| View previous topic :: View next topic |
| Author |
Message |
plut0
Apprentice
Joined: 21 Dec 2004
Posts: 272
|
 Posted: Thu Jul 27, 2006 12:13 am Post subject: openvpn won't connect [solved] |
 |
|
I just installed openvpn 2.0.6 on gentoo and trying to connect via windows xp 2.0.7. I am not getting very far in the connection, i keep getting the messages "Unroutable control packet received from..." I did a lot of research but the answers didn't help. One of which says the cert generated is bad, but I verified both the client and server certs. The other answer was date/time is off but that isn't the case either. What am I doing wrong here?
client config:
| Code: | client
dev tun
proto udp
remote [server] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3 |
server config:
| Code: | port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/vpn.crt
key keys/vpn.key
dh keys/dh1024.pem
server 10.8.0.1 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.0.0 255.255.0.0"
push "route 10.8.0.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4 |
client log:
| Code: | Wed Jul 26 19:46:44 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Wed Jul 26 19:46:44 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul 26 19:46:44 2006 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 26 19:46:44 2006 LZO compression initialized
Wed Jul 26 19:46:44 2006 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul 26 19:46:44 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 26 19:46:44 2006 Local Options hash (VER=V4): '41690919'
Wed Jul 26 19:46:44 2006 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul 26 19:46:44 2006 UDPv4 link local: [undef]
Wed Jul 26 19:46:44 2006 UDPv4 link remote: [server]:1194
Wed Jul 26 19:46:51 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:01 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:11 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:22 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:32 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:42 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:44 2006 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 26 19:47:44 2006 TLS Error: TLS handshake failed
Wed Jul 26 19:47:44 2006 TCP/UDP: Closing socket
Wed Jul 26 19:47:44 2006 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 26 19:47:44 2006 Restart pause, 2 second(s) |
server log:
| Code: | Wed Jul 26 19:45:39 2006 OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jul 26 2006
Wed Jul 26 19:45:39 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul 26 19:45:39 2006 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
Wed Jul 26 19:45:39 2006 TUN/TAP device tun0 opened
Wed Jul 26 19:45:39 2006 UDPv4 link local (bound): [undef]:1194
Wed Jul 26 19:45:39 2006 UDPv4 link remote: [undef]
Wed Jul 26 19:46:02 2006 Peer Connection Initiated with [client]:1306
Wed Jul 26 19:46:02 2006 Initialization Sequence Completed |
Last edited by plut0 on Thu Jul 27, 2006 3:39 pm; edited 1 time in total |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Thu Jul 27, 2006 9:32 am Post subject: |
|
|
You need to read the log. And then follow the link it suggests.
http://openvpn.net/howto.html#mitm
You've almost cracked it. |
|
| Back to top |
|
|
plut0
Apprentice
Joined: 21 Dec 2004
Posts: 272
|
| Posted: Thu Jul 27, 2006 2:24 pm Post subject: |
|
|
Thanks for the info, that got rid of the warning but not the problem unfortunately. This is what I did...
I added this to the client config:
| Code: | ns-cert-type server
tls-client
tls-auth ta.key 1
cipher BF-CBC |
And this to the server config:
| Code: | tls-server
tls-auth keys/ta.key 0
cipher BF-CBC |
And now on the client logs the warning message is gone:
| Code: | Thu Jul 27 10:11:34 2006 us=221245 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Jul 27 10:11:34 2006 us=221282 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 27 10:11:34 2006 us=242889 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
But on the server I still get this (not sure if this matters or not):
| Code: | | Thu Jul 27 10:21:01 2006 us=11862 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext |
And on the client I still see these messages:
| Code: | Thu Jul 27 10:22:27 2006 us=745792 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Thu Jul 27 10:22:37 2006 us=345341 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Thu Jul 27 10:22:48 2006 us=296248 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1) |
|
|
| Back to top |
|
|
plut0
Apprentice
Joined: 21 Dec 2004
Posts: 272
|
| Posted: Thu Jul 27, 2006 3:39 pm Post subject: |
|
|
Well this is silly but openvpn wasn't using the right config file is why I was having problems.  |
|
| Back to top |
|
|
|
Networking & Security
