OpenVPN: Cannot connect

[maniac7]

Hallo everyone,

First of all: I'm new to Amahi, but I'm not a complete Linux n00b.
I'm using Ubuntu 12.04.1 LTS server with xubuntu-desktop.
Amahi runs flawlessly, all services work (samba, dhcp, apache, ...).

I wanted to install openVPN to connect to my server from the outside world and followed the wiki page http://wiki.amahi.org/index.php/OpenVPN .
However, I cannot connect (the logfile of the openVPN client is at the bottom).
I forwarded the UDP port 1194 on my router (EasyBox 803) to the static IP of my server. With the same preferences I forwarded the SSH port (TCP) and can connect from outside and inside the network (putty and nxclient).

Then using the "OpenVPN tester" from the Amahi page I get the message "Inactive - enable it".
But the OpenVPN is running as I checked under //hda --> Settings --> Server

Thus I used a Port Checker (http://www.canyouseeme.org/) and found 22 to be open while 1194 gives me "Connection refused" (When enabling TCP&UDP). If I only allow UDP it gives "Connection timed out".

I thought now that the port is forwarded but the server is not listening on it and restarted -> no success
Then I thought the firewall might give a problem and wanted to stop it:

Code: Select all

sudo /etc/init.d/apparmor stop

Which gave

Code: Select all

/etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions

So I guessed there is no apparmor installed and checked Synaptic which says only dh-apparmor is installed and no other of the apparmor* packages. So I guess there is no firewall.

Then I asked a friend outside the network to install the openVPN client. He couldn't connect and got the following message:

Code: Select all

Mon Jan 28 21:36:32 2013 UDPv4 link remote: 178.12.106.97:1194 [21:39:41] XXXXX XXXXX: Mon Jan 28 21:38:09 2013 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008 Mon Jan 28 21:38:09 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Jan 28 21:38:09 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Jan 28 21:38:09 2013 LZO compression initialized Mon Jan 28 21:38:09 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Jan 28 21:38:09 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Jan 28 21:38:09 2013 Local Options hash (VER=V4): '41690919' Mon Jan 28 21:38:09 2013 Expected Remote Options hash (VER=V4): '530fdded' Mon Jan 28 21:38:09 2013 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Jan 28 21:38:09 2013 UDPv4 link local: [undef] Mon Jan 28 21:38:09 2013 UDPv4 link remote: 178.12.106.97:1194 Mon Jan 28 21:39:09 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Jan 28 21:39:09 2013 TLS Error: TLS handshake failed Mon Jan 28 21:39:09 2013 TCP/UDP: Closing socket Mon Jan 28 21:39:09 2013 SIGUSR1[soft,tls-error] received, process restarting Mon Jan 28 21:39:09 2013 Restart pause, 2 second(s)

I appreciate any help as I'm running out of ideas and knowledge to solve this problem. Thanks in advance!

[bigfoot65]

Check the app install log for Open VPN to ensure it installed correctly. You might need to uninstall and reinstall the app.

Recommend checking for firewalls on your network. Sometimes ISP block certain ports as well. Just some random thoughts of problems others have had in the past.

[maniac7]

Check the app install log for Open VPN to ensure it installed correctly.

The line from /var/log/amahi-app-installer.log looks fine:

Code: Select all

======= app install begin @ Thu Jan 24 20:55:13 +0100 2013 ========== Installing app id wzjcdmbnqp under /var/hda/platform/html ENV=production NOTE: file /tmp/amahi-download-cache/a75f387e53f84b01e0a7a326c760c1740f5fad48 written in cache * Starting virtual private network daemon(s)... * Autostarting VPN 'openvpn' App: OpenVPN installed ======= app install end

Recommend checking for firewalls on your network. Sometimes ISP block certain ports as well. Just some random thoughts of problems others have had in the past.

For checking that I switched my SSH port to 1194 and ran a port checker. It gives "Port is open" with the SSH service enabled and I can connect. So I think there's no firewall issue.

You might need to uninstall and reinstall the app.

Did uninstall and install again from the Dashboard. OpenVPN checker still says "Inactive, enable it..."

[bigfoot65]

Did you try the VPN troubleshooter? This might be an issue on Amahi's side that needs attention. If so, you will need to email support.

http://wiki.amahi.org/index.php/VPN_troubleshooting

[maniac7]

Hi Bigfoot,

sorry for the late reply.
Thanks for the link, when I wanted to change UCP to TCP I did a last try with HDA connect and the VPN then worked (Router, Server have been restarted before). It worked even though the OpenVPN tester said inactive.
One day later now, the OpenVPN tester says: Install client.

I don't know what happened since I didn't change anything that time. But I'm happy that the VPN is up and working.
Thanks a lot for the support!

[bigfoot65]

Glad to hear it's working. Sometimes the VPN checker on the web site is not accurate. You can email support if it continues to not reflect your connection.