As captioned, I am unable to connect to the vpn server despite of hours of testing. Configuration as follows:
INSTALL:
Fresh install of Zentyal 2.0-3 as a VM on VirtualBox running on Ubuntu Hardy Desktop Edition. The reason why I run it as a VM is for testing purposes so I can continue to use Ubuntu as a samba server and as a PVR in my living room.
NETWORK:
Network:111.22.3.0
Subnet mask: 255.255.255.0
Defeault Gateway: 111.22.3.1 (Netgear WGR64 v7)
IP Address (Host): 111.22.3.2 (Ubuntu Hardy Desktop Edition)
IP Address (Zentyal VM - bridged): 111.22.3.20 (Zentyal 2.0-3, installed the 'office' setup through wizard, only 1 interface: eth0)
CONNECTIVITY:
Zentyal box is connected to internet, and following setup of users and fileshares, can access Zentyal box resources from other machines on the network (either linux or windows boxes).
VPN CONFIG:
Opened a/c on DynDNS, input corresponding info on router, both exchanging IP info regularly.
UDP 1194 port on router forwards to Zentyal box address (i.e. 111.22.3.20)
Created cert. authority
Created VPN server, and automatically certification
Created another certificate and downloaded config files for that certifiate
Whenever I attempt to connect (whether internal or external network, log shows as follows:
Tue Apr 19 16:05:55 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Tue Apr 19 16:05:55 2011 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Tue Apr 19 16:05:55 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Apr 19 16:05:55 2011 LZO compression initialized
Tue Apr 19 16:05:55 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 19 16:05:55 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Apr 19 16:05:56 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Apr 19 16:05:56 2011 Local Options hash (VER=V4): 'd79ca330'
Tue Apr 19 16:05:56 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Apr 19 16:05:56 2011 UDPv4 link local: [undef]
Tue Apr 19 16:05:56 2011 UDPv4 link remote: xxx.xxx.xxx.x:yyyy
Tue Apr 19 16:06:56 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Apr 19 16:06:56 2011 TLS Error: TLS handshake failed
Tue Apr 19 16:06:56 2011 TCP/UDP: Closing socket
Tue Apr 19 16:06:56 2011 SIGUSR1[soft,tls-error] received, process restarting
Tue Apr 19 16:06:56 2011 Restart pause, 2 second(s)
Tue Apr 19 16:06:58 2011 WARNING: etc.
OTHER REMARKS:
I have tried both different ports, and TCP, but none works. At one occasion, when changing to TCP (but without changing forward on router to TCP), it indicated that the connection had been explicitely rejected (I suppose this is the router firewall).
After hours of testing and reading other posts, I read about the confusion created by multiple gateways, which I then checked directly. Two gatways were listed, as follows (both had been created automatically):
1. dhcp-gw-eth0 -- eth0 v
2. 111.22.3.1 111.22.3.1 eth0 v
Probably because I was too tired by then, I deleted the first dhcp gateway thinking this may be the cause of the problem. This didn't improve or worthened the situation. However, I tried to rebuild but it refused the input saying I didn't provide a valid IP address, which wasn't stated in the first place anyways.
QUESTIONS:
What is wrong in this setup?
Can a VPN server simply not work as a VM?
Is it the bridging to eth0 which doesn't work or do I need a dedicated network adapter for that the VM?
Do I need to input the DynDNS acount info directly in the Zentyal box instead of the router?
I have read that one may need to change firewall setup in Zentyal box, is that causing the problem?
Is the dhcp-gw-eth0 making it worse?
PS01: Something I didn't mention, which I don't think is necessary, but I am based in China. This was also one of the reason I changed some ports, but again, simply for testing purposes.