| Author |
Message |
ichsie2036
Joined: 03 Sep 2009
Posts: 35
|
| Posted: Tue Apr 19, 2011 12:57 am Post subject: Trying to setting up OpenVPN |
|
|
I tried to configure my box to be an VPN server so that I can connect to it from my Windows XP and browse the web securely - so my passwords and such are safe from eavesdropping.
It's all good until I reach here: http://library.linode.com/networking/openvpn/debian-5-lenny#connect_to_the_vpn
The openvpn daemon started successfully. But I encountered this error when I double click the OpenVPN GUI ( http://openvpn.se ) icon in the bottom right task bar:
Code: Tue Apr 19 13:56:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:52 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:53 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:55 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:58 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:59 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
I thought it's something to do with my iptables and I tried to add the 1194 port but it didn't work. Here are my iptables details:
Code: Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere multiport dports 1234:1244
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:12345
ACCEPT icmp -- anywhere anywhere icmp echo-request
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Any ideas? Thanks! |
|
| Back to top |
|
ichsie2036
Joined: 03 Sep 2009
Posts: 35
|
| Posted: Tue Apr 19, 2011 1:11 am Post subject: |
|
|
I tried this:
Code: iptables -A INPUT -p udp --dport 1194 -j ACCEPT
And now the iptables -L changed to this:
Code: Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere multiport dports 1234:1244
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:12345
ACCEPT icmp -- anywhere anywhere icmp echo-request
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT all -- anywhere anywhere
[b]ACCEPT udp -- anywhere anywhere udp dpt:openvpn[/b]
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
But it's still getting the same error from OpenVPN installed on my local Windows XP:
Code: Tue Apr 19 14:10:47 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Apr 19 14:10:47 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 19 14:10:47 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 19 14:10:47 2011 LZO compression initialized
Tue Apr 19 14:10:47 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 19 14:10:47 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 19 14:10:47 2011 Local Options hash (VER=V4): '41690919'
Tue Apr 19 14:10:47 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Apr 19 14:10:47 2011 UDPv4 link local: [undef]
Tue Apr 19 14:10:47 2011 UDPv4 link remote: 1.2.3.4:1194
Tue Apr 19 14:10:47 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 14:10:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
1.2.3.4 is my Linode IP. |
|
| Back to top |
|
otherbbs
Joined: 30 Oct 2005
Posts: 97
Location: 37.274,-97.393 (KEGT)
|
| Posted: Fri Apr 22, 2011 12:06 pm Post subject: |
|
|
To rule out the firewall, either disable the firewall or flush the rules to see if you can establish the connection with openvpn.
Also, the order of the rules are important, so anything after the REJECT ALL is going to be rejected. Either move the reject rule to the bottom or move your Accept rules above it.
--
Travis |
|
| Back to top |
|
| |
