Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: AaronS on July 13, 2012, 01:32:43 pm
-
Hey Guys,
I am trying to get Zentyal working on a VPS. I have installed it, and everything seems to be working.
However, I do have a few questions:
1. The DHCP range is in the same range as my hosting company IP addresses. Anyidea how to fix that?
2. I can't get a windows computer to connect to the domain - I am thinking something is wrong with my DHCP/DNS?
3. I am trying to connect to the domain via Internet, with NO VPN. Will this work?
Might be forced to use VPN, but I would like to try to do it without.
The one interface I have is configured as internal. The firewall is off (for now)
Anyone every install on a VPS want to help me out? :)
-
Opps, can someone move this to Installation and Configuration? :(
-
1. The DHCP range is in the same range as my hosting company IP addresses. Anyidea how to fix that?
humm... what do you expect ? if there is no VPN, you will have to use public IP otherwise there is no routing. Public IP is most likely in the range of your hosting company. So why do you want something different? To me solution is VPN if you want to keep it "private" but... why do you want DHCP then ?
2. I can't get a windows computer to connect to the domain - I am thinking something is wrong with my DHCP/DNS?
See my comment above. DHCP while deploying on VPS make very little sense, for what I understand, at least to me ;)
-
Thanks for your reply christian.
I thought DHCP was required for PDC, I have disabled it but still can not connect.
I am connecting to corp.mydomain.net - that should work right?
-
Maybe If I took screenshots that would help?
-
If I understand correctly, you are trying to use a VPS as a domain controller.
You create a Zentyal server on a remote location. If you want your clients to authenticate against Zentyal as workstation in a Sambadomain, you will have to create some sort of 'local' connection for your server with your clients. Practically this will only be workable if you set up a VPN connection between your clients and your server, or host your server on your local LAN.
Creating a VPN can be either done by setting up a VPN for each client, or have a router setup a Zentyal-Zentyal connection between the VPS and the local LAN.
-
I thought DHCP was required for PDC
as you understand now, DHCP is not required. Because of Microsoft's approach mixing and hiding everything behind one single interface, this is not always easy to distinguish between component and services. Everything looks like it is "Windows domain controller".
I wonder how many here know what a domain controller is ???
Back to DHCP: in order to access domain controller, you need network up and running (both sides ;)) and client side, it means that workstation got an IP address, either static or dynamic.
To me, domain controller is "only" security part of your Windows server: account management and authentication.
-
Thanks everyone for your posts, I am learning a lot :)
I was thinking that I could set my DNS server on my client computer to the DNS IP addess for the Zentyal VPS, this way I could connect to the domain, but no luck...
It is tricky because the VPS only has 1 interface. I have the firewall and DHCP off.
I was able to connect to the VPN, but I still can't join the domain. Am I crazy?
Is there no way to do this without VPN?
-
Ok, I think I am close here..... :(
When I try to add a computer to the domain, it keeps saying it is missing SRV records?
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "studertech.net":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.net
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
108.161.129.122
- One or more of the following zones do not include delegation to its child zone:
studertech.net
net
. (the root zone)
Any help would be great!
-
You may find this (http://support.microsoft.com/kb/247811) interesting.
You also have to notice that Zentyal permits to maintain, using GUI, TXT and SRV record in Zentyal DNS.
However, this is Zentyal DNS. In your case:
- Zentyal DNS is remote
- not available for local clients unless you tweak VPN so that such VPN is used
Thus, if I understand well, you have to define such SRV record in your local (existing) DNS server.
-
First, I want to thank everyone for there help, and I big THANK YOU to christian for all your help! :D
I WAS ABLE TO GET IT TO WORK!!! :) :) :)
Now the only problem I have now is that I can not log in, as I can't get the OpenVPN client to start before log in. I have been reading 3 different way to do this, but for some reason I just can't get it to work. Any ideas? :-\
So close.... Once again THANK YOU!
-
Also, I have a dd-wrt Router. Does anyone know how I could use that to connect? Does Zentyal support PPTP Client?
Here are the settings I need to fill out:
PPTP Client
Server IP or DNS Name
Remote Subnet
Remote Subnet Mask
MPPE Encryption
MTU (Default: 1450)
MRU (Default: 1450)
NAT Enable or Disable
User Name
Password
-
Never mind the PPTP Client, I upgrade my router to a firmware that support OpenVPN =)
Still not working tho :(
Log
Serverlog Clientlog 20120715 18:23:59 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 8 2011
20120715 18:23:59 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20120715 18:23:59 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120715 18:23:59 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120715 18:23:59 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20120715 18:23:59 I LZO compression initialized
20120715 18:23:59 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 18:23:59 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 18:23:59 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 18:23:59 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 18:23:59 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 18:23:59 Local Options hash (VER=V4): 'd79ca330'
20120715 18:23:59 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 18:23:59 I UDPv4 link local: [undef]
20120715 18:23:59 I UDPv4 link remote: 108.161.129.122:1194
20120715 18:24:00 TLS: Initial packet from 108.161.129.122:1194 sid=3ee026e2 0ea1f46d
20120715 18:24:00 VERIFY OK: depth=1 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=Certification_Authority_Certificate
20120715 18:24:00 VERIFY OK: depth=0 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'state'
20120715 18:24:17 MANAGEMENT: Client disconnected
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'state'
20120715 18:24:17 MANAGEMENT: Client disconnected
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'state'
20120715 18:24:17 MANAGEMENT: Client disconnected
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
-
Ok, I think I am getting somewhere :P but I still can not connect to domain... =(
State
Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.1.2 Remote Address:
Status
Log
Serverlog Clientlog 20120715 19:40:30 I LZO compression initialized
20120715 19:40:30 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 19:40:30 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 19:40:30 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 19:40:30 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 19:40:30 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 19:40:30 Local Options hash (VER=V4): 'd79ca330'
20120715 19:40:30 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 19:40:30 I UDPv4 link local: [undef]
20120715 19:40:30 I UDPv4 link remote: 108.161.129.122:1194
20120715 19:40:30 TLS: Initial packet from 108.161.129.122:1194 sid=ca2e2ba4 0d0a9e8e
20120715 19:40:31 VERIFY OK: depth=1 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=Certification_Authority_Certificate
20120715 19:40:31 VERIFY OK: depth=0 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
20120715 19:40:31 N TLS Error: Unroutable control packet received from 108.161.129.122:1194 (si=3 op=P_CONTROL_V1)
20120715 19:40:32 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120715 19:40:32 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20120715 19:40:32 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120715 19:40:32 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20120715 19:40:32 Control Channel: TLSv1 cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA 1024 bit RSA
20120715 19:40:32 I [vpn-VPNServer] Peer Connection Initiated with 108.161.129.122:1194
20120715 19:40:34 SENT CONTROL [vpn-VPNServer]: 'PUSH_REQUEST' (status=1)
20120715 19:40:34 PUSH: Received control message: 'PUSH_REPLY route 108.161.129.0 255.255.255.0 route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.2 255.255.255.0'
20120715 19:40:34 OPTIONS IMPORT: timers and/or timeouts modified
20120715 19:40:34 OPTIONS IMPORT: --ifconfig/up options modified
20120715 19:40:34 OPTIONS IMPORT: route options modified
20120715 19:40:34 NOTE: --mute triggered...
20120715 19:40:34 1 variation(s) on previous 5 message(s) suppressed by --mute
20120715 19:40:34 I TUN/TAP device tap1 opened
20120715 19:40:34 TUN/TAP TX queue length set to 100
20120715 19:40:34 I /sbin/ifconfig tap1 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
20120715 19:40:34 /sbin/route add -net 108.161.129.0 netmask 255.255.255.0 gw 192.168.1.1
20120715 19:40:34 I Initialization Sequence Completed
20120715 19:40:37 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:41 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:46 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:50 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:54 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:57 NOTE: --mute triggered...
