hi, without proto tcp declaration it doesnt try over tcp, all that is doing is udp.
if the first line is proto tcp, the first connection is over tcp, after that jumps over UDP.UDP is tried for 5 times after that it resets from the beginning. the second declaration for remote is not parsed, it only tryes the first one. i tested both windows7(openvpn gui v4) and mac os(tunnelblick). Wed Oct 21 16:35:46 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Oct 21 16:35:47 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Oct 21 16:35:47 2015 Attempting to establish TCP connection with [AF_INET]62.231.75.xx:80 Wed Oct 21 16:35:47 2015 MANAGEMENT: >STATE:1445434547,TCP_CONNECT,,, Wed Oct 21 16:35:47 2015 TCP connection established with [AF_INET]62.231.75.xx:80 Wed Oct 21 16:35:47 2015 TCPv4_CLIENT link local: [undef] Wed Oct 21 16:35:47 2015 TCPv4_CLIENT link remote: [AF_INET]62.231.75.xx:80 Wed Oct 21 16:35:47 2015 MANAGEMENT: >STATE:1445434547,WAIT,,, Wed Oct 21 16:36:32 2015 Connection reset, restarting [-1] Wed Oct 21 16:36:32 2015 SIGUSR1[soft,connection-reset] received, process restarting Wed Oct 21 16:36:32 2015 MANAGEMENT: >STATE:1445434592,RECONNECTING,connection-reset,, Wed Oct 21 16:36:32 2015 Restart pause, 5 second(s) Wed Oct 21 16:36:37 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Oct 21 16:36:37 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Oct 21 16:36:37 2015 TCP/UDP: Preserving recently used remote address: [AF_INET]62.231.75.xx:80 Wed Oct 21 16:36:37 2015 UDPv4 link local (bound): [undef] Wed Oct 21 16:36:37 2015 UDPv4 link remote: [AF_INET]62.231.75.xx:80 Wed Oct 21 16:36:37 2015 MANAGEMENT: >STATE:1445434597,WAIT,,, Wed Oct 21 16:36:37 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Wed Oct 21 16:36:39 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Wed Oct 21 16:36:43 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Wed Oct 21 16:36:52 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Wed Oct 21 16:37:08 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Wed Oct 21 16:37:37 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Oct 21 16:37:37 2015 TLS Error: TLS handshake failed Wed Oct 21 16:37:37 2015 SIGUSR1[soft,tls-error] received, process restarting Wed Oct 21 16:37:37 2015 MANAGEMENT: >STATE:1445434657,RECONNECTING,tls-error,, Wed Oct 21 16:37:37 2015 Restart pause, 2 second(s) Wed Oct 21 16:37:39 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Oct 21 16:37:39 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Oct 21 16:37:39 2015 TCP/UDP: Preserving recently used remote address: [AF_INET]62.231.75.xx:80 Wed Oct 21 16:37:39 2015 Attempting to establish TCP connection with [AF_INET]62.231.75.xx:80 > On 21 Oct 2015, at 15:42, debbie...@gmail.com wrote: > > Hi > > ----- Original Message ----- From: "Stefan Szabo" <stefan.sz...@rcs-rds.ro> > To: "Gert Doering" <g...