On Fri, 2008-03-28 at 18:41 -0700, Todd and Margo Chester wrote: > Hi All, > > I am working on a mystery. I am using > openvpn-2.1_beta7-gui-1.0.3-install on all > the computers in question. All computers > are running XP-Pro-SP2. (Mine is running > in a virtual window -- details below.) > > This configuration works perfectly from my office. > I use it to call five facilities: > > remote aa.bb.cc.dd > port 5030 > proto udp > dev tap > ifconfig 192.168.240.30 255.255.255.0 > secret iamnottellingyou.txt > ping-restart 60 > ping-timer-rem > persist-tun > persist-key > resolv-retry 86400 > ping 10 > comp-lzo > verb 6 > mute 10 > > > But, this EXACT config works on TWO other > computers, but not mine: > > remote ww.xx.yy.zz 5020 > client > dev tap > proto udp > resolv-retry infinite > nobind > persist-key > persist-tun > ca foo-ca.crt > cert foo-client1.crt > key foo-client1.key > ns-cert-type server > ping 10 > comp-lzo > verb 3 > > > The only difference between the two computers > that MY config works on and mine, is that > my computer is running in a virtual window. > > Host: Cent OS 5.1 > Guest XP-Pro-SP2 > VM: VirtualBox-1.5.6_28266_rhel5-1.i586.rpm > > The host and the guest are connected by > a bridge (br0): > > DEVICE=br0 > TYPE=Bridge > BOOTPROTO=static > BROADCAST=192.168.255.255 > IPADDR=192.168.255.10 > NETMASK=255.255.255.0 > NETWORK=192.168.255.0 > GATEWAY=192.168.255.10 > ONBOOT=yes > USERCTL=yes > IPV6INIT=no > PEERDNS=no > PROMISC=yes > > > When trying to connect, the same error message > pops up on my computer (virtual XP) and on the > distant end's (XP) server: > > TLS Error: TLS key negotiation failed to occur > within 60 seconds (check your network connectivity) > > The SAME error message! > > > Why does the first config work, but not the > second? It is obviously not the config: it > is identical on the other two computers > that it works on. I think it may > be the way open vpn is reacting to my bridge, > but then, again, the first config works. > > Editorial comment: AAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!! > > Anyone know what I am doing wrong? > > Many thanks, > -T > I've had the same problem one time when the openvpn server was behind a Watchguard Firewall .. i don't know why but some clients machine were not able to connect while others could ... I switched to tcp-server/tcp-client protocol instead of udp and the problem went away directly ... BTW, when possible now, i configure openvpn to listen on 443/tcp so that openvpn clients are able to connect remotely, even through a proxy at the other side ... ;-) -- Fabian Arrotin <fabian.arrotin at arrfab.net> "Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ..."