OpenVPN, iB, Port Forwarding and, for example, IPCop
In my on-going saga with re-establishing my client's connection, their OpenVPN setup is no longer working. I assume it is merely the port forwarding now that needs to be addressed. What ports must forward where? At the mo, they are on IPCop but I will be changing them to ClearOS by year end.
1194 for the openvpn implementation on ipcop
no need to port forward anything if ipcop red is properly external, the zerina installer does everything required.
if ipcop is behind something else, then port forward (on the something else) 1194 to the red interface of ipcop
Thanks Werner
IPCOP red is PPPoE to iBurst / green is private. I had the above setup (no fwd) but it simply will not connect:
every 60 secs.Code:2011-10-12 12:20:37 UDPv4 link local (bound): [undef]:1194 2011-10-12 12:20:37 UDPv4 link remote: 41.56.39.93:1194 2011-10-12 12:20:37 MANAGEMENT: >STATE:1318414837,WAIT,,,
The log also says this:
Code:2011-10-12 12:35:03 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2011-10-12 12:35:03 TLS Error: TLS handshake failed
cool, i take it ipcop 1.4.21 and ZERINA-0.9.7a14?
http://www.openvpn.eu/uploads/media/...staller.tar.gz
some sample configs for the openvpn gui client on windows
#OpenVPN Server conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote xxx.xxx.xxx.xxx 1194 <----your ipcop external ip goes here
pkcs12 wernervpn.p12 <-----certificate downloaded from zerina zip file
cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server
this is for roadwarrior, on ipcop
localvpn hostname ip: red ip or your dns/dyndns name
openvpn on red : ticked
openvpn device: TUN
protocol :udp
mtu: 1400 (matched the client file above)
openvpn subnet: I used 10.127.90.0/255.255.255.0 but any internal range will work ok...this gets assigned to clients when they cconnect
destination port: 1194
encryption: bf-cbc (matches client file above)
still stuck: go here
http://www.openvpn.eu/index.php?id=73
pictures:-)
All my settings are pretty much the same. I tried v2 and get another error - Unroutable packet - repeatedly. Is iBurst definitely not the issue? So, is someone else's iB ovpn working at the moment?
Just to be clear, when this post is found by someone else experiencing similar issues, do not just jump into the OpenVPN logs. First, take a brief look at your system log. That's something I finally did this morning and lo and behold - the DynDNS was failing. One quick fix later and I am in business.
Luckily, I didn't insult anyone during the process...
Posting Permissions
Reply With Quote
Bookmarks