On Mon, 23 May 2011, Tyler J. Wagner wrote:
On Mon, 2011-05-23 at 11:46 -0400, Rick Green wrote:
Mon May 23 11:29:33 2011 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
I did several searches on that message, and the pages I found all seem
to refer to that message in the server's logs when a client disconnects
unexpectedly. I'm getting it in the client's terminal as I attempt to
start the connection.
No, it means that a TCP REJECT or ICMP "port closed" message was
received. Assuming you're using the default OpenVPN configuration, you
need to pass port 1194/UDP through your firewall from external
interfaces.
I'm wondering if the openvpn daemon is even running. It's listed in
/etc/rc.d to be started, but I don't see it running, and netstat -l
doesn't show UDP 1194 as open, either.
If ps and netstat don't show it, it definitely is not running.
You'll need to resolve both issues (running, and firewall).
OK, got it running, but had to kludge it.
I'm running an X-wrt image, with the webif2 GUI. My attempts to
configure and enable openvpn using that gui were for naught. It put some
empty files in /etc/openwrt/webifopenvpn1/ and ..webifopenvpn2/, but never
seemed to start the daemon. The X-wrt documentation webpage is broken, so
I ended up hand-cranking it using these HOWTOs:
http://wiki.openwrt.org/oldwiki/vpn.server.openvpn.tun
http://openvpn.net/index.php/open-source/documentation/howto.html#pki
I was able to defing the firewall pinhole using the webif2 GUI. Other
than that, it was all done with ssh and scp. I put the startup script in
/etc/init.d/, and left the symbolic link to it in /etc/rc.d, instead of
putting it directly in rc.d as the howto suggested. This has the one
adverse effect that the 'restart' target pulls the rug out from under
itself, so the daemon stops, but doesn't get restarted.
--
Rick Green
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-Benjamin Franklin
"As for our common defense, we reject as false the choice between our
safety and our ideals."
-President Barack Obama 20 Jan 2009
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
