Hi Jeff, On 20/05/14 01:12, Jeff Boyce wrote: > Apologies, I forgot I am only subscribed to the daily digest, so I am sure > this response is breaking the threading. My response to Mathias is posted > following his comment. > > >> Message: 7 >> Date: Mon, 19 May 2014 23:54:16 +0200 >> From: Mathias Jeschke <openvpn-us...@0xaffe.de> >> Subject: Re: [Openvpn-users] OpenVPN connection issue >> To: openvpn-users@lists.sourceforge.net >> Message-ID: <537a7d88.9020...@0xaffe.de> >> Content-Type: text/plain; charset=UTF-8; format=flowed >> >> Hi Jeff, >> >> Am 19.05.14 21:58, schrieb Jeff Boyce: >> >>> This makes it appear as if there is a blocking >>> firewall between my Windows client and the OpenWRT box. Is it possible >>> that >>> my DSL provider is blocking this communication? What am I missing, what >>> additional diagnosis is needed, and what options do I have that might >>> still >>> be available to me to connect to an OpenVPN server at my home? >> Additionally - in case icmp works properly - you could try to find the >> blocking firewall by using traceroute: >> >> $ traceroute -U -p 1194 <FQDN> >> >> vs. >> >> $ traceroute <FQDN> >> >> If port 1194 is being blocked you should not get (icmp) answers from >> that router. >> >> Cheers, >> Mathias. > I ran traceroute both ways as you show above. This was run with the > firewall rules in place, which includes a rule for allowing OpenVPN access > to Port 1194. The results for both are the same, with the excerpts shown > below, with my public IP's sanitized. > > [root@disect ~]# traceroute <fqdn> > traceroute to <fqdn> (66.77.88.99), 30 hops max, 60 byte packets > 1 pfgateway.mei.lan (192.168.112.11) 0.151 ms 0.131 ms 0.191 ms > ... snip ... > 19 66.77.88.99 (66.77.88.99) 62.059 ms 62.765 ms 57.293 ms > > [root@disect ~]# traceroute -U -p 1194 <fqdn> > traceroute to <fqdn> (66.77.88.99), 30 hops max, 60 byte packets > 1 pfgateway.mei.lan (192.168.112.11) 0.173 ms 0.166 ms 0.155 ms > ... snip ... > 19 66.77.88.99 (66.77.88.99) 60.778 ms 64.631 ms 61.087 ms > > So with this information and my previous tests, which is correct. > Traceroute saying that Port 1194 is open, or nmap saying the Port 1194 is > not open. I am beginning to think that it is not a firewall issue, and that > there is something else causing the TLS error. What other potential things > might cause the TLS error listed below? > > Tue May 06 12:57:14 2014 us=986234 read UDPv4: Connection reset by peer > (WSAECONNRESET) (code=10054) > Tue May 06 12:57:44 2014 us=875834 TLS Error: TLS key negotiation failed to > occur within 60 seconds (check your network connectivity) > Tue May 06 12:57:44 2014 us=875834 TLS Error: TLS handshake failed > Tue May 06 12:57:44 2014 us=875834 TCP/UDP: Closing socket > can you try switching to proto tcp ? If that works then it is most likely a bad switch somewhere; in 99% of the cases the above messages are caused by either a firewall misconfig (check the firewall settings on the server itself as well) or a cheapo home switch that does not handle UDP connections properly.
HTH, JJK ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
