Find the answer to your Linux question:
Results 1 to 2 of 2
I have set up the server and client certificates but when I tired the client connection, I get the error response below. Tue Dec 22 08:59:15 2009 OpenVPN 2.1.1 i686-pc-mingw32 ...
  1. 12-26-2009 #1
    qwertyjjj
    qwertyjjj is offline
    Just Joined!
    Join Date
    Sep 2009
    Posts
    7

    Centos OpenVPN issue

    I have set up the server and client certificates but when I tired the client connection, I get the error response below.
    Tue Dec 22 08:59:15 2009 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
    Tue Dec 22 08:59:15 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Tue Dec 22 08:59:15 2009 LZO compression initialized
    Tue Dec 22 08:59:15 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Dec 22 08:59:15 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Tue Dec 22 08:59:15 2009 Local Options hash (VER=V4): '41690919'
    Tue Dec 22 08:59:15 2009 Expected Remote Options hash (VER=V4): '530fdded'
    Tue Dec 22 08:59:15 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Dec 22 08:59:15 2009 UDPv4 link local: [undef]
    Tue Dec 22 08:59:15 2009 UDPv4 link remote: 88.208.xxx.xx9:1194
    Tue Dec 22 09:00:15 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Tue Dec 22 09:00:15 2009 TLS Error: TLS handshake failed
    Tue Dec 22 09:00:15 2009 TCP/UDP: Closing socket
    Tue Dec 22 09:00:15 2009 SIGUSR1[soft,tls-error] received, process restarting
    Tue Dec 22 09:00:15 2009 Restart pause, 2 second(s)
    Tue Dec 22 09:00:17 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Tue Dec 22 09:00:17 2009 Re-using SSL/TLS context
    Tue Dec 22 09:00:17 2009 LZO compression initialized
    Tue Dec 22 09:00:17 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Dec 22 09:00:17 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Tue Dec 22 09:00:17 2009 Local Options hash (VER=V4): '41690919'
    Tue Dec 22 09:00:17 2009 Expected Remote Options hash (VER=V4): '530fdded'
    Tue Dec 22 09:00:17 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Dec 22 09:00:17 2009 UDPv4 link local: [undef]
    Tue Dec 22 09:00:17 2009 UDPv4 link remote: 88.208.xxx.xx9:1194
    This is my server IP tables (server is split into 2 IP addresses, one ending in 8, one in 9):
    *filter
    :INPUT DROP [10:568]
    :FORWARD DROP [0:0]
    -A FORWARD -i tun+ -j ACCEPT
    -A FORWARD -o tun+ -j ACCEPT
    :OUTPUT ACCEPT [5:260]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m recent --set --name SSH --rsource
    -A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j DROP
    -A INPUT -d 88.208.xxx.xx9 -p tcp -m tcp --dport 1057 -m state --state NEW -j ACCEPT
    -A INPUT -d 88.208.xxx.xx9 -p tcp -m tcp --dport 5555 -m state --state NEW -j ACCEPT
    -A INPUT -d 88.208.xxx.xx9 -p udp -m udp --dport 1194 -m state --state NEW -j ACCEPT
    -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
    -A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
    -A INPUT -d 88.208.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
    -A INPUT -d 88.208.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport 1935 -j ACCEPT
    -A INPUT -d 88.208.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    -A INPUT -d 88.208.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    -A INPUT -p icmp -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
    -A INPUT -d 88.208.xxx.xx8 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -s 88.208.xxx.xx8 -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -o lo -j ACCEPT
    -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    COMMIT
    Reply With Quote Reply With Quote
  2. 12-27-2009 #2
    agntsgotnosecret
    agntsgotnosecret is offline
    Just Joined!
    Join Date
    Mar 2007
    Posts
    20
    I would first attempt to disable iptables completely and reattempt a VPN connection.

    If you're successful with a connection and your firewall disabled, then you know where to look.

    If not, then let the troubleshooting continue...
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...