Reply
 
Thread Tools Display Modes
  #1  
Old 09-03-2011, 01:04 PM
bsdaddict bsdaddict is offline
Senior Member
 
Join Date: Nov 2008
Posts: 238
Thanks: 2
Thanked 1 Time in 1 Post
Default openvpn connection problems
Hi,

I'm running 8.2-rel, 64bit and openvpn 2.2.1. The problem is that I can't get a connection. And the funny part is that it works with the same config .ovpn file under windows 7...
Openvpn tries to connect via port 443 (instead of the usual 1194 port. I have added exceptions for those 2 ports in pf (both for incoming and outgoing traffic for tcp traffic). I tried to connect without pf (and with and without those portexceptions added) and without my proxy (3proxy) but the result stays the same : no connection... In the config .ovpn file i just changed the "dev tap" to "dev tun" (but no tunx dev gets created).
Below are the config file and the connection log.
What goes wrong here ?

This is the .ovn config file :

proto tcp-client
remote eu2.finevpn.com 443 # non-stadard port for OpenVPN
# dev tap
dev tun
nobind
persist-key
tls-client
ca unblockvpn-ca.pem # Root certificate in the same directory as this configuration file.
ns-cert-type server
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
#if connection is terminated, it will attempt to connect without promting username and pass
auth-retry nointeract
redirect-gateway def1
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4


This is the connection log :

# openvpn --config eu2_slovakia.ovpn
Sat Sep 3 12:28:31 2011 OpenVPN 2.2.1 amd64-portbld-freebsd8.0 [SSL] [LZO2] [eurephia] built on Jul 7 2011
Enter Auth Username:beni@brinckman.info
Enter Auth Password:
Sat Sep 3 12:28:37 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Sep 3 12:28:37 2011 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 3 12:28:37 2011 Socket Buffers: R=[65536->65536] S=[32768->65536]
Sat Sep 3 12:28:37 2011 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Sat Sep 3 12:28:37 2011 Local Options hash (VER=V4): '5cb3f8dc'
Sat Sep 3 12:28:37 2011 Expected Remote Options hash (VER=V4): '898ae6c6'
Sat Sep 3 12:28:37 2011 Attempting to establish TCP connection with 92.240.235.130:443 [nonblock]
Sat Sep 3 12:28:38 2011 TCP connection established with 92.240.235.130:443
Sat Sep 3 12:28:38 2011 TCPv4_CLIENT link local: [undef]
Sat Sep 3 12:28:38 2011 TCPv4_CLIENT link remote: 92.240.235.130:443
Sat Sep 3 12:28:38 2011 TLS: Initial packet from 92.240.235.130:443, sid=d31bee12 8f600cd5
Sat Sep 3 12:28:38 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Sep 3 12:28:39 2011 VERIFY OK: depth=1, /C=CZ/O=UnblockVPN.com/CN=UnblockVPN.com
Sat Sep 3 12:28:39 2011 VERIFY OK: nsCertType=SERVER
Sat Sep 3 12:28:39 2011 VERIFY OK: depth=0, /C=CZ/O=UnblockVPN.com/CN=eu2.finevpn.com/emailAddress=info@finevpn.com
Sat Sep 3 12:28:39 2011 Connection reset, restarting [0]
Sat Sep 3 12:28:39 2011 TCP/UDP: Closing socket
Sat Sep 3 12:28:39 2011 SIGUSR1[soft,connection-reset] received, process restarting
Sat Sep 3 12:28:39 2011 Restart pause, 10 second(s)
Sat Sep 3 12:28:49 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Sep 3 12:28:49 2011 Re-using SSL/TLS context
Sat Sep 3 12:28:49 2011 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 3 12:28:49 2011 Socket Buffers: R=[65536->65536] S=[32768->65536]
Sat Sep 3 12:28:49 2011 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Sat Sep 3 12:28:49 2011 Local Options hash (VER=V4): '5cb3f8dc'
Sat Sep 3 12:28:49 2011 Expected Remote Options hash (VER=V4): '898ae6c6'
Sat Sep 3 12:28:49 2011 Attempting to establish TCP connection with 92.240.235.130:443 [nonblock]
Sat Sep 3 12:28:50 2011 TCP connection established with 92.240.235.130:443
Sat Sep 3 12:28:50 2011 TCPv4_CLIENT link local: [undef]
Sat Sep 3 12:28:50 2011 TCPv4_CLIENT link remote: 92.240.235.130:443
Sat Sep 3 12:28:50 2011 TLS: Initial packet from 92.240.235.130:443, sid=b0432335 9aec4030
Sat Sep 3 12:28:51 2011 VERIFY OK: depth=1, /C=CZ/O=UnblockVPN.com/CN=UnblockVPN.com
Sat Sep 3 12:28:51 2011 VERIFY OK: nsCertType=SERVER
Sat Sep 3 12:28:51 2011 VERIFY OK: depth=0, /C=CZ/O=UnblockVPN.com/CN=eu2.finevpn.com/emailAddress=info@finevpn.com
Sat Sep 3 12:28:51 2011 Connection reset, restarting [0]
Sat Sep 3 12:28:51 2011 TCP/UDP: Closing socket
Sat Sep 3 12:28:51 2011 SIGUSR1[soft,connection-reset] received, process restarting
Sat Sep 3 12:28:51 2011 Restart pause, 10 second(s)
Sat Sep 3 12:29:01 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Sep 3 12:29:01 2011 Re-using SSL/TLS context
Sat Sep 3 12:29:01 2011 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 3 12:29:01 2011 Socket Buffers: R=[65536->65536] S=[32768->65536]
Sat Sep 3 12:29:01 2011 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Sat Sep 3 12:29:01 2011 Local Options hash (VER=V4): '5cb3f8dc'
Sat Sep 3 12:29:01 2011 Expected Remote Options hash (VER=V4): '898ae6c6'
Sat Sep 3 12:29:01 2011 Attempting to establish TCP connection with 92.240.235.130:443 [nonblock]
Sat Sep 3 12:29:02 2011 TCP connection established with 92.240.235.130:443
Sat Sep 3 12:29:02 2011 TCPv4_CLIENT link local: [undef]
Sat Sep 3 12:29:02 2011 TCPv4_CLIENT link remote: 92.240.235.130:443
Sat Sep 3 12:29:02 2011 TLS: Initial packet from 92.240.235.130:443, sid=41f85d3e ae6382df
Sat Sep 3 12:29:03 2011 VERIFY OK: depth=1, /C=CZ/O=UnblockVPN.com/CN=UnblockVPN.com
Sat Sep 3 12:29:03 2011 VERIFY OK: nsCertType=SERVER
Sat Sep 3 12:29:03 2011 VERIFY OK: depth=0, /C=CZ/O=UnblockVPN.com/CN=eu2.finevpn.com/emailAddress=info@finevpn.com
Sat Sep 3 12:29:03 2011 Connection reset, restarting [0]
Sat Sep 3 12:29:03 2011 TCP/UDP: Closing socket
Sat Sep 3 12:29:03 2011 SIGUSR1[soft,connection-reset] received, process restarting
Sat Sep 3 12:29:03 2011 Restart pause, 10 second(s)
Sat Sep 3 12:29:13 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Sep 3 12:29:13 2011 Re-using SSL/TLS context
Sat Sep 3 12:29:13 2011 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 3 12:29:13 2011 Socket Buffers: R=[65536->65536] S=[32768->65536]
Sat Sep 3 12:29:13 2011 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Sat Sep 3 12:29:13 2011 Local Options hash (VER=V4): '5cb3f8dc'
Sat Sep 3 12:29:13 2011 Expected Remote Options hash (VER=V4): '898ae6c6'
Sat Sep 3 12:29:13 2011 Attempting to establish TCP connection with 92.240.235.130:443 [nonblock]
Sat Sep 3 12:29:14 2011 TCP connection established with 92.240.235.130:443
Sat Sep 3 12:29:14 2011 TCPv4_CLIENT link local: [undef]
Sat Sep 3 12:29:14 2011 TCPv4_CLIENT link remote: 92.240.235.130:443
Sat Sep 3 12:29:14 2011 TLS: Initial packet from 92.240.235.130:443, sid=a9faa92e e0ec6db4
Sat Sep 3 12:29:15 2011 VERIFY OK: depth=1, /C=CZ/O=UnblockVPN.com/CN=UnblockVPN.com
Sat Sep 3 12:29:15 2011 VERIFY OK: nsCertType=SERVER
Sat Sep 3 12:29:15 2011 VERIFY OK: depth=0, /C=CZ/O=UnblockVPN.com/CN=eu2.finevpn.com/emailAddress=info@finevpn.com
Sat Sep 3 12:29:15 2011 Connection reset, restarting [0]
Sat Sep 3 12:29:15 2011 TCP/UDP: Closing socket
Sat Sep 3 12:29:15 2011 SIGUSR1[soft,connection-reset] received, process restarting
Sat Sep 3 12:29:15 2011 Restart pause, 10 second(s)
Sat Sep 3 12:29:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Sep 3 12:29:25 2011 Re-using SSL/TLS context
Sat Sep 3 12:29:25 2011 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 3 12:29:25 2011 Socket Buffers: R=[65536->65536] S=[32768->65536]
Sat Sep 3 12:29:25 2011 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Sat Sep 3 12:29:25 2011 Local Options hash (VER=V4): '5cb3f8dc'
Sat Sep 3 12:29:25 2011 Expected Remote Options hash (VER=V4): '898ae6c6'
Sat Sep 3 12:29:25 2011 Attempting to establish TCP connection with 92.240.235.130:443 [nonblock]
Sat Sep 3 12:29:35 2011 TCP: connect to 92.240.235.130:443 failed, will try again in 5 seconds: Operation timed out
Sat Sep 3 12:29:50 2011 TCP: connect to 92.240.235.130:443 failed, will try again in 5 seconds: Operation timed out
Sat Sep 3 12:30:05 2011 TCP: connect to 92.240.235.130:443 failed, will try again in 5 seconds: Operation timed out
^CSat Sep 3 12:30:14 2011 TCP/UDP: Closing socket
Sat Sep 3 12:30:14 2011 SIGINT[hard,init_instance] received, process exiting
Reply With Quote
  #2  
Old 09-04-2011, 08:42 AM
bsdaddict bsdaddict is offline
Senior Member
 
Join Date: Nov 2008
Posts: 238
Thanks: 2
Thanked 1 Time in 1 Post
Default [solved]
I should have used the tap device instead of the tun dev...
After adding "--dev tap0" to the startup options, it "just worked" ;-)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:02 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright 2005-2010, The PC-BSD Project. PC-BSD and the PC-BSD logo are registered trademarks of iXsystems.
All other content is freely available for sharing under the terms of the Creative Commons Attribution License.