[CentOS-virt] Open VPN connection problem on Virtual Box
Fabian Arrotin
fabian.arrotin at arrfab.net
Sat Mar 29 08:06:21 UTC 2008
On Fri, 2008-03-28 at 18:41 -0700, Todd and Margo Chester wrote:
> Hi All,
>
> I am working on a mystery. I am using
> openvpn-2.1_beta7-gui-1.0.3-install on all
> the computers in question. All computers
> are running XP-Pro-SP2. (Mine is running
> in a virtual window -- details below.)
>
> This configuration works perfectly from my office.
> I use it to call five facilities:
>
> remote aa.bb.cc.dd
> port 5030
> proto udp
> dev tap
> ifconfig 192.168.240.30 255.255.255.0
> secret iamnottellingyou.txt
> ping-restart 60
> ping-timer-rem
> persist-tun
> persist-key
> resolv-retry 86400
> ping 10
> comp-lzo
> verb 6
> mute 10
>
>
> But, this EXACT config works on TWO other
> computers, but not mine:
>
> remote ww.xx.yy.zz 5020
> client
> dev tap
> proto udp
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca foo-ca.crt
> cert foo-client1.crt
> key foo-client1.key
> ns-cert-type server
> ping 10
> comp-lzo
> verb 3
>
>
> The only difference between the two computers
> that MY config works on and mine, is that
> my computer is running in a virtual window.
>
> Host: Cent OS 5.1
> Guest XP-Pro-SP2
> VM: VirtualBox-1.5.6_28266_rhel5-1.i586.rpm
>
> The host and the guest are connected by
> a bridge (br0):
>
> DEVICE=br0
> TYPE=Bridge
> BOOTPROTO=static
> BROADCAST=192.168.255.255
> IPADDR=192.168.255.10
> NETMASK=255.255.255.0
> NETWORK=192.168.255.0
> GATEWAY=192.168.255.10
> ONBOOT=yes
> USERCTL=yes
> IPV6INIT=no
> PEERDNS=no
> PROMISC=yes
>
>
> When trying to connect, the same error message
> pops up on my computer (virtual XP) and on the
> distant end's (XP) server:
>
> TLS Error: TLS key negotiation failed to occur
> within 60 seconds (check your network connectivity)
>
> The SAME error message!
>
>
> Why does the first config work, but not the
> second? It is obviously not the config: it
> is identical on the other two computers
> that it works on. I think it may
> be the way open vpn is reacting to my bridge,
> but then, again, the first config works.
>
> Editorial comment: AAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!
>
> Anyone know what I am doing wrong?
>
> Many thanks,
> -T
>
I've had the same problem one time when the openvpn server was behind a
Watchguard Firewall .. i don't know why but some clients machine were
not able to connect while others could ...
I switched to tcp-server/tcp-client protocol instead of udp and the
problem went away directly ...
BTW, when possible now, i configure openvpn to listen on 443/tcp so that
openvpn clients are able to connect remotely, even through a proxy at
the other side ... ;-)
--
Fabian Arrotin <fabian.arrotin at arrfab.net>
"Internet network currently down, TCP/IP packets delivered now by
UPS/Fedex ..."
More information about the CentOS-virt
mailing list