process restarting
Thu Oct 27 15:18:40 2011 Restart pause, 5 second(s)
When I googled the problem I found out people and the openvpn manual itself are saying it's caused by the server's firewall configuration
here are my rules:
Code:
iptables -A INPUT -p tcp --dport 4242 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 4242 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to VPS_IP_ADDR
and my default policy in all chains are ACCEPT and ip forwarding is enabled.
So do you think my firewall still does not let the tls to negotiat?
I'm still waiting