20120715 19:41:12 4 variation(s) on previous 5 message(s) suppressed by --mute
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'state'
20120715 19:41:12 MANAGEMENT: Client disconnected
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'state'
20120715 19:41:12 MANAGEMENT: Client disconnected
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'state'
20120715 19:41:12 MANAGEMENT: Client disconnected
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
-
Here is the log file from the OpenVPN Software Client:
Sun Jul 15 14:25:20 2012 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Sun Jul 15 14:25:20 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sun Jul 15 14:25:20 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jul 15 14:25:21 2012 LZO compression initialized
Sun Jul 15 14:25:21 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jul 15 14:25:21 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 15 14:25:21 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Jul 15 14:25:21 2012 Local Options hash (VER=V4): 'd79ca330'
Sun Jul 15 14:25:21 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sun Jul 15 14:25:21 2012 UDPv4 link local: [undef]
Sun Jul 15 14:25:21 2012 UDPv4 link remote: 108.161.129.122:1194
Sun Jul 15 14:25:21 2012 TLS: Initial packet from 108.161.129.122:1194, sid=eb5fad0b 13c25299
Sun Jul 15 14:25:21 2012 VERIFY OK: depth=1, /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=Certification_Authority_Certificate
Sun Jul 15 14:25:21 2012 VERIFY X509NAME OK: /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
Sun Jul 15 14:25:21 2012 VERIFY OK: depth=0, /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
Sun Jul 15 14:25:22 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 15 14:25:22 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 15 14:25:22 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 15 14:25:22 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 15 14:25:22 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jul 15 14:25:22 2012 [vpn-VPNServer] Peer Connection Initiated with 108.161.129.122:1194
Sun Jul 15 14:25:24 2012 SENT CONTROL [vpn-VPNServer]: 'PUSH_REQUEST' (status=1)
Sun Jul 15 14:25:24 2012 PUSH: Received control message: 'PUSH_REPLY,route 108.161.129.0 255.255.255.0,route-gateway 192.168.1.1,ping 10,ping-restart 120,ifconfig 192.168.1.2 255.255.255.0'
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: route options modified
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: route-related options modified
Sun Jul 15 14:25:24 2012 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Sun Jul 15 14:25:24 2012 ROUTE default_gateway=192.168.1.1
Sun Jul 15 14:25:24 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{BBA19AA2-4F35-41BE-BC9C-78C80D98F8DF}.tap
Sun Jul 15 14:25:24 2012 TAP-Win32 Driver Version 9.8
Sun Jul 15 14:25:24 2012 TAP-Win32 MTU=1500
Sun Jul 15 14:25:24 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.1.2/255.255.255.0 on interface {BBA19AA2-4F35-41BE-BC9C-78C80D98F8DF} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Sun Jul 15 14:25:24 2012 Successful ARP Flush on interface [14] {BBA19AA2-4F35-41BE-BC9C-78C80D98F8DF}
Sun Jul 15 14:25:29 2012 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=1 u/d=up
Sun Jul 15 14:25:29 2012 C:\WINDOWS\system32\route.exe ADD 108.161.129.0 MASK 255.255.255.0 192.168.1.1
Sun Jul 15 14:25:29 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Jul 15 14:25:29 2012 Route addition via IPAPI succeeded [adaptive]
Sun Jul 15 14:25:29 2012 Initialization Sequence Completed
-
looks like there is some conflict with IP.
Could you please describe what you have set up on each side in term of network?
