Dear Jo,
You were absolutely correct. Thank you very much for help. My problem has been solved although I still have problem with its 'TLS Negotiation'.
I spent a whole day to understand the informations you gave to me. I thought you informed me clearly enough so the solution should be not far anymore:
- I just removed all the "conf" file in the "/etc/openvpn/" except 'server.conf';
- 'netstat -anp ....' and kill the service which use '1194';
- no 'dev-node';
- 'dev tun';
And then my openvpn works. Here underbelow of my email, I put the log file.
But the client still can not connect to the openvpn-server. The error message is about TLS problem. I've tried to browse in the internet looking for the solution. It seems many people have the same problem.
What should I do now? What steps should I actually do to make the TLS negotiation works properly?
I put the content of my current 'client.conf' and the '/var/log/messages'.
=========
Here's on the client-side.
=========
sussy-MND:~ # cat /etc/openvpn/client.conf
client
dev tun
proto udp
remote 219.83.114.179 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cli-MND.crt
key /etc/openvpn/keys/cli-MND.key
ns-cert-type client
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
sussy-MND:~ # rcopenvpn status
Checking for OpenVPN: running
Status written to /var/log/messages
sussy-MND:~ # tail -n 30 /var/log/messages
Nov 1 10:49:56 sussy-MND openvpn[3639]: UDPv4 link local: [undef]
Nov 1 10:49:56 sussy-MND openvpn[3639]: UDPv4 link remote: 219.83.114.179:1194
Nov 1 10:50:56 sussy-MND openvpn[3639]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 1 10:50:56 sussy-MND openvpn[3639]: TLS Error: TLS handshake failed
Nov 1 10:50:56 sussy-MND openvpn[3639]: TCP/UDP: Closing socket
Nov 1 10:50:56 sussy-MND openvpn[3639]: SIGUSR1[soft,tls-error] received, process restarting
Nov 1 10:50:56 sussy-MND openvpn[3639]: Restart pause, 2 second(s)
Nov 1 10:50:59 sussy-MND openvpn[3639]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Nov 1 10:50:59 sussy-MND openvpn[3639]: Re-using SSL/TLS context
Nov 1 10:50:59 sussy-MND openvpn[3639]: LZO compression initialized
Nov 1 10:50:59 sussy-MND openvpn[3639]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 1 10:50:59 sussy-MND openvpn[3639]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 1 10:50:59 sussy-MND openvpn[3639]: Local Options hash (VER=V4): '41690919'
Nov 1 10:50:59 sussy-MND openvpn[3639]: Expected Remote Options hash (VER=V4): '530fdded'
Nov 1 10:50:59 sussy-MND openvpn[3639]: UDPv4 link local: [undef]
Nov 1 10:50:59 sussy-MND openvpn[3639]: UDPv4 link remote: 219.83.114.179:1194
Nov 1 10:51:36 sussy-MND openvpn[3639]: event_wait : Interrupted system call (code=4)
Nov 1 10:51:36 sussy-MND openvpn[3639]: TCP/UDP: Closing socket
Nov 1 10:51:36 sussy-MND openvpn[3639]: SIGTERM[hard,] received, process exiting
Nov 1 10:51:39 sussy-MND openvpn[6381]: OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO] [EPOLL] built on Jun 7 2008
Nov 1 10:51:39 sussy-MND openvpn[6381]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Nov 1 10:51:39 sussy-MND openvpn[6381]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 1 10:51:39 sussy-MND openvpn[6381]: WARNING: file '/etc/openvpn/keys/cli-MND.key' is group or others accessible
Nov 1 10:51:39 sussy-MND openvpn[6381]: LZO compression initialized
Nov 1 10:51:39 sussy-MND openvpn[6381]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 1 10:51:39 sussy-MND openvpn[6381]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 1 10:51:39 sussy-MND openvpn[6381]: Local Options hash (VER=V4): '41690919'
Nov 1 10:51:39 sussy-MND openvpn[6381]: Expected Remote Options hash (VER=V4): '530fdded'
Nov 1 10:51:39 sussy-MND openvpn[6382]: UDPv4 link local: [undef]
Nov 1 10:51:39 sussy-MND openvpn[6382]: UDPv4 link remote: 219.83.114.179:1194
sussy-MND:~ #
=========
Here's on the server-side.
=========
mysussy:~ # cat /etc/openvpn/server.conf
local 219.83.114.179
port 1194
proto udp
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/toka-site.crt
key /etc/openvpn/easy-rsa/2.0/keys/toka-site.key
dev tun
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
ns-cert-type server
mysussy:~ # tail -n 40 /var/log/messages
Nov 1 10:07:59 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:03 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:03 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:03 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:09 mysussy kernel: printk: 3 messages suppressed.
Nov 1 10:08:09 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:09 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:14 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:14 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:14 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:19 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:19 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:19 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:23 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:23 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:23 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:28 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:28 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:28 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:34 mysussy kernel: printk: 3 messages suppressed.
Nov 1 10:08:34 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:34 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:39 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:39 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:39 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:43 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:43 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:43 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:48 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:48 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:48 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:54 mysussy kernel: printk: 3 messages suppressed.
Nov 1 10:08:54 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:54 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:08:59 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:08:59 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:08:59 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
Nov 1 10:09:04 mysussy kernel: printk: 2 messages suppressed.
Nov 1 10:09:04 mysussy kernel: martian source 192.168.30.32 from 192.168.30.32, on dev eth0
Nov 1 10:09:04 mysussy kernel: ll header: ff:ff:ff:ff:ff:ff:00:0e:0c:3e:9e:86:08:06
mysussy:~ # rcopenvpn status
Checking for OpenVPN: running
Status written to /var/log/messages
mysussy:~ #
--- On Thu, 10/30/08, Jonathan Ervine
From: Jonathan Ervine
Subject: Re: [opensuse] Building VPN network with OpenVPN and OpenSuSE11 To: opensuse@opensuse.org Date: Thursday, October 30, 2008, 3:43 AM On Thursday 30 October 2008 11:29:46 Patrik Hasibuan wrote: Dear Jo,
This is my try: " mysussy:~ # ls /etc/openvpn README loopback-client server.conf xinetd-client-config client.conf loopback-server server.conf.orig xinetd-server-config easy-rsa office.up static-home.conf xinetd-server-config.orig firewall.sh openvpn-shutdown.sh static-office.conf home.up openvpn-startup.sh tls-home.conf ipp.txt openvpn-status.log tls-office.conf
So there are loads of .conf files in there ... you'll need to reduce this to one (server.conf) at some point.
mysussy:~ # cd / mysussy:/ # openvpn --config /etc/openvpn/server.conf Thu Oct 30 11:23:05 2008 OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO] [EPOLL] built on Jun 7 2008 Thu Oct 30 11:23:05 2008 TCP/UDP: Socket bind failed on local address 219.83.114.179:1194: Address already in use Thu Oct 30 11:23:05 2008 Exiting mysussy:/ # cd /etc/openvpn mysussy:/etc/openvpn # openvpn --config /etc/openvpn/server.conf Thu Oct 30 11:23:20 2008 OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO] [EPOLL] built on Jun 7 2008 Thu Oct 30 11:23:21 2008 TCP/UDP: Socket bind failed on local address 219.83.114.179:1194: Address already in use Thu Oct 30 11:23:21 2008 Exiting mysussy:/etc/openvpn # "
Probably an existing instance of openvpn is holding the port open. netstat -anp | grep 1194 should tell you which process has this port open. Kill the process and start it again from the command line.
'219.83.114.179' is the global-ip number of my outter wlan-card towards the internet gateway of our ISP.
I am confused why the port-number of '1194' has been already occupied whereas the 'openvpn' still can not start. Who/which is using this port-number?
Please advice me.
See above. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org