Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default OpenVPN connection problems .....

    I am trying to establish an OpenVPN connection from a remote location to my shop. At my shop, I have AT&T U-verse High Speed DSL internet access. The supplied modem is forwarding the external "static" IP address to my Untangle Box (OpenVPN running in server mode). Following this guide to the letter, http://wiki.untangle.com/index.php/OpenVPN, I have distributed my client and installed the client software on the remote computer (Windows XP Pro). When I right click on the open vpn icon in the tray and select "connect", I get an error which reads:



    UDPv4: Permission denied (WSAEACCES) (code=10013)
    TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    SIGTERM[soft,tls-error] received, process exiting



    Here is a brief description of the topology.....

    Shop
    AT&T modem in bridged mode --> Untangle Box (Internal IP address: 192.168.2.1 receiving my "static" external ip address from the modem) --> Netgear Switch --> 2 Windows 7 Pro computers.

    Home
    AT&T modem --> Linksys WRT54G Router (internal ip address: 192.168.2.1 receiving the external "dynamic" ip address from the AT&T modem) --> Windows XP Pro computer (ip address: 192.168.2.20)


    Any help successfully establishing this connection would be greatly appreciated.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,276

    Default

    That error usually means the certificate you're trying to connect with isn't valid. Redistribute your client, reinstall the client, and try again.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default

    Uninstalled the previous client, removed the OpenVPN folder from within the "Program Files" folder on the Windows XP Pro computer, re-distributed the client using the Untangle GUI, moved the .exe file to the Windows XP computer, installed the "new" client on the Windows XP Pro computer, tried to make the connnection again ......... and the problem persists.

  4. #4
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,386

    Default

    that's weird - googling shows a few different things it could be, including file and/or socket permissions.

    you can try it from a different PC as well as doing a Packet Capture on Untangle's External Interface to make sure the packets are reaching it on 1194.

    you're not port forwarding 1194 to anywhere are you?

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,276

    Default

    Yeah this is wierd

    TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    SIGTERM[soft,tls-error] received, process exiting
    This stuff means I can't connect, and can mean everything from the client is using the wrong IP address, to the Untangle server isn't responding publicly.

    UDPv4: Permission denied (WSAEACCES) (code=10013)
    This stuff I've only seen when connecting with a corrupted certificate.

    But, Hlarsen is right, you have to start doing packet captures on untangle to verify that udp 1194 packets are making to Untangle.

    Then again now that I've looked at your OP, this is never going to work. You've listed 192.168.2.0/24 as the private networks on both networks.

    Do you like routing problems? Because once that VPN comes online you've got one.

    And update the firmware on that WRT54G while you're at it, if you have one of the old linksys made units (three indicator lights per switch port), those things have a UDP streaming bug that will nuke OpenVPN traffic.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default

    Thanks for the heads up! I'll install the client on a different remote computer and try it again..... And no, I am not forwarding any ports. Thanks for the quick responses!!!

  7. #7
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default

    This is the results from a connection attempt from a totally different Windows XP Computer on a totally different remote location with an internal IP address of 192.168.1.67 .......


    Sat Oct 29 12:37:23 2011 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
    Sat Oct 29 12:37:23 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sat Oct 29 12:37:23 2011 LZO compression initialized
    Sat Oct 29 12:37:23 2011 UDPv4 link local: [undef]
    Sat Oct 29 12:37:23 2011 UDPv4 link remote: 192.168.1.64:1194
    Sat Oct 29 12:38:23 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Oct 29 12:38:23 2011 TLS Error: TLS handshake failed
    Sat Oct 29 12:38:23 2011 SIGTERM[soft,tls-error] received, process exiting

  8. #8
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default

    I will check for incoming packets on the UT server now .....

  9. #9
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default

    Negative ..... No incoming packets are reaching the eth0 interface, via the "tcpdump -i port 1194" command given in the UT terminal, upon connection attempts. (eth0 has been assigned my static ip address)

    Any other thoughts?

  10. #10
    Untangler
    Join Date
    Jan 2011
    Posts
    87

    Default

    The "open ports tool" at dyndns.org indicates port 1194 is not open. I checked port 443, and I see packets via tcpdump in the terminal. Can I change the default port within UT to use port 443 instead? Or, is this not possible? Many thanks for your assistance gentlement!!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2