-
VPS Side
Zentyal Server - 108.161.129.122
DNS, No DHCP
OpenVPN daemons
Server VPNServer
Service Enabled
Daemon status Running
Local address 108.161.129.122
Port 1194/UDP
VPN subnet 192.168.1.0/255.255.255.0
VPN network interface tap0
VPN interface address 192.168.1.1192.168.2.1/24
Local Side
Cisco M20 Plus - 192.168.1.1
DHCP 192.168.1.100-200
Edit: Changing the VPN interface address didm't help =(
Serverlog Clientlog 20120715 22:22:13 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120715 22:22:13 N TLS Error: TLS handshake failed
20120715 22:22:13 TCP/UDP: Closing socket
20120715 22:22:13 I SIGUSR1[soft tls-error] received process restarting
20120715 22:22:13 Restart pause 2 second(s)
20120715 22:22:15 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120715 22:22:15 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120715 22:22:15 I Re-using SSL/TLS context
20120715 22:22:15 I LZO compression initialized
20120715 22:22:15 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 22:22:15 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 22:22:15 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 22:22:15 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 22:22:15 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 22:22:15 Local Options hash (VER=V4): 'd79ca330'
20120715 22:22:15 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 22:22:15 I UDPv4 link local: [undef]
20120715 22:22:15 I UDPv4 link remote: 108.161.129.122:1194
20120715 22:22:18 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 22:23:15 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120715 22:23:15 N TLS Error: TLS handshake failed
20120715 22:23:15 TCP/UDP: Closing socket
20120715 22:23:15 I SIGUSR1[soft tls-error] received process restarting
20120715 22:23:15 Restart pause 2 second(s)
20120715 22:23:17 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120715 22:23:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120715 22:23:17 I Re-using SSL/TLS context
20120715 22:23:17 I LZO compression initialized
20120715 22:23:17 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 22:23:17 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 22:23:17 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 22:23:17 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 22:23:17 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 22:23:17 Local Options hash (VER=V4): 'd79ca330'
20120715 22:23:17 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 22:23:17 I UDPv4 link local: [undef]
20120715 22:23:17 I UDPv4 link remote: 108.161.129.122:1194
20120715 22:23:20 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 22:23:48 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'state'
20120715 22:24:10 MANAGEMENT: Client disconnected
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'state'
20120715 22:24:10 MANAGEMENT: Client disconnected
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'state'
20120715 22:24:10 MANAGEMENT: Client disconnected
20120715 22:24:10 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 22:24:10 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
-
you can't have VPN network part of your internal network (in term of IP range) 8)
-
you can't have VPN network part of your internal network (in term of IP range) 8)
Thanks christian,
Yeah, I figured that out. Duh, dumb mistake on my part. But it still don't work, as you can see in my last post =(
-
Latest Log:
State
Server: : Local Address: Remote Address: Client: WAIT: Local Address: Remote Address:
Status
Log
Serverlog Clientlog 20120716 00:43:04 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120716 00:43:04 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120716 00:43:04 I Re-using SSL/TLS context
20120716 00:43:04 I LZO compression initialized
20120716 00:43:04 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120716 00:43:04 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120716 00:43:04 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120716 00:43:04 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120716 00:43:04 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120716 00:43:04 Local Options hash (VER=V4): 'd79ca330'
20120716 00:43:04 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120716 00:43:04 I UDPv4 link local: [undef]
20120716 00:43:04 I UDPv4 link remote: 108.161.129.122:1194
20120716 00:43:07 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120716 00:43:13 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:43:21 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:43:37 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:05 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120716 00:44:05 N TLS Error: TLS handshake failed
20120716 00:44:05 TCP/UDP: Closing socket
20120716 00:44:05 I SIGUSR1[soft tls-error] received process restarting
20120716 00:44:05 Restart pause 2 second(s)
20120716 00:44:07 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120716 00:44:07 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120716 00:44:07 I Re-using SSL/TLS context
20120716 00:44:07 I LZO compression initialized
20120716 00:44:07 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120716 00:44:07 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120716 00:44:07 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120716 00:44:07 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120716 00:44:07 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120716 00:44:07 Local Options hash (VER=V4): 'd79ca330'
20120716 00:44:07 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120716 00:44:07 I UDPv4 link local: [undef]
20120716 00:44:07 I UDPv4 link remote: 108.161.129.122:1194
20120716 00:44:10 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:16 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:24 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:38 N read UDPv4 [EHOSTUNREACH]: No route to host (code=148)
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:41 D MANAGEMENT: CMD 'state'
20120716 00:44:41 MANAGEMENT: Client disconnected
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:41 D MANAGEMENT: CMD 'state'
20120716 00:44:41 MANAGEMENT: Client disconnected
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:41 D MANAGEMENT: CMD 'state'
20120716 00:44:41 MANAGEMENT: Client disconnected
20120716 00:44:41 MANAGEMENT: Client connected from 127.0.0.1:5001
20120716 00:44:42 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
-
Kind of progress ;)
It looks like you face TLS hand shake error now :-[
Have you deployed certificates as per documentation?
The point is that doc describes only Zentyal to Zentyal server to server VPN. So you have to adapt it a bit. Principle is that client will need certificate (issued by Zentyal CA) and also CA public key in order to establish TLS. Thus you have to load it at router level.
-
Hi Guys,
I think I am connected, does this look like I am connected?
State Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.5.2 Remote Address:
Status
Log Serverlog Clientlog 20120722 06:47:45 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 8 2011
20120722 06:47:45 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20120722 06:47:45 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120722 06:47:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120722 06:47:45 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20120722 06:47:45 I LZO compression initialized
20120722 06:47:45 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120722 06:47:45 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120722 06:47:45 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120722 06:47:45 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120722 06:47:45 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120722 06:47:45 Local Options hash (VER=V4): 'd79ca330'
20120722 06:47:45 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120722 06:47:45 I UDPv4 link local: [undef]
20120722 06:47:45 I UDPv4 link remote: 108.161.129.122:1194
20120722 06:47:45 TLS: Initial packet from 108.161.129.122:1194 sid=d1ea82e0 24c88d2f
20120722 06:47:46 VERIFY OK: depth=1 /O=Zentyal/CN=Certification_Authority_Certificate
20120722 06:47:46 VERIFY OK: depth=0 /O=Zentyal/CN=vpn-zentyal
20120722 06:47:46 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120722 06:47:46 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20120722 06:47:46 NOTE: --mute triggered...
20120722 06:47:46 3 variation(s) on previous 5 message(s) suppressed by --mute
20120722 06:47:46 I [vpn-zentyal] Peer Connection Initiated with 108.161.129.122:1194
20120722 06:47:49 SENT CONTROL [vpn-zentyal]: 'PUSH_REQUEST' (status=1)
20120722 06:47:49 PUSH: Received control message: 'PUSH_REPLY route 108.161.129.0 255.255.255.0 route-gateway 192.168.5.1 ping 10 ping-restart 120 ifconfig 192.168.5.2 255.255.255.0'
20120722 06:47:49 OPTIONS IMPORT: timers and/or timeouts modified
20120722 06:47:49 OPTIONS IMPORT: --ifconfig/up options modified
20120722 06:47:49 OPTIONS IMPORT: route options modified
20120722 06:47:49 NOTE: --mute triggered...
20120722 06:47:49 1 variation(s) on previous 5 message(s) suppressed by --mute
20120722 06:47:49 I TUN/TAP device tap1 opened
20120722 06:47:49 TUN/TAP TX queue length set to 100
20120722 06:47:49 I /sbin/ifconfig tap1 192.168.5.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.5.255
20120722 06:47:49 /sbin/route add -net 108.161.129.0 netmask 255.255.255.0 gw 192.168.5.1
20120722 06:47:49 I Initialization Sequence Completed
20120722 06:47:52 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120722 06:47:55 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'state'
20120722 06:47:56 MANAGEMENT: Client disconnected
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'state'
20120722 06:47:56 MANAGEMENT: Client disconnected
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'state'
20120722 06:47:56 MANAGEMENT: Client disconnected
20120722 06:47:56 MANAGEMENT: Client connected from 127.0.0.1:5001
20120722 06:47:56 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
For some reason I still can't connect to VPN? Any ideas? No firewalls.....
-
Maybe I need to add some routes on my dd-wrt? :-\