Author Topic: [Solved]OpenVPN Connection Timeout  (Read 28179 times)

Stunts

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
[Solved]OpenVPN Connection Timeout
« on: December 20, 2009, 07:22:03 pm »
Hello everyone!

I've been using Ebox for a while now - about 1 year and I must say I am very impressed with this software. It makes it very easy to mange my home server.

I've been using Ebox in Ubuntu. However, after I upgraded from Jaunty to Karmic I have experienced some issues with Open VPN.

I can see the the service is running in Ebox's Dashboard. Everything seems fine in there. I have it running in port 1194 (TCP).
If I do a "ps -aus" in bash, I can also see that OpenVPN is running as a service.
I have a properly configured "tap0" interface when the module is loaded. This interface disappears when I stop the module.
If I go to http://www.grc.com/default.htm and use the "ShieldsUP" service on port 1194 it shows up as "open", while neighbour ports show up as "stealth".
Everything seems to be correctly configured, but I can't connect to the server.

On the client side I get the following:
Code: [Select]
francisco@MegalaptopII:~/Desktop/ITXNetwork-client$  sudo openvpn --config ITXNetwork-client.conf
Senha:
Sun Dec 20 18:21:12 2009 OpenVPN 2.1_rc20 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Oct 18 2009
Sun Dec 20 18:21:12 2009 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sun Dec 20 18:21:12 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Dec 20 18:21:12 2009 WARNING: file 'Exp01.pem' is group or others accessible
Sun Dec 20 18:21:12 2009 LZO compression initialized
Sun Dec 20 18:21:12 2009 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Dec 20 18:21:12 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Dec 20 18:21:12 2009 Local Options hash (VER=V4): '31fdf004'
Sun Dec 20 18:21:12 2009 Expected Remote Options hash (VER=V4): '3e6d1056'
Sun Dec 20 18:21:12 2009 Attempting to establish TCP connection with 192.168.2.3:1194 [nonblock]
Sun Dec 20 18:21:22 2009 TCP: connect to 192.168.2.3:1194 failed, will try again in 5 seconds: Connection timed out
Sun Dec 20 18:21:22 2009 SIGUSR1[soft,init_instance] received, process restarting
Sun Dec 20 18:21:22 2009 Restart pause, 5 second(s)
Sun Dec 20 18:21:27 2009 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sun Dec 20 18:21:27 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Dec 20 18:21:27 2009 Re-using SSL/TLS context
Sun Dec 20 18:21:27 2009 LZO compression initialized
Sun Dec 20 18:21:27 2009 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Dec 20 18:21:27 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Dec 20 18:21:27 2009 Local Options hash (VER=V4): '31fdf004'
Sun Dec 20 18:21:27 2009 Expected Remote Options hash (VER=V4): '3e6d1056'
Sun Dec 20 18:21:27 2009 Attempting to establish TCP connection with 213.:SNIP::1194 [nonblock]
^CSun Dec 20 18:21:28 2009 TCP/UDP: Closing socket
Sun Dec 20 18:21:28 2009 SIGINT[hard,init_instance] received, process exiting

As you can see, I have attempted to connect using both the Internal LAN address and the external IP address, but both failed with a timeout.

I hope I have explained my problem in detail, but if any more information is required I will be more than happy to provide it.

Can anyone help me with this please?

Thank you in advance.
« Last Edit: December 21, 2009, 08:26:48 pm by Stunts »

Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
Re: OpenVPN Connection Timeout
« Reply #1 on: December 21, 2009, 02:20:25 pm »
eBox does not support karmic so you can run into trouble if you using it.

As for you problem it seems to me a connectivity problem. A couple of things to try:
 * since you say that the server's firewall is ok, please check the client firewall
 * try to use a UDP server instead of a TCP one, maybe the ISP firewall is the culprit and sometimes switching protocol could help

Stunts

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Connection Timeout
« Reply #2 on: December 21, 2009, 08:25:55 pm »
Hello Javier!

Thank you for your reply!
I have been tinkering a bit with the server side firewall rules. Fore some strange reason, in order to make OpenVPN work, I had to open port 1194 under the section "Filtering rules from internal networks to eBox". I don't know why this make sit work, but the fact is that it does.

I now have a fully functional Ebox running under Karmic Koala. At least for the modules am using.
If I find any other issues I'll be sure to post here, and if applicable post a bug report.

Regards!

Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
Re: [Solved]OpenVPN Connection Timeout
« Reply #3 on: December 22, 2009, 03:10:19 pm »
Glad to know you problem is solved.
About the firewall port, maybe it was because you hadnt the interface marked as external?

Stunts

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: [Solved]OpenVPN Connection Timeout
« Reply #4 on: December 22, 2009, 03:23:15 pm »
That was defenetly not it, since I have 2 adapters, where only one is internal with a fixed address for my LAN (eth0) and the other one is external with Internet access using DHCP (eth2). So I guess no confusion there...

The only justification that comes to mind is that I was connecting to the VPN from my LAN, and despite using an external IP address the connection was still being issued form inside my LAN.

I thought that by issuing my ebox external IP address to my client computer (which is in the same LAN as ebox) I could make a connection form the "outside", but I guess I was wrong.

Anyway, I have now tested it from both my LAN and from a remote location and all seems fine.
I hope that this post at least helps someone else with the same issue.

kid_english

  • Zen Apprentice
  • *
  • Posts: 41
  • Karma: +0/-0
    • View Profile
Re: [Solved]OpenVPN Connection Timeout
« Reply #5 on: January 05, 2010, 07:13:17 pm »
Had the same problem, fixed thanks to this thread. Nice one!

Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
Re: [Solved]OpenVPN Connection Timeout
« Reply #6 on: January 06, 2010, 03:38:39 pm »
I think that Is possible that we have a bug in the "open ports" section of openvpn code. The server you couldnt reach before open manually the firewall, in which interfaces was listening (All interfaces, a internal interface or a external interface)?.

Thanks

pungki

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: OpenVPN Connection Timeout
« Reply #7 on: March 26, 2010, 10:44:53 am »
Hi!

I have same problem here. Can you tell me how exactly to open port 1194?

Under section "Filtering rules form internal networks to eBox" there is no service VPN or column to fill what port should be opened.

On my Dashboard, the VPN daemon is enabled and at Module Status, VPN is Running. Is there any configuration that I missed?

Thank you

-Pungki


Hello Javier!

Thank you for your reply!
I have been tinkering a bit with the server side firewall rules. Fore some strange reason, in order to make OpenVPN work, I had to open port 1194 under the section "Filtering rules from internal networks to eBox". I don't know why this make sit work, but the fact is that it does.

I now have a fully functional Ebox running under Karmic Koala. At least for the modules am using.
If I find any other issues I'll be sure to post here, and if applicable post a bug report.

Regards!

Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
Re: [Solved]OpenVPN Connection Timeout
« Reply #8 on: March 26, 2010, 04:26:38 pm »
There was not bug in the "open firewall port" secction of openvpn code. The OpenVPN automatically add the frewall rules necessary for the server so you don't have nothing to do in the firewall section.

Can you give more details about your problem?