Trying to setting up OpenVPN
It's all good until I reach here:
The openvpn daemon started successfully. But I encountered this error when I double click the OpenVPN GUI (
Tue Apr 19 13:56:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:52 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:53 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:55 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:58 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 13:56:59 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
I thought it's something to do with my iptables and I tried to add the 1194 port but it didn't work. Here are my iptables details:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere multiport dports 1234:1244
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:12345
ACCEPT icmp -- anywhere anywhere icmp echo-request
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Any ideas? Thanks!
2 Replies
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
And now the iptables -L changed to this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere multiport dports 1234:1244
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:12345
ACCEPT icmp -- anywhere anywhere icmp echo-request
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:openvpn
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT all -- anywhere anywhere
[b]ACCEPT udp -- anywhere anywhere udp dpt:openvpn[/b]
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
But it's still getting the same error from OpenVPN installed on my local Windows XP:
Tue Apr 19 14:10:47 2011 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Apr 19 14:10:47 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 19 14:10:47 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 19 14:10:47 2011 LZO compression initialized
Tue Apr 19 14:10:47 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Apr 19 14:10:47 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 19 14:10:47 2011 Local Options hash (VER=V4): '41690919'
Tue Apr 19 14:10:47 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Apr 19 14:10:47 2011 UDPv4 link local: [undef]
Tue Apr 19 14:10:47 2011 UDPv4 link remote: 1.2.3.4:1194
Tue Apr 19 14:10:47 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 19 14:10:49 2011 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
1.2.3.4 is my Linode IP.
Also, the order of the rules are important, so anything after the REJECT ALL is going to be rejected. Either move the reject rule to the bottom or move your Accept rules above it.
–
Travis