[wplug] OpenVPN trouble

Sat Apr 6 20:41:16 EDT 2013

Have you tried to connect from another machine on the LAN?  Just to help rule out any issues w/ tmoble, fw, android.

-----Original Message-----

From: Justin Smith
Sent: 6 Apr 2013 22:46:40 GMT
To: wplug at wplug.org
Subject: [wplug] OpenVPN trouble

I'm trying to set up an OpenVPN server on a computer running openSUSE 12.3 (KDE). I followed the directions in chapters 14 & 15 of the OpenSUSE 12.3 documentation to generate certificates/keys (CA, server cert+key, client cert+key, DH file) via YaST and then set up the server. I have also set up my router and firewall to allow UDP connections over port 1194.

When I try to connect to my server from my Samsung Galaxy Nexus via the OpenVPN for Android app, this is what I get:

No process running.Running on Galaxy Nexus (tuna) google, Android AP 17, version 0.5.36a, official buildLog cleared.Building configuration...started Socket ThreadP:Initializing Google Breakpad!P[1]penVPN 2.3.1+dspatch3 android-14-armeabi-v7a [SSLLL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 1 2013Network Status: CONNECTED UMTS to mobile epc.tmobile.comP[2]rotecting socket fd 4P:UDP link local (bound): [AF_INET][undef]:1194P:UDP link remote: [AF_INET]myserver'sIPaddress:1194P:TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSLroutines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedP:TLS Error: TLS object -> incoming plaintext read errorP:TLS Error: TLS handshake failedP:SIGUSR1[soft,tls-error] received, process restartingP:SIGINT[hard,init_instance] received, process exiting
And this a sample of what I see on my server's log file:

Sat Apr 6 11:53:25 2013 us=547639 MULTI: multi_create_instance calledSat Apr 6 11:53:25 2013 us=547697 208.54.40.146:23379 Re-using SSL/TLS contextSat Apr 6 11:53:25 2013 us=547746 208.54.40.146:23379 LZO compression initializedSat Apr 6 11:53:25 2013 us=547951 208.54.40.146:23379 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]Sat Apr 6 11:53:25 2013 us=547968 208.54.40.146:23379 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]Sat Apr 6 11:53:25 2013 us=548038 208.54.40.146:23379 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'Sat Apr 6 11:53:25 2013 us=548060 208.54.40.146:23379 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'Sat Apr 6 11:53:25 2013 us=548089 208.54.40.146:23379 Local Options hash (VER=V4): '530fdded'Sat Apr 6 11:53:
 25 2013 us=548105 208.54.40.146:23379 Expected Remote Options hash (VER=V4): '41690919'Sat Apr 6 11:53:25 2013 us=548159 208.54.40.146:23379 TLS: Initial packet from 208.54.40.146:23379, sid=6a7e4ac8 179a3e34Sat Apr 6 11:53:27 2013 us=856742 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:27 2013 us=859302 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:27 2013 us=863038 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:30 2013 us=152719 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:30 2013 us=160260 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:31 2013 us=347855 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:32 2013 us=582402 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:34 2013 us=865135 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:36 2013 us=58333 read UDPv4 [ECONNREFUSED]: C
 onnection refused (code=111)Sat Apr 6 11:53:36 2013 us=218931 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:37 2013 us=388154 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:43 2013 us=293033 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:43 2013 us=958659 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:45 2013 us=762473 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:53:46 2013 us=94859 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:54:01 2013 us=478333 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:54:01 2013 us=490800 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:54:01 2013 us=499982 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:54:02 2013 us=773840 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)Sat Apr 6 11:54:25 2013 us=946897 208.54.40.146:23379 TLS Erro
 r: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)Sat Apr 6 11:54:25 2013 us=946915 208.54.40.146:23379 TLS Error: TLS handshake failedSat Apr 6 11:54:25 2013 us=947026 208.54.40.146:23379 SIGUSR1[soft,tls-error] received, client-instance restarting

--
*Justin S. Smith*
Vice chair/secretary, WPLUG Board of Directors
http://www.wplug.org[3]

"Intelligence is the ability to avoid doing work, yet getting the work done."
-Linus Torvalds

--------
[1] https://forums.opensuse.org/images/smiliesnew/shock.png
[2] https://forums.opensuse.org/images/smiliesnew/tongue.png
[3] http://www.wplug.org
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug