the only thing that mybe you dont have is that i use ldap module for selecting users who must have acces.
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf” but i dont think this is a problem. tomorrow i will try a linux client, but as far i tested so far for mac and windows fallback from cfg file is not working. > On 21 Oct 2015, at 16:46, Stefan Szabo <stefan.sz...@rcs-rds.ro> wrote: > > hi, > > without proto tcp declaration it doesnt try over tcp, all that is doing is > udp. > > if the first line is proto tcp, the first connection is over tcp, after that > jumps over UDP.UDP is tried for 5 times after that it resets from the > beginning. > the second declaration for remote is not parsed, it only tryes the first one. > i tested both windows7(openvpn gui v4) and mac os(tunnelblick). > > Wed Oct 21 16:35:46 2015 WARNING: No server certificate verification method > has been enabled. See http://openvpn.net/howto.html#mitm for more info. > Wed Oct 21 16:35:47 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] > Wed Oct 21 16:35:47 2015 Attempting to establish TCP connection with > [AF_INET]62.231.75.xx:80 > Wed Oct 21 16:35:47 2015 MANAGEMENT: >STATE:1445434547,TCP_CONNECT,,, > Wed Oct 21 16:35:47 2015 TCP connection established with > [AF_INET]62.231.75.xx:80 > Wed Oct 21 16:35:47 2015 TCPv4_CLIENT link local: [undef] > Wed Oct 21 16:35:47 2015 TCPv4_CLIENT link remote: [AF_INET]62.231.75.xx:80 > Wed Oct 21 16:35:47 2015 MANAGEMENT: >STATE:1445434547,WAIT,,, > Wed Oct 21 16:36:32 2015 Connection reset, restarting [-1] > Wed Oct 21 16:36:32 2015 SIGUSR1[soft,connection-reset] received, process > restarting > Wed Oct 21 16:36:32 2015 MANAGEMENT: > >STATE:1445434592,RECONNECTING,connection-reset,, > Wed Oct 21 16:36:32 2015 Restart pause, 5 second(s) > Wed Oct 21 16:36:37 2015 WARNING: No server certificate verification method > has been enabled. See http://openvpn.net/howto.html#mitm for more info. > Wed Oct 21 16:36:37 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] > Wed Oct 21 16:36:37 2015 TCP/UDP: Preserving recently used remote address: > [AF_INET]62.231.75.xx:80 > Wed Oct 21 16:36:37 2015 UDPv4 link local (bound): [undef] > Wed Oct 21 16:36:37 2015 UDPv4 link remote: [AF_INET]62.231.75.xx:80 > Wed Oct 21 16:36:37 2015 MANAGEMENT: >STATE:1445434597,WAIT,,, > Wed Oct 21 16:36:37 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) > (code=10054) > Wed Oct 21 16:36:39 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) > (code=10054) > Wed Oct 21 16:36:43 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) > (code=10054) > Wed Oct 21 16:36:52 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) > (code=10054) > Wed Oct 21 16:37:08 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) > (code=10054) > Wed Oct 21 16:37:37 2015 TLS Error: TLS key negotiation failed to occur > within 60 seconds (check your network connectivity) > Wed Oct 21 16:37:37 2015 TLS Error: TLS handshake failed > Wed Oct 21 16:37:37 2015 SIGUSR1[soft,tls-error] received, process restarting > Wed Oct 21 16:37:37 2015 MANAGEMENT: > >STATE:1445434657,RECONNECTING,tls-error,, > Wed Oct 21 16:37:37 2015 Restart pause, 2 second(s) > Wed Oct 21 16:37:39 2015 WARNING: No server certificate verification method > has been enabled. See http://openvpn.net/howto.html#mitm for more info. > Wed Oct 21 16:37:39 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] > Wed Oct 21 16:37:39 2015 TCP/UDP: Preserving recently used remote address: > [AF_INET]62.231.75.xx:80 > Wed Oct 21 16:37:39 2015 Attempting to establish TCP connection with > [AF_INET]62.231.75.xx:80 > > > > > > > > >> On 21 Oct 2015, at 15:42, debbie...@gmail.com wrote: >> >> Hi >> >> ----- Original Message ----- From: "Stefan Szabo" <stefan.sz...