Todd and Margo Chester
2008-Mar-29 01:41 UTC
[CentOS-virt] Open VPN connection problem on Virtual Box
Hi All,
I am working on a mystery. I am using
openvpn-2.1_beta7-gui-1.0.3-install on all
the computers in question. All computers
are running XP-Pro-SP2. (Mine is running
in a virtual window -- details below.)
This configuration works perfectly from my office.
I use it to call five facilities:
remote aa.bb.cc.dd
port 5030
proto udp
dev tap
ifconfig 192.168.240.30 255.255.255.0
secret iamnottellingyou.txt
ping-restart 60
ping-timer-rem
persist-tun
persist-key
resolv-retry 86400
ping 10
comp-lzo
verb 6
mute 10
But, this EXACT config works on TWO other
computers, but not mine:
remote ww.xx.yy.zz 5020
client
dev tap
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca foo-ca.crt
cert foo-client1.crt
key foo-client1.key
ns-cert-type server
ping 10
comp-lzo
verb 3
The only difference between the two computers
that MY config works on and mine, is that
my computer is running in a virtual window.
Host: Cent OS 5.1
Guest XP-Pro-SP2
VM: VirtualBox-1.5.6_28266_rhel5-1.i586.rpm
The host and the guest are connected by
a bridge (br0):
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
BROADCAST=192.168.255.255
IPADDR=192.168.255.10
NETMASK=255.255.255.0
NETWORK=192.168.255.0
GATEWAY=192.168.255.10
ONBOOT=yes
USERCTL=yes
IPV6INIT=no
PEERDNS=no
PROMISC=yes
When trying to connect, the same error message
pops up on my computer (virtual XP) and on the
distant end's (XP) server:
TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
The SAME error message!
Why does the first config work, but not the
second? It is obviously not the config: it
is identical on the other two computers
that it works on. I think it may
be the way open vpn is reacting to my bridge,
but then, again, the first config works.
Editorial comment: AAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!
Anyone know what I am doing wrong?
Many thanks,
-T
Fabian Arrotin
2008-Mar-29 08:06 UTC
[CentOS-virt] Open VPN connection problem on Virtual Box
On Fri, 2008-03-28 at 18:41 -0700, Todd and Margo Chester wrote:> Hi All, > > I am working on a mystery. I am using > openvpn-2.1_beta7-gui-1.0.3-install on all > the computers in question. All computers > are running XP-Pro-SP2. (Mine is running > in a virtual window -- details below.) > > This configuration works perfectly from my office. > I use it to call five facilities: > > remote aa.bb.cc.dd > port 5030 > proto udp > dev tap > ifconfig 192.168.240.30 255.255.255.0 > secret iamnottellingyou.txt > ping-restart 60 > ping-timer-rem > persist-tun > persist-key > resolv-retry 86400 > ping 10 > comp-lzo > verb 6 > mute 10 > > > But, this EXACT config works on TWO other > computers, but not mine: > > remote ww.xx.yy.zz 5020 > client > dev tap > proto udp > resolv-retry infinite > nobind > persist-key > persist-tun > ca foo-ca.crt > cert foo-client1.crt > key foo-client1.key > ns-cert-type server > ping 10 > comp-lzo > verb 3 > > > The only difference between the two computers > that MY config works on and mine, is that > my computer is running in a virtual window. > > Host: Cent OS 5.1 > Guest XP-Pro-SP2 > VM: VirtualBox-1.5.6_28266_rhel5-1.i586.rpm > > The host and the guest are connected by > a bridge (br0): > > DEVICE=br0 > TYPE=Bridge > BOOTPROTO=static > BROADCAST=192.168.255.255 > IPADDR=192.168.255.10 > NETMASK=255.255.255.0 > NETWORK=192.168.255.0 > GATEWAY=192.168.255.10 > ONBOOT=yes > USERCTL=yes > IPV6INIT=no > PEERDNS=no > PROMISC=yes > > > When trying to connect, the same error message > pops up on my computer (virtual XP) and on the > distant end's (XP) server: > > TLS Error: TLS key negotiation failed to occur > within 60 seconds (check your network connectivity) > > The SAME error message! > > > Why does the first config work, but not the > second? It is obviously not the config: it > is identical on the other two computers > that it works on. I think it may > be the way open vpn is reacting to my bridge, > but then, again, the first config works. > > Editorial comment: AAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!! > > Anyone know what I am doing wrong? > > Many thanks, > -T >I've had the same problem one time when the openvpn server was behind a Watchguard Firewall .. i don't know why but some clients machine were not able to connect while others could ... I switched to tcp-server/tcp-client protocol instead of udp and the problem went away directly ... BTW, when possible now, i configure openvpn to listen on 443/tcp so that openvpn clients are able to connect remotely, even through a proxy at the other side ... ;-) -- Fabian Arrotin <fabian.arrotin at arrfab.net> "Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ..."