Topic: OpenVPN connection problem on 7.0

[ddougan]

I've set up Jesper's OpenVPN contrib on two separate servers today, and see the following in the messages log after the connection refuses the id/password I submitted:

Aug 27 23:15:55 jeeves openvpn[14388]: MULTI: multi_create_instance called
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 Re-using SSL/TLS context
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 LZO compression initialized
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 Local Options hash (VER=V4): 'f7df56b8'
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 Expected Remote Options hash (VER=V4): 'd79ca330'
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 TLS: Initial packet from 192.168.0.20:1194, sid=92149a45 0d23397a
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 VERIFY OK: depth=1, /C=CA/ST=British_Columbia/L=North_Vancouver/O=Dougan_Consulting_Group/OU=VPN/CN=Server/emailAddress=info@douganconsulting.com
Aug 27 23:15:55 jeeves openvpn[14388]: 192.168.0.20:1194 VERIFY OK: depth=0, /C=CA/ST=British_Columbia/O=Dougan_Consulting_Group/OU=VPN/CN=Client/emailAddress=info@douganconsulting.com
Aug 27 23:15:56 jeeves openvpn[14388]: 192.168.0.20:1194 TLS Auth Error: Auth Username/Password verification failed for peer
Aug 27 23:15:56 jeeves openvpn[14388]: 192.168.0.20:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Aug 27 23:15:56 jeeves openvpn[14388]: 192.168.0.20:1194 [Client] Peer Connection Initiated with 192.168.0.20:1194
