Forums

Mat Cone
Mat Cone
Offline
Resolved
0 votes
Hello all

I am trying to get my openvpn to work on my clearos 7.2

I followed a lot of other guides which got me to where I am now, It seems like as soon as i fix one thing another thing breaks.
and I should mention I am not great at routings, command line, or even command line commands.
so all i know is when i connect from my PC i get this:

Fri Sep 16 11:20:36 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Fri Sep 16 11:20:36 2016 Windows version 6.2 (Windows 8 or greater)
Fri Sep 16 11:20:36 2016 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Enter Management Password:
Fri Sep 16 11:20:36 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Sep 16 11:20:36 2016 Need hold release from management interface, waiting...
Fri Sep 16 11:20:36 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Sep 16 11:20:36 2016 MANAGEMENT: CMD 'state on'
Fri Sep 16 11:20:36 2016 MANAGEMENT: CMD 'log all on'
Fri Sep 16 11:20:36 2016 MANAGEMENT: CMD 'hold off'
Fri Sep 16 11:20:36 2016 MANAGEMENT: CMD 'hold release'
Fri Sep 16 11:20:41 2016 MANAGEMENT: CMD 'username "Auth" "mx17"'
Fri Sep 16 11:20:41 2016 MANAGEMENT: CMD 'password [...]'
Fri Sep 16 11:20:41 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Sep 16 11:20:41 2016 MANAGEMENT: >STATE:1474050041,RESOLVE,,,
Fri Sep 16 11:20:41 2016 UDPv4 link local: [undef]
Fri Sep 16 11:20:41 2016 UDPv4 link remote: [AF_INET]XXXXXXXXXXXX:1194
Fri Sep 16 11:20:41 2016 MANAGEMENT: >STATE:1474050041,WAIT,,,
Fri Sep 16 11:20:41 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:20:43 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:20:47 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:20:55 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:21:11 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:21:41 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 16 11:21:41 2016 TLS Error: TLS handshake failed
Fri Sep 16 11:21:41 2016 SIGUSR1[soft,tls-error] received, process restarting
Fri Sep 16 11:21:41 2016 MANAGEMENT: >STATE:1474050101,RECONNECTING,tls-error,,
Fri Sep 16 11:21:41 2016 Restart pause, 2 second(s)
Fri Sep 16 11:21:43 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Sep 16 11:21:43 2016 MANAGEMENT: >STATE:1474050103,RESOLVE,,,
Fri Sep 16 11:21:43 2016 UDPv4 link local: [undef]
Fri Sep 16 11:21:43 2016 UDPv4 link remote: [AF_INET]XXXXXXXXXXXX:1194
Fri Sep 16 11:21:43 2016 MANAGEMENT: >STATE:1474050103,WAIT,,,
Fri Sep 16 11:21:43 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:21:45 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:21:50 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Sep 16 11:21:58 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)


I replaced my actual IP with xxxxxxxxxxx
firewall is off on my PC, my pc is on a lan on the clearos server

I also tried from my phone and got:
UDPv4 link local (bound):[undef]
UDPv4 link remote: [AF_INET]xxxxxxxxxxxx:1194

my phone will stay on that line for a while before it says TLS timeout


on the clearos log side:

