Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Dec 2009
    Location
    Tokyo, Japan
    Posts
    5

    Default Outbound OpenVPN traffic Blocked

    I have an Untangle gateway set up and am trying to VPN out of the network from a workstation. The distant network is also using an Untangle gateway with OpenVPN. I can connect to the distant network from any open internet connect without erors, but when I try connencting behind the Local Untangle Gateaway - the service times out.

    I have tried disabling all devices on the untangle rack, enabling the "route Open VPN through Bridge" disabling the "Block OpenVPN from internal interface", all without success.

    Does anyone have any suggestions?

  2. #2
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,544

    Default

    Hi,

    What error message do you get?
    How is your firewall policy? (default block or pass)
    Do you in some way block UDP traffic out on port 1194?

    And what versions of untangle are you using?

  3. #3
    Newbie
    Join Date
    Dec 2009
    Location
    Tokyo, Japan
    Posts
    5

    Default

    The Errror Message is TLS Key negotion failed to occur in 60 seconds (Check network connectivity) -- I checked the logs on the distant side, (I log all VPN connections) and there is no log showing I touched the distant side.)

    Firewall is set to default Pass (I also checked the logs - nothing is logged as blocked either)

    I am not blocking UDP 1194 (Unless it is something in the default Untangle build).

    I am using Untangle 7 on both Local and distant.


    Thanks for the quick Reply!
    Last edited by JapanEagle; 12-16-2009 at 02:31 AM.

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,544

    Default

    Hi,

    What ip/dns is it trying to connect to?
    Dose the Local segment have any problems with routes to the distant server?
    Or in any way have the same segment on a other interface.

    you can try adding a bypass or no rack policy for the remote untangle and udp 1194 traffic.

  5. #5
    Newbie
    Join Date
    Dec 2009
    Location
    Tokyo, Japan
    Posts
    5

    Default

    The exact error is:
    Wed Dec 16 17:45:33 2009 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
    Wed Dec 16 17:45:33 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed Dec 16 17:45:33 2009 /usr/bin/openssl-vulnkey -q -b 1536 -m <modulus omitted>
    WARN: could not open database for 1536 bits. Skipped
    Wed Dec 16 17:45:34 2009 LZO compression initialized
    Wed Dec 16 17:45:34 2009 UDPv4 link local: [undef]
    Wed Dec 16 17:45:34 2009 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
    Wed Dec 16 17:46:34 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Dec 16 17:46:34 2009 TLS Error: TLS handshake failed
    Wed Dec 16 17:46:34 2009 SIGTERM[soft,tls-error] received, process exiting
    As far as your other questions ---

    What ip/dns is it trying to connect to?
    The distant IP is my office - I have no trouble reaching it from an open connection to the internet (with the same laptop, no doubt)...But cannot connect from Home (behind my home untangle gateway)


    Dose the Local segment have any problems with routes to the distant server?
    My distant Untangle server is not set up to respond to pings but a traceroute shows traffic leaving my local network on its way to the distant
    Tracing route to cthrsm005124.adsl.ppp.infoweb.ne.jp [xxx.xxx.xxx.xxx]
    over a maximum of 30 hops:

    1 137 ms <1 ms <1 ms 192.168.34.1
    2 35 ms 35 ms 33 ms 203.105.89.130
    3 35 ms 34 ms 36 ms 10.40.2.1
    4 37 ms 35 ms 34 ms 10.1.4.2
    5 38 ms 34 ms 35 ms 10.10.5.2
    6 35 ms 34 ms 35 ms 10.3.3.4
    7 36 ms 34 ms 35 ms 61.120.157.129
    8 64 ms 39 ms 40 ms ge-8-7.a15.tokyjp01.jp.ra.gin.ntt.net [61.120.14
    5.13]
    9 40 ms 38 ms 38 ms xe-4-2-0.a20.tokyjp01.jp.ra.gin.ntt.net [203.105
    .72.57]
    10 41 ms 40 ms 38 ms xe-1-1.a14.tokyjp01.jp.ra.gin.ntt.net [61.120.14
    5.186]
    11 40 ms 39 ms 38 ms 203.105.72.46
    12 * * * Request timed out.
    13 * * * Request timed out.
    14 52 ms 54 ms 54 ms 202.248.6.10
    15 54 ms 53 ms 53 ms 202.248.6.2
    16 * * * Request timed out.
    17 * * * Request timed out.
    18 202.248.6.2 reports: Destination host unreachable.

    Trace complete.


    Or in any way have the same segment on a other interface.
    I dont think so - it is a public address.

    you can try adding a bypass or no rack policy for the remote untangle and udp 1194 traffic.

    The remote box is working - as long as I am on an open Internet connection - It is not working from behind my Home untangle gateway.
    Last edited by JapanEagle; 12-16-2009 at 03:57 AM.

  6. #6
    Newbie
    Join Date
    Dec 2009
    Location
    Tokyo, Japan
    Posts
    5

    Default

    Update - I tired a Bypass policy today on the Local gateway, using the laptop MAC address - and I am still hitting the same wall.

  7. #7
    Newbie
    Join Date
    Dec 2009
    Location
    Tokyo, Japan
    Posts
    5

    Default

    I just found the Packet test feature on the troubleshooting page - AWESOME!

    According to the dump, Untagle isnt blocking my traffic at all. Looks like I have to hit the ISP.

    Fri Dec 18 09:53:21 UTC+0900 2009
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    09:53:01.965887 IP xxx.xxx.xxx.xxx.55961 > xxx.xxx.xxx.xxx.1194: UDP, length 14
    ...
    Thank you for your Help WebFool.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2