@greenie.muc.de> > Cc: <openvpn-users@lists.sourceforge.net> > Sent: Wednesday, October 21, 2015 8:21 AM > Subject: Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp > >> openvpn server: OpenVPN 2.3.8 x86_64-redhat-linux-gnu >> openvpn client: Tunnelblick 3.6beta10 (build 4400) > >> config client: > >> <connection> >> remote 62.231.75.XX >> port 80 >> proto tcp wait 1 >> </connection> >> <connection> >> remote 62.231.75.XX >> port 1194 >> proto udp wait 10 >> </connection> > > This works as it should for me: > > CLIENT CONFIG: > <connection> > remote NAME > port 80 > #proto tcp wait 10 > proto tcp .. and other options are not parsed > </connection> > <connection> > remote SAME NAME > port 1194 > #proto udp wait 10 > proto udp .. and other options are not parsed > </connection> > > LOG: > Wed Oct 21 13:26:39 2015 us=921442 OpenVPN 2.3.8 i486-pc-linux-gnu [SSL > (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 4 2015 > Wed Oct 21 13:26:39 2015 us=922386 library versions: OpenSSL 1.0.1k 8 Jan > 2015, LZO 2.08 > > <snip> > > Wed Oct 21 13:26:40 2015 us=112379 Attempting to establish TCP connection > with [AF_INET]xx.xx.xx.xx:37085 [nonblock] > Wed Oct 21 13:26:50 2015 us=139124 TCP: connect to [AF_INET]xx.xx.xx.xx:80 > failed, will try again in 5 seconds: Connection timed out > Wed Oct 21 13:26:50 2015 us=140821 SIGUSR1[soft,init_instance] received, > process restarting > Wed Oct 21 13:26:50 2015 us=141197 Restart pause, 5 second(s) > > <snip> > > Wed Oct 21 13:26:55 2015 us=175752 UDPv4 link remote: > [AF_INET]xx.xx.xx.xx:1194 > Wed Oct 21 13:26:55 2015 us=196439 TLS: Initial packet from > [AF_INET]xx.xx.xx.xx:1194, sid=565ee489 80afc503 > > <snip> > > Wed Oct 21 13:26:55 2015 us=656023 [...] Peer Connection Initiated with > [AF_INET]xx.xx.xx.xx:1194 > Wed Oct 21 13:26:58 2015 us=123524 SENT CONTROL [...]: 'PUSH_REQUEST' > (status=1) > Wed Oct 21 13:26:58 2015 us=128551 PUSH: Received control message: > 'PUSH_REPLY,{redacted},ifconfig 10.105.101.74 255.255.255.0,peer-id 0' > > [Is this a bug .. ?] > Wed Oct 21 13:26:58 2015 us=129086 Option 'explicit-exit-notify' in > [PUSH-OPTIONS]:3 is ignored by previous <connection> blocks > > Wed Oct 21 13:26:58 2015 us=129494 OPTIONS IMPORT: timers and/or timeouts > modified > Wed Oct 21 13:26:58 2015 us=129606 OPTIONS IMPORT: explicit notify parm(s) > modified > Wed Oct 21 13:26:58 2015 us=129713 OPTIONS IMPORT: --ifconfig/up options > modified > Wed Oct 21 13:26:58 2015 us=129846 OPTIONS IMPORT: route options modified > Wed Oct 21 13:26:58 2015 us=130167 OPTIONS IMPORT: route-related options > modified > Wed Oct 21 13:26:58 2015 us=130313 OPTIONS IMPORT: environment modified > Wed Oct 21 13:26:58 2015 us=130418 OPTIONS IMPORT: peer-id set > Wed Oct 21 13:26:58 2015 us=130524 OPTIONS IMPORT: adjusting link_mtu to 1605 > Wed Oct 21 13:26:58 2015 us=159018 TUN/TAP device tun86 opened > Wed Oct 21 13:26:58 2015 us=159282 TUN/TAP TX queue length set to 100 > Wed Oct 21 13:26:58 2015 us=159502 do_ifconfig, tt->ipv6=0, > tt->did_ifconfig_ipv6_setup=0 > Wed Oct 21 13:26:58 2015 us=159707 /sbin/ifconfig tun86 10.105.101.74 netmask > 255.255.255.0 mtu 1500 broadcast 10.105.101.255 > Wed Oct 21 13:26:58 2015 us=257649 /sbin/route add -net xx.xx.xx.xx netmask > 255.255.255.255 gw 172.17.2.1 > > <snip> > > Wed Oct 21 13:26:58 2015 us=411079 Initialization Sequence Completed > > Regards > ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
