openvpn over udp failing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I have an openvpn server running on port 1194 (tcp) successfuly.
The box is 1 server split into 2 IP addresses xx.xx.xx.198 and xx.xx.xx.199.
A proxy server runs on the 198 server and the VPN on 199.
I have been trying to set up a 2nd openvpn service running on the UDP port 1194. The service is running but I am getting a handshake error between the client and the server. The tcp connection works successfully so I can only think this is a firewall issue for the udp service.

Could this be a routing issue on the server?
I noted that when I connect the VPN via TCP to xxx.xxx.xx.199 and go to what's my IP it gives me the 2nd IP of the server which is xxx.xxx.xxx.198 My routing table doesn't show anything that might cause that behaviour though I did originally put in a routing to allow connections to port 443 on the server because xx.xx.xx.198 is the primary address on
eth0 and is preferred over xx.xx.xx.199 by default source address

[root ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun1
172.16.0.2      *               255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun1
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
88.208.236.0    *               255.255.252.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         server88-208-23 0.0.0.0         UG    0      0        0 eth0

CLIENT:
Fri Aug 06 08:10:59 2010 us=843000 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1460) Fri Aug 06 08:10:59 2010 us=843000 Control Channel MTU parms [ L:1502 D:138 EF:38 EB:0 ET:0 EL:0 ] Fri Aug 06 08:10:59 2010 us=859000 Data Channel MTU parms [ L:1502 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Fri Aug 06 08:10:59 2010 us=859000 Local Options String: 'V4,dev-type tun,link-mtu 1502,tun-mtu 1460,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Fri Aug 06 08:10:59 2010 us=859000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1502,tun-mtu 1460,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Aug 06 08:10:59 2010 us=859000 Local Options hash (VER=V4): '32690600'
Fri Aug 06 08:10:59 2010 us=859000 Expected Remote Options hash (VER=V4): '2f6c656c' Fri Aug 06 08:10:59 2010 us=859000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Aug 06 08:10:59 2010 us=859000 UDPv4 link local: [undef]
Fri Aug 06 08:10:59 2010 us=859000 UDPv4 link remote: xx.xxx.xxx.199:1194
Fri Aug 06 08:11:59 2010 us=546000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Aug 06 08:11:59 2010 us=546000 TLS Error: TLS handshake failed
Fri Aug 06 08:11:59 2010 us=546000 TCP/UDP: Closing socket
Fri Aug 06 08:11:59 2010 us=546000 SIGUSR1[soft,tls-error] received, process restarting

SERVER:
Fri Aug 6 13:10:01 2010 us=291165 70.81.232.170:39903 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Fri Aug 6 13:10:01 2010 us=291178 70.81.232.170:39903 ACK reliable_can_send active=1 current=0 : [1] 0 Fri Aug 6 13:10:01 2010 us=291211 70.81.232.170:39903 ACK reliable_send_timeout 2 [1] 0 Fri Aug 6 13:10:01 2010 us=291225 70.81.232.170:39903 TLS: tls_process: timeout set to 1 Fri Aug 6 13:10:01 2010 us=291246 70.81.232.170:39903 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=28dcf511 d87ab2df, stored-sid=00000000 00000000, stored-ip=[undef] Fri Aug 6 13:10:01 2010 us=291266 70.81.232.170:39903 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Fri Aug  6 13:10:01 2010 us=291286 PO_CTL rwflags=0x0001 ev=5 arg=0x080c8c54
Fri Aug  6 13:10:01 2010 us=291299 PO_CTL rwflags=0x0001 ev=6 arg=0x080c8bc8
Fri Aug  6 13:10:01 2010 us=291315 I/O WAIT TR|Tw|SR|Sw [1/7657]
Fri Aug  6 13:10:02 2010 us=298669  event_wait returned 0
Fri Aug  6 13:10:02 2010 us=298704 I/O WAIT status=0x0020
Fri Aug  6 13:10:02 2010 us=298719 MULTI: REAP range 48 -> 64
Fri Aug 6 13:10:02 2010 us=298735 70.81.232.170:39903 TIMER: coarse timer wakeup 1 seconds Fri Aug 6 13:10:02 2010 us=298766 70.81.232.170:39903 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=bbc34abf 90267ad0, stored-sid=6e570880 af58924d, stored-ip=70.81.232.170:39903 Fri Aug 6 13:10:02 2010 us=298784 70.81.232.170:39903 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Fri Aug 6 13:10:02 2010 us=298796 70.81.232.170:39903 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri Aug 6 13:10:02 2010 us=298808 70.81.232.170:39903 TLS Error: TLS handshake failed
Fri Aug  6 13:10:02 2010 us=298820 70.81.232.170:39903 PID packet_id_free
Fri Aug  6 13:10:02 2010 us=298867 70.81.232.170:39903 PID packet_id_free
Fri Aug  6 13:10:02 2010 us=298882 70.81.232.170:39903 PID packet_id_free
Fri Aug 6 13:10:02 2010 us=298895 70.81.232.170:39903 TLS: tls_session_init: entry Fri Aug 6 13:10:02 2010 us=298915 70.81.232.170:39903 PID packet_id_init seq_backtrack=64 time_backtrack=15 Fri Aug 6 13:10:02 2010 us=298963 70.81.232.170:39903 PID packet_id_init seq_backtrack=64 time_backtrack=15 Fri Aug 6 13:10:02 2010 us=298982 70.81.232.170:39903 TLS: tls_session_init: new session object, sid=587007a3 becc1a5e Fri Aug 6 13:10:02 2010 us=299003 70.81.232.170:39903 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=28dcf511 d87ab2df, stored-sid=00000000 00000000, stored-ip=[undef] Fri Aug 6 13:10:02 2010 us=299024 70.81.232.170:39903 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Fri Aug 6 13:10:02 2010 us=299041 70.81.232.170:39903 SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Aug  6 13:10:02 2010 us=299079 MULTI: multi_close_instance called



--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux