Re: openvpn - client not connecting

Thu, 19 Nov 2009 17:12:41 -0800 

Hi have something quite similar here, except:
Not the "push route" and "route" lines - comments in the file say "Push routes to the client to allow it to reach other private subnets behind the server". Since I don't want to do so, wanting to connect to the server only, this line is commented out. Thought that is correct/OK? 


I'm using log-append, not log.  Have set verb 9 and will examine tonight. 



steve wrote:

From your logs, it looks like the incoming packet is being sent to your
server. Could it be that IPCop is blocking the outgoing traffic on
1194/UDP?

You can wind up the debugging on the server ( verb 9 ) to get it to log
just about everything. It'd be good to see the packets arriving from the
outside world.

For example...

-- 8< --
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 192.168.99.0 255.255.255.0
push "route 192.168.99.0 255.255.255.0"
route 192.168.99.0 255.255.255.0
keepalive 10 120
comp-lzo
status /var/log/openvpn/status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 9
-- 8< --

creates all virtual interfaces on the 192.168.99.0/24 subnet, and at
least 6 tons of logging.

( and ensure /var/log/openvpn exists! )

On Fri, 2009-11-20 at 11:18 +1300, Roger Searle wrote:

  

Steve Holdoway wrote:

    

On Thu, 2009-11-19 at 22:20 +1300, Roger Searle wrote:

  
      

Thu Nov 19 19:34:33 2009 TLS Error: TLS key negotiation failed to

occur 
within 60 seconds (check your network connectivity)
Thu Nov 19 19:34:33 2009 TLS Error: TLS handshake failed 
    
        

It is a networking problem somewhere along the line. Is the OpenVPN

server recognising the clients attempt to connect? 


Could you show the config files for bth client and server??

Cheers,

Steve


  
      

Sure, unfortunately will have to wait until tonight as I can't get to 
the client config partition from here.  I can get to the server from 
home though.  Is it better to send full config files, or remove all the 
commented lines?



Where would I look to see if the server is seeing the client connect 
attempts?  2 places I know to look are /var/log/messages and log file as 
specified via the server config - is there anywhere else I should be 
looking?


Cheers,
Roger

    






















					Reply via email to