OpenWrt Forum Archive

Topic: openvpn problem on a wrt54gl with whiterussian

The content of this topic has been archived on 3 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Virus_2
5 Jul 2007, 01:53

i have an openvpn server and 6 wrt54gl with as clients...
in unexpected periods (maybe after dsl connectivity errors some of the wrt54gl can't connect to server normaly)

in the status log the client appears as undef ..

UNDEF,85.73.12.216:2060,1222,24438,Thu Jul  5 11:49:18 2007

any ideas ??!?!

here is my client config
------------------------------------------------------------------------------------------------------------------------------------
client
dev tun
proto udp
remote toxryso.static.otenet.gr 1194
nobind
persist-key
persist-tun
mute-replay-warnings
ca /etc/ca.crt
cert /etc/client.crt
key /etc/client.key
comp-lzo
verb 3

my server config
------------------------------------------------------------------------------------------------------------------------------------
port 1194
proto udp
dev tun0
ca /usr/local/keys/ca.crt
cert /usr/local/keys/server.crt
key /usr/local/keys/server.key
dh /usr/local/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /usr/local/keys/ipp.txt
push "route 192.168.3.0 255.255.255.0"
push "route 10.8.1.0 255.255.255.0"
push "route 10.8.2.0 255.255.255.0"
push "route 10.8.3.0 255.255.255.0"
push "route 10.8.4.0 255.255.255.0"
push "route 10.8.5.0 255.255.255.0"
push "route 10.8.6.0 255.255.255.0"
push "route 10.8.7.0 255.255.255.0"
push "route 10.8.8.0 255.255.255.0"
push "route 10.8.9.0 255.255.255.0"
push "route 10.8.10.0 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn
route 10.8.1.0 255.255.255.0
route 10.8.2.0 255.255.255.0
route 10.8.3.0 255.255.255.0
route 10.8.4.0 255.255.255.0
route 10.8.5.0 255.255.255.0
route 10.8.6.0 255.255.255.0
route 10.8.7.0 255.255.255.0
route 10.8.8.0 255.255.255.0
route 10.8.9.0 255.255.255.0
route 10.8.10.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /usr/local/keys/openvpn-status.log
log         /usr/local/keys/log-openvpn.log
log-append  /usr/local/keys/log-openvpn.log
verb 4


and my server's log file ......
--------------------------------------------------------------------------------------------------

Thu Jul  5 11:39:08 2007 us=147213 MULTI: multi_create_instance called
Thu Jul  5 11:39:08 2007 us=147469 85.73.12.216:2060 Re-using SSL/TLS context
Thu Jul  5 11:39:08 2007 us=147497 85.73.12.216:2060 LZO compression initialized
Thu Jul  5 11:39:08 2007 us=147615 85.73.12.216:2060 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jul  5 11:39:08 2007 us=147642 85.73.12.216:2060 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jul  5 11:39:08 2007 us=147699 85.73.12.216:2060 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,aut
h SHA1,keysize 128,key-method 2,tls-server'
Thu Jul  5 11:39:08 2007 us=147717 85.73.12.216:2060 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Jul  5 11:39:08 2007 us=147749 85.73.12.216:2060 Local Options hash (VER=V4): '530fdded'
Thu Jul  5 11:39:08 2007 us=147778 85.73.12.216:2060 Expected Remote Options hash (VER=V4): '41690919'
Thu Jul  5 11:39:08 2007 us=147818 85.73.12.216:2060 TLS: Initial packet from 85.73.12.216:2060, sid=988c5008 203a95a1
Thu Jul  5 11:39:10 2007 us=484091 85.73.12.216:2060 TLS: new session incoming connection from 85.73.12.216:2060
Thu Jul  5 11:39:12 2007 us=847799 85.73.12.216:2060 TLS: new session incoming connection from 85.73.12.216:2060
Thu Jul  5 11:40:09 2007 us=50022 85.73.12.216:2060 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jul  5 11:40:09 2007 us=50060 85.73.12.216:2060 TLS Error: TLS handshake failed
Thu Jul  5 11:40:09 2007 us=50292 85.73.12.216:2060 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Jul  5 11:40:09 2007 us=131657 MULTI: multi_create_instance called
Thu Jul  5 11:40:09 2007 us=131911 85.73.12.216:2060 Re-using SSL/TLS context
Thu Jul  5 11:40:09 2007 us=131939 85.73.12.216:2060 LZO compression initialized
Thu Jul  5 11:40:09 2007 us=132056 85.73.12.216:2060 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

Post #2
Cyberian75
5 Jul 2007, 04:10

There's no dh key on the client.

Post #3
placebo
5 Jul 2007, 04:44

No ideas, but I have a question. Why do the logs show the connection is being made on port 2060 while the configuration files specify port 1194?

Post #4
Virus_2
5 Jul 2007, 08:00

Cyberian75 : in the openvpn how to there is no mentioning about any dh key on the client....

placebo .. there are many clients connected on the system .. each of them must use a different port i suppose ... ?

the only way to resolv the problem is to power off the client and then plug the power again ... :s

Post #5
placebo
5 Jul 2007, 08:53

Try checking the clock on the client when it can't connect. If it's not set correctly, the SSL certificate won't be considered valid, and the handshake will fail. If that's not it, try posting the log from the client side to see if we can find any clues there.

Post #6
Virus_2
5 Jul 2007, 09:33

time was ok the last time i check it ... i will come up with the log file from the client soon

thnks for the help!

(Last edited by Virus_2 on 5 Jul 2007, 09:44)

The discussion might have continued from here.