Author Topic: Installing Zentyal on VPS  (Read 6087 times)

christian

  • Guest
Re: Installing Zentyal on VPS
« Reply #15 on: July 15, 2012, 08:37:04 pm »
looks like there is some conflict with IP.
Could you please describe what you have set up on each side in term of network?

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #16 on: July 15, 2012, 10:06:43 pm »
VPS Side

Zentyal Server - 108.161.129.122
DNS, No DHCP

OpenVPN daemons
Server VPNServer
Service    Enabled
Daemon status    Running
Local address    108.161.129.122
Port    1194/UDP
VPN subnet    192.168.1.0/255.255.255.0
VPN network interface    tap0
VPN interface address    192.168.1.1192.168.2.1/24

Local Side
Cisco M20 Plus - 192.168.1.1
DHCP 192.168.1.100-200

Edit: Changing the VPN interface address didm't help =(

Serverlog Clientlog 20120715 22:22:13 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120715 22:22:13 N TLS Error: TLS handshake failed
20120715 22:22:13 TCP/UDP: Closing socket
20120715 22:22:13 I SIGUSR1[soft tls-error] received process restarting
20120715 22:22:13 Restart pause 2 second(s)
20120715 22:22:15 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120715 22:22:15 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120715 22:22:15 I Re-using SSL/TLS context
20120715 22:22:15 I LZO compression initialized
20120715 22:22:15 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 22:22:15 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 22:22:15 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 22:22:15 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 22:22:15 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 22:22:15 Local Options hash (VER=V4): 'd79ca330'
20120715 22:22:15 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 22:22:15 I UDPv4 link local: [undef]
20120715 22:22:15 I UDPv4 link remote: 108.161.129.122:1194
20120715 22:22:18 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 22:23:15 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120715 22:23:15 N TLS Error: TLS handshake failed
20120715 22:23:15 TCP/UDP: Closing socket
20120715 22:23:15 I SIGUSR1[soft tls-error] received process restarting
20120715 22:23:15 Restart pause 2 second(s)
20120715 22:23:17 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120715 22:23:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120715 22:23:17 I Re-using SSL/TLS context
20120715 22:23:17 I LZO compression initialized
20120715 22:23:17 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 22:23:17 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 22:23:17 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 22:23:17 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 22:23:17 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 22:23:17 Local Options hash (VER=V4): 'd79ca330'
20120715 22:23:17 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 22:23:17 I UDPv4 link local: [undef]
20120715 22:23:17 I UDPv4 link remote: 108.161.129.122:1194
20120715 22:23:20 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 22:23:48 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'state'
20120715 22:24:10 MANAGEMENT: Client disconnected
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'state'
20120715 22:24:10 MANAGEMENT: Client disconnected
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'state'
20120715 22:24:10 MANAGEMENT: Client disconnected
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
« Last Edit: July 15, 2012, 10:24:51 pm by AaronS »

christian

  • Guest
Re: Installing Zentyal on VPS
« Reply #17 on: July 16, 2012, 12:06:42 am »
you can't have VPN network part of your internal network (in term of IP range)  8)

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #18 on: July 16, 2012, 12:40:49 am »
you can't have VPN network part of your internal network (in term of IP range)  8)

Thanks christian,

Yeah, I figured that out. Duh, dumb mistake on my part. But it still don't work, as you can see in my last post =(

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #19 on: July 16, 2012, 12:47:47 am »
Latest Log:

State
Server: : Local Address: Remote Address: Client: WAIT: Local Address: Remote Address:

Status

Log
Serverlog Clientlog 20120716 00:43:04 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120716 00:43:04 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120716 00:43:04 I Re-using SSL/TLS context
20120716 00:43:04 I LZO compression initialized
20120716 00:43:04 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120716 00:43:04 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120716 00:43:04 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120716 00:43:04 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120716 00:43:04 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120716 00:43:04 Local Options hash (VER=V4): 'd79ca330'
20120716 00:43:04 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120716 00:43:04 I UDPv4 link local: [undef]
20120716 00:43:04 I UDPv4 link remote: 108.161.129.122:1194
20120716 00:43:07 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120716 00:43:13 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:43:21 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:43:37 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:05 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120716 00:44:05 N TLS Error: TLS handshake failed
20120716 00:44:05 TCP/UDP: Closing socket
20120716 00:44:05 I SIGUSR1[soft tls-error] received process restarting
20120716 00:44:05 Restart pause 2 second(s)
20120716 00:44:07 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120716 00:44:07 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120716 00:44:07 I Re-using SSL/TLS context
20120716 00:44:07 I LZO compression initialized
20120716 00:44:07 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120716 00:44:07 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120716 00:44:07 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120716 00:44:07 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120716 00:44:07 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120716 00:44:07 Local Options hash (VER=V4): 'd79ca330'
20120716 00:44:07 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120716 00:44:07 I UDPv4 link local: [undef]
20120716 00:44:07 I UDPv4 link remote: 108.161.129.122:1194
20120716 00:44:10 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:16 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:24 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:38 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:41 D MANAGEMENT: CMD 'state'
20120716 00:44:41 MANAGEMENT: Client disconnected
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:41 D MANAGEMENT: CMD 'state'
20120716 00:44:41 MANAGEMENT: Client disconnected
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:41 D MANAGEMENT: CMD 'state'
20120716 00:44:41 MANAGEMENT: Client disconnected
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:42 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

christian

  • Guest
Re: Installing Zentyal on VPS
« Reply #20 on: July 16, 2012, 06:57:29 am »
Kind of progress  ;)
It looks like you face TLS hand shake error now  :-[
Have you deployed certificates as per documentation?
The point is that doc describes only Zentyal to Zentyal server to server VPN. So you have to adapt it a bit. Principle is that client will need certificate (issued by Zentyal CA) and also CA public key in order to establish TLS. Thus you have to load it at router level.

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #21 on: July 22, 2012, 06:52:13 am »
Hi Guys,

I think I am connected, does this look like I am connected?

State Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.5.2 Remote Address:

Status

Log Serverlog Clientlog 20120722 06:47:45 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 8 2011
20120722 06:47:45 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20120722 06:47:45 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120722 06:47:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120722 06:47:45 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20120722 06:47:45 I LZO compression initialized
20120722 06:47:45 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120722 06:47:45 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120722 06:47:45 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120722 06:47:45 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120722 06:47:45 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120722 06:47:45 Local Options hash (VER=V4): 'd79ca330'
20120722 06:47:45 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120722 06:47:45 I UDPv4 link local: [undef]
20120722 06:47:45 I UDPv4 link remote: 108.161.129.122:1194
20120722 06:47:45 TLS: Initial packet from 108.161.129.122:1194 sid=d1ea82e0 24c88d2f
20120722 06:47:46 VERIFY OK: depth=1 /O=Zentyal/CN=Certification_Authority_Certificate
20120722 06:47:46 VERIFY OK: depth=0 /O=Zentyal/CN=vpn-zentyal
20120722 06:47:46 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120722 06:47:46 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20120722 06:47:46 NOTE: --mute triggered...
20120722 06:47:46 3 variation(s) on previous 5 message(s) suppressed by --mute
20120722 06:47:46 I [vpn-zentyal] Peer Connection Initiated with 108.161.129.122:1194
20120722 06:47:49 SENT CONTROL [vpn-zentyal]: 'PUSH_REQUEST' (status=1)
20120722 06:47:49 PUSH: Received control message: 'PUSH_REPLY route 108.161.129.0 255.255.255.0 route-gateway 192.168.5.1 ping 10 ping-restart 120 ifconfig 192.168.5.2 255.255.255.0'
20120722 06:47:49 OPTIONS IMPORT: timers and/or timeouts modified
20120722 06:47:49 OPTIONS IMPORT: --ifconfig/up options modified
20120722 06:47:49 OPTIONS IMPORT: route options modified
20120722 06:47:49 NOTE: --mute triggered...
20120722 06:47:49 1 variation(s) on previous 5 message(s) suppressed by --mute
20120722 06:47:49 I TUN/TAP device tap1 opened
20120722 06:47:49 TUN/TAP TX queue length set to 100
20120722 06:47:49 I /sbin/ifconfig tap1 192.168.5.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.5.255
20120722 06:47:49 /sbin/route add -net 108.161.129.0 netmask 255.255.255.0 gw 192.168.5.1
20120722 06:47:49 I Initialization Sequence Completed
20120722 06:47:52 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120722 06:47:55 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'state'
20120722 06:47:56 MANAGEMENT: Client disconnected
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'state'
20120722 06:47:56 MANAGEMENT: Client disconnected
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'state'
20120722 06:47:56 MANAGEMENT: Client disconnected
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00


For some reason I still can't connect to VPN? Any ideas? No firewalls.....

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #22 on: July 22, 2012, 06:54:29 am »
Maybe I need to add some routes on my dd-wrt?  :-\