I thought that warning pertained to hardening the install, and I don't harden until the wide open version works, but it turns out you were dead rite, adding ns-cert-type server to my client install seems to have done the trick. I would have continued to ignore that if it was not for the fact I had to try it in order to reply.

Thanks :)

From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Lisa Kachold
Sent: Wednesday, June 18, 2008 9:41 AM
To: Main PLUG discussion list
Subject: Re: Open VPN - need some help install/configuring.

See references to 2 reboots after configuration here with regards to Linux OpenVPN bridging mode Error 4:
http://forum.pfsense.org/index.php?topic=1990.45
What mode are you attempting?

See this message in your Windows log:
Wed Jun 18 08:57:15 2008 WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.

Of course when you get the verification method right on both sides it's probably going to work.

Also, what ports do you have open? You would want to verify that whatever is listening and sending port traffic is open by using these commands:

1) tcpdump [in one window on the linux side] (pipe to a file to watch the transactions and verify all ports are open)
2) lsof [linux side]
3) netstat -anp [linux side] netstat - [windows side]

Check:
Check your configurations against his:
http://openvpn.net/archive/openvpn-users/2006-01/msg00101.html
iptables (flush the tables or turn down the firewall from /etc/init.d/
selinux (hopefully permissive if using?)

Bryan O'Neal <BONeal@cornerstonehome.com> wrote:

So I installed Open VPN on my server (Cent OS) and I installed openvpn
on my desktop (WinXP) and I am trying to connect them. I generated all
of my key files and certs on my server and copied the client key, cert,
and server ca.crt to my client, I believe I have everything configured
correctly, but it does not connect. Also on the windows side it
indicates my tun adaptor is not connected. Perhaps one of you can tell
me where I went wrong.

And yes, I did try shut down my windows firewall and my server iptables

Flushing firewall rules: [ OK
]
Setting chains to policy ACCEPT: filter [ OK
]
Unloading iptables modules: [ OK
]

Here is what I see from my client (windows)
Wed Jun 18 08:57:15 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO]
built on Oct 1 2006
Wed Jun 18 08:57:15 2008 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 18 08:57:15 2008 WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Wed Jun 18 08:57:15 2008 LZO compression initialized
Wed Jun 18 08:57:15 2008 Control Channel MTU parms [ L:1542
D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 18 08:57:15 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 18 08:57:15 2008 Local Options hash (VER=V4): '41690919'
Wed Jun 18 08:57:15 2008 Expected Remote Options hash (VER=V4):
'530fdded'
Wed Jun 18 08:57:15 2008 UDPv4 link local: [undef]
Wed Jun 18 08:57:15 2008 UDPv4 link remote: 208.109.28.232:1194
Wed Jun 18 08:57:15 2008 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054)
...
Wed Jun 18 08:58:13 2008 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054)
Wed Jun 18 08:58:14 2008 TLS Error: TLS key negotiation failed
to occur within 60 seconds (check your network connectivity)
Wed Jun 18 08:58:14 2008 TLS Error: TLS handshake failed
Wed Jun 18 08:58:14 2008 TCP/UDP: Closing socket
Wed Jun 18 08:58:14 2008 SIGUSR1[soft,tls-error] received,
process restarting
Wed Jun 18 08:58:14 2008 Restart pause, 2 second(s)
Wed Jun 18 08:58:16 2008 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 18 08:58:16 2008 WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Wed Jun 18 08:58:16 2008 Re-using SSL/TLS context
Wed Jun 18 08:58:16 2008 LZO compression initialized
Wed Jun 18 08:58:16 2008 Control Channel MTU parms [ L:1542
D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 18 08:58:16 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 18 08:58:16 2008 Local Options hash (VER=V4): '41690919'
Wed Jun 18 08:58:16 2008 Expected Remote Options hash (VER=V4):
'530fdded'
Wed Jun 18 08:58:16 2008 UDPv4 link local: [undef]
Wed Jun 18 08:58:16 2008 UDPv4 link remote: 208.109.28.232:1194
Wed Jun 18 08:58:16 2008 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054)
...