@rcs-rds.ro> >> To: "Gert Doering" <g...@greenie.muc.de> >> Cc: <openvpn-users@lists.sourceforge.net> >> Sent: Wednesday, October 21, 2015 8:21 AM >> Subject: Re: [Openvpn-users] client config fallback from 1194 udp to 80 tcp >> >>> openvpn server: OpenVPN 2.3.8 x86_64-redhat-linux-gnu >>> openvpn client: Tunnelblick 3.6beta10 (build 4400) >> >>> config client: >> >>> <connection> >>> remote 62.231.75.XX >>> port 80 >>> proto tcp wait 1 >>> </connection> >>> <connection> >>> remote 62.231.75.XX >>> port 1194 >>> proto udp wait 10 >>> </connection> >> >> This works as it should for me: >> >> CLIENT CONFIG: >> <connection> >> remote NAME >> port 80 >> #proto tcp wait 10 >> proto tcp .. and other options are not parsed >> </connection> >> <connection> >> remote SAME NAME >> port 1194 >> #proto udp wait 10 >> proto udp .. and other options are not parsed >> </connection> >> >> LOG: >> Wed Oct 21 13:26:39 2015 us=921442 OpenVPN 2.3.8 i486-pc-linux-gnu [SSL >> (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 4 2015 >> Wed Oct 21 13:26:39 2015 us=922386 library versions: OpenSSL 1.0.1k 8 Jan >> 2015, LZO 2.08 >> >> <snip> >> >> Wed Oct 21 13:26:40 2015 us=112379 Attempting to establish TCP connection >> with [AF_INET]xx.xx.xx.xx:37085 [nonblock] >> Wed Oct 21 13:26:50 2015 us=139124 TCP: connect to [AF_INET]xx.xx.xx.xx:80 >> failed, will try again in 5 seconds: Connection timed out >> Wed Oct 21 13:26:50 2015 us=140821 SIGUSR1[soft,init_instance] received, >> process restarting >> Wed Oct 21 13:26:50 2015 us=141197 Restart pause, 5 second(s) >> >> <snip> >> >> Wed Oct 21 13:26:55 2015 us=175752 UDPv4 link remote: >> [AF_INET]xx.xx.xx.xx:1194 >> Wed Oct 21 13:26:55 2015 us=196439 TLS: Initial packet from >> [AF_INET]xx.xx.xx.xx:1194, sid=565ee489 80afc503 >> >> <snip> >> >> Wed Oct 21 13:26:55 2015 us=656023 [...] Peer Connection Initiated with >> [AF_INET]xx.xx.xx.xx:1194 >> Wed Oct 21 13:26:58 2015 us=123524 SENT CONTROL [...]: 'PUSH_REQUEST' >> (status=1) >> Wed Oct 21 13:26:58 2015 us=128551 PUSH: Received control message: >> 'PUSH_REPLY,{redacted},ifconfig 10.105.101.74 255.255.255.0,peer-id 0' >> >> [Is this a bug .. ?] >> Wed Oct 21 13:26:58 2015 us=129086 Option 'explicit-exit-notify' in >> [PUSH-OPTIONS]:3 is ignored by previous <connection> blocks >> >> Wed Oct 21 13:26:58 2015 us=129494 OPTIONS IMPORT: timers and/or timeouts >> modified >> Wed Oct 21 13:26:58 2015 us=129606 OPTIONS IMPORT: explicit notify parm(s) >> modified >> Wed Oct 21 13:26:58 2015 us=129713 OPTIONS IMPORT: --ifconfig/up options >> modified >> Wed Oct 21 13:26:58 2015 us=129846 OPTIONS IMPORT: route options modified >> Wed Oct 21 13:26:58 2015 us=130167 OPTIONS IMPORT: route-related options >> modified >> Wed Oct 21 13:26:58 2015 us=130313 OPTIONS IMPORT: environment modified >> Wed Oct 21 13:26:58 2015 us=130418 OPTIONS IMPORT: peer-id set >> Wed Oct 21 13:26:58 2015 us=130524 OPTIONS IMPORT: adjusting link_mtu to 1605 >> Wed Oct 21 13:26:58 2015 us=159018 TUN/TAP device tun86 opened >> Wed Oct 21 13:26:58 2015 us=159282 TUN/TAP TX queue length set to 100 >> Wed Oct 21 13:26:58 2015 us=159502 do_ifconfig, tt->ipv6=0, >> tt->did_ifconfig_ipv6_setup=0 >> Wed Oct 21 13:26:58 2015 us=159707 /sbin/ifconfig tun86 10.105.101.74 >> netmask 255.255.255.0 mtu 1500 broadcast 10.105.101.255 >> Wed Oct 21 13:26:58 2015 us=257649 /sbin/route add -net xx.xx.xx.xx netmask >> 255.255.255.255 gw 172.17.2.1 >> >> <snip> >> >> Wed Oct 21 13:26:58 2015 us=411079 Initialization Sequence Completed >> >> Regards >> > > > ------------------------------------------------------------------------------ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
