Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
ichsie2036
PostPosted: Tue Apr 19, 2011 1:57 am 
Offline
Junior Member
User avatar

Joined: Thu Sep 03, 2009 10:47 pm
Posts: 35
Website: http://www.kavoir.com/
I tried to configure my box to be an VPN server so that I can connect to it from my Windows XP and browse the web securely - so my passwords and such are safe from eavesdropping.

It's all good until I reach here: http://library.linode.com/networking/op ... to_the_vpn

The openvpn daemon started successfully. But I encountered this error when I double click the OpenVPN GUI ( http://openvpn.se ) icon in the bottom right task bar:

Code:
Tue Apr 19 13:56:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:52 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:53 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:55 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:58 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:59 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)


I thought it's something to do with my iptables and I tried to add the 1194 port but it didn't work. Here are my iptables details:

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             loopback/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            multiport dports 1234:1244
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:12345
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere


Any ideas? Thanks!

_________________
I have a passion for building websites. I love Usable Databases.
Top
   
Reply with quote  
ichsie2036
 Post subject:
PostPosted: Tue Apr 19, 2011 2:11 am 
Offline
Junior Member
User avatar

Joined: Thu Sep 03, 2009 10:47 pm
Posts: 35
Website: http://www.kavoir.com/
I tried this:

Code:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT


And now the iptables -L changed to this:

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             loopback/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            multiport dports 1234:1244
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:12345
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere
[b]ACCEPT     udp  --  anywhere             anywhere            udp dpt:openvpn[/b]

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere


But it's still getting the same error from OpenVPN installed on my local Windows XP:

Code:
Tue Apr 19 14:10:47 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Apr 19 14:10:47 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 19 14:10:47 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 19 14:10:47 2011 LZO compression initialized
Tue Apr 19 14:10:47 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 19 14:10:47 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 19 14:10:47 2011 Local Options hash (VER=V4): '41690919'
Tue Apr 19 14:10:47 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Apr 19 14:10:47 2011 UDPv4 link local: [undef]
Tue Apr 19 14:10:47 2011 UDPv4 link remote: 1.2.3.4:1194
Tue Apr 19 14:10:47 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 14:10:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)


1.2.3.4 is my Linode IP.

_________________
I have a passion for building websites. I love Usable Databases.
Top
   
Reply with quote  
otherbbs
 Post subject:
PostPosted: Fri Apr 22, 2011 1:06 pm 
Offline
Senior Member

Joined: Sun Oct 30, 2005 7:52 pm
Posts: 97
To rule out the firewall, either disable the firewall or flush the rules to see if you can establish the connection with openvpn.

Also, the order of the rules are important, so anything after the REJECT ALL is going to be rejected. Either move the reject rule to the bottom or move your Accept rules above it.

--
Travis
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group