From my server
Openvpn-status.log
OpenVPN CLIENT LIST
Updated,Wed Jun 18 08:58:45 2008
Common Name,Real Address,Bytes Received,Bytes Sent,Connected
Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
Openvpn.log
Wed Jun 18 08:42:41 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
[SSL] [LZO] [EPOLL] built on Jun 16 2008
Wed Jun 18 08:42:41 2008 Diffie-Hellman initialized with 1024
bit key
Wed Jun 18 08:42:41 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Wed Jun 18 08:42:41 2008 TUN/TAP device tun0 opened
Wed Jun 18 08:42:41 2008 /sbin/ifconfig tun0 10.8.0.1
pointopoint 10.8.0.2 mtu 1500
Wed Jun 18 08:42:41 2008 /sbin/route add -net 10.8.0.0 netmask
255.255.255.0 gw 10.8.0.2
Wed Jun 18 08:42:41 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 18 08:42:41 2008 UDPv4 link local (bound):
208.109.28.226:1194
Wed Jun 18 08:42:41 2008 UDPv4 link remote: [undef]
Wed Jun 18 08:42:41 2008 MULTI: multi_init called, r=256 v=256
Wed Jun 18 08:42:41 2008 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Jun 18 08:42:41 2008 IFCONFIG POOL LIST
Wed Jun 18 08:42:41 2008 Initialization Sequence Completed
Wed Jun 18 08:45:35 2008 event_wait : Interrupted system call
(code=4)
Wed Jun 18 08:45:35 2008 TCP/UDP: Closing socket
Wed Jun 18 08:45:35 2008 /sbin/route del -net 10.8.0.0 netmask
255.255.255.0
Wed Jun 18 08:45:35 2008 Closing TUN/TAP interface
Wed Jun 18 08:45:35 2008 SIGINT[hard,] received, process exiting
Wed Jun 18 08:56:18 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
[SSL] [LZO] [EPOLL] built on Jun 16 2008
Wed Jun 18 08:56:18 2008 Diffie-Hellman initialized with 1024
bit key
Wed Jun 18 08:56:18 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Wed Jun 18 08:56:18 2008 TUN/TAP device tun0 opened
Wed Jun 18 08:56:18 2008 /sbin/ifconfig tun0 10.8.0.1
pointopoint 10.8.0.2 mtu 1500
Wed Jun 18 08:56:18 2008 /sbin/route add -net 10.8.0.0 netmask
255.255.255.0 gw 10.8.0.2
Wed Jun 18 08:56:18 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 18 08:56:18 2008 UDPv4 link local (bound):
208.109.28.226:1194
Wed Jun 18 08:56:18 2008 UDPv4 link remote: [undef]
Wed Jun 18 08:56:18 2008 MULTI: multi_init called, r=256 v=256
Wed Jun 18 08:56:18 2008 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Jun 18 08:56:18 2008 IFCONFIG POOL LIST
Wed Jun 18 08:56:18 2008 Initialization Sequence Completed
Wed Jun 18 08:56:25 2008 event_wait : Interrupted system call
(code=4)
Wed Jun 18 08:56:25 2008 TCP/UDP: Closing socket
Wed Jun 18 08:56:25 2008 /sbin/route del -net 10.8.0.0 netmask
255.255.255.0
Wed Jun 18 08:56:25 2008 Closing TUN/TAP interface
Wed Jun 18 08:56:25 2008 SIGINT[hard,] received, process exiting
Wed Jun 18 08:56:35 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu
[SSL] [LZO] [EPOLL] built on Jun 16 2008
Wed Jun 18 08:56:35 2008 Diffie-Hellman initialized with 1024
bit key
Wed Jun 18 08:56:35 2008 TLS-Auth MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Wed Jun 18 08:56:35 2008 TUN/TAP device tun0 opened
Wed Jun 18 08:56:35 2008 /sbin/ifconfig tun0 10.8.0.1
pointopoint 10.8.0.2 mtu 1500
Wed Jun 18 08:56:35 2008 /sbin/route add -net 10.8.0.0 netmask
255.255.255.0 gw 10.8.0.2
Wed Jun 18 08:56:35 2008 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 18 08:56:35 2008 UDPv4 link local (bound):
208.109.28.226:1194
Wed Jun 18 08:56:35 2008 UDPv4 link remote: [undef]
Wed Jun 18 08:56:35 2008 MULTI: multi_init called, r=256 v=256
Wed Jun 18 08:56:35 2008 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Jun 18 08:56:35 2008 IFCONFIG POOL LIST
Wed Jun 18 08:56:35 2008 Initialization Sequence Completed
Wed Jun 18 08:58:59 2008 event_wait : Interrupted system call
(code=4)
Wed Jun 18 08:58:59 2008 TCP/UDP: Closing socket
Wed Jun 18 08:58:59 2008 /sbin/route del -net 10.8.0.0 netmask
255.255.255.0
Wed Jun 18 08:58:59 2008 Closing TUN/TAP interface
Wed Jun 18 08:58:59 2008 SIGINT[hard,] received, process exiting
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

(602)325-5325 Asterisk
(503)754-4452 Blackberry
EDVO/CDMA on Dell PII Kubuntu 7.10