Sep 16 11:16:30 system openvpn[8134]: OpenVPN 2.3.11 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] ...
Sep 16 11:16:30 system openvpn[8134]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Sep 16 11:16:30 system openvpn[8135]: PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib ...
Sep 16 11:16:30 system openvpn[8135]: Diffie-Hellman initialized with 1024 bit key
Sep 16 11:16:30 system openvpn[8135]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Sep 16 11:16:30 system openvpn[8135]: ROUTE_GATEWAY xxxxxxxxxxxx2/255.255.254.0 IFACE=enp14s0 HWADDR=xxxxxxx
Sep 16 11:16:30 system openvpn[8135]: TUN/TAP device tun0 opened
Sep 16 11:16:30 system openvpn[8135]: TUN/TAP TX queue length set to 100
Sep 16 11:16:30 system openvpn[8135]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 16 11:16:30 system openvpn[8135]: /usr/sbin/ip link set dev tun0 up mtu 1500
Sep 16 11:16:30 system openvpn[8135]: /usr/sbin/ip addr add dev tun0 local 10.8.10.1 peer 10.8.10.2
Sep 16 11:16:30 system openvpn[8135]: /usr/sbin/ip route add 10.8.10.0/24 via 10.8.10.2
Sep 16 11:16:30 system openvpn[8135]: GID set to nobody
Sep 16 11:16:30 system openvpn[8135]: UID set to nobody
Sep 16 11:16:30 system openvpn[8135]: Listening for incoming TCP connection on [undef]
Sep 16 11:16:30 system openvpn[8135]: TCPv4_SERVER link local (bound): [undef]
Sep 16 11:16:30 system openvpn[8135]: TCPv4_SERVER link remote: [undef]
Sep 16 11:16:30 system openvpn[8135]: MULTI: multi_init called, r=256 v=256
Sep 16 11:16:30 system openvpn[8135]: IFCONFIG POOL: base=10.8.10.4 size=62, ipv6=0
Sep 16 11:16:30 system openvpn[8135]: IFCONFIG POOL LIST
Sep 16 11:16:30 system openvpn[8135]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Sep 16 11:16:30 system openvpn[8135]: Initialization Sequence Completed
Sep 16 11:16:30 system openvpn[8146]: OpenVPN 2.3.11 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] ...
Sep 16 11:16:30 system openvpn[8146]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Sep 16 11:16:30 system openvpn[8148]: PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib ...
Sep 16 11:16:30 system openvpn[8148]: Diffie-Hellman initialized with 1024 bit key
Sep 16 11:16:30 system openvpn[8148]: Socket Buffers: R=[229376->229376] S=[229376->229376]
Sep 16 11:16:30 system openvpn[8148]: ROUTE_GATEWAY xxxxxxxxxxxx2/255.255.254.0 IFACE=enp14s0 HWADDR=xxxxxxxxx
Sep 16 11:16:30 system openvpn[8148]: TUN/TAP device tun1 opened
Sep 16 11:16:30 system openvpn[8148]: TUN/TAP TX queue length set to 100
Sep 16 11:16:30 system openvpn[8148]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 16 11:16:30 system openvpn[8148]: /usr/sbin/ip link set dev tun1 up mtu 1500
Sep 16 11:16:30 system openvpn[8148]: /usr/sbin/ip addr add dev tun1 local 10.8.0.1 peer 10.8.0.2
Sep 16 11:16:30 system openvpn[8148]: /usr/sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sep 16 11:16:30 system openvpn[8148]: GID set to nobody
Sep 16 11:16:30 system openvpn[8148]: UID set to nobody
Sep 16 11:16:30 system openvpn[8148]: UDPv4 link local (bound): [undef]
Sep 16 11:16:30 system openvpn[8148]: UDPv4 link remote: [undef]
Sep 16 11:16:30 system openvpn[8148]: MULTI: multi_init called, r=256 v=256
Sep 16 11:16:30 system openvpn[8148]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sep 16 11:16:30 system openvpn[8148]: IFCONFIG POOL LIST
Sep 16 11:16:30 system openvpn[8148]: Initialization Sequence Completed


the xxxxxxxxxxxx2 is different than my actual external ip or the ip I "xxx" above


any help would be great since I have no clue what I am doing
In OpenVPN
Friday, September 16 2016, 06:40 PM
Share this post:
Responses (3)
  • Accepted Answer

    Friday, September 16 2016, 08:34 PM - #Permalink
    Resolved
    0 votes
    There is no evidence of an incoming connection in your ClearOS log. I think they are just start up logs. Have you opened the Incoming Firewall to the Standard Service OpenVPN (or udp:1194)? Make sure you have not also done a port forward rule.
    The reply is currently minimized Show
  • Accepted Answer

    Mat Cone
    Mat Cone
    Offline
    Friday, September 16 2016, 08:08 PM - #Permalink
    Resolved
    0 votes
    @nick

    It is the WAN FQDN in the .ovpn file.
    My ultimate goal is to be able to connect via openvpn from my phone and laptop when away. The above results from my phone were on a lte connection and not the local lan.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 16 2016, 07:55 PM - #Permalink
    Resolved
    0 votes
    If testing from your LAN I don't think you can use your WAN IP in your .ovpn file. Better would be your WAN FQDN, but at the same time put in the ClearOS hosts file (DNS server in the Webconfig) an entry for your WAN FQDN pointing to your ClearOS LAN IP. This way, when your PC is on your LAN, it gets given your ClearOS LAN IP and when it is on the internet it gets your WAN IP without having to make any configuration changes - assuming you are using ClearOS as your LAN DNS server (it also makes testing the webserver from the LAN possible).

    This should allow you to connect but it may not work very well.

    If you want it to work on your LAN properly there is another parameter you need to put in your clients.conf. I can't remember what it is or even if it is something which gets pushed to the client. You'll need to check the OpenVPN docs.

    As an aside, if your planning to use VPN's, it is best if your LAN is not on the 192.168.0.0/24 or 192.168.1.0/24 subnets.
    The reply is currently minimized Show
Your Reply