Trying to setting up OpenVPN

I tried to configure my box to be an VPN server so that I can connect to it from my Windows XP and browse the web securely - so my passwords and such are safe from eavesdropping.

It's all good until I reach here: http://library.linode.com/networking/op … to_the_vpn">http://library.linode.com/networking/openvpn/debian-5-lenny#connecttothe_vpn

The openvpn daemon started successfully. But I encountered this error when I double click the OpenVPN GUI ( http://openvpn.se ) icon in the bottom right task bar:

Tue Apr 19 13:56:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:52 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:53 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:55 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:58 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:59 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

I thought it's something to do with my iptables and I tried to add the 1194 port but it didn't work. Here are my iptables details:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             loopback/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            multiport dports 1234:1244
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:12345
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Any ideas? Thanks!

2 Replies

I tried this:

iptables -A INPUT -p udp --dport 1194 -j ACCEPT

And now the iptables -L changed to this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             loopback/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            multiport dports 1234:1244
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:12345
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:openvpn
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere
[b]ACCEPT     udp  --  anywhere             anywhere            udp dpt:openvpn[/b]

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

But it's still getting the same error from OpenVPN installed on my local Windows XP:

Tue Apr 19 14:10:47 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Apr 19 14:10:47 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 19 14:10:47 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 19 14:10:47 2011 LZO compression initialized
Tue Apr 19 14:10:47 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 19 14:10:47 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 19 14:10:47 2011 Local Options hash (VER=V4): '41690919'
Tue Apr 19 14:10:47 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Apr 19 14:10:47 2011 UDPv4 link local: [undef]
Tue Apr 19 14:10:47 2011 UDPv4 link remote: 1.2.3.4:1194
Tue Apr 19 14:10:47 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 14:10:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

1.2.3.4 is my Linode IP.

To rule out the firewall, either disable the firewall or flush the rules to see if you can establish the connection with openvpn.

Also, the order of the rules are important, so anything after the REJECT ALL is going to be rejected. Either move the reject rule to the bottom or move your Accept rules above it.

Travis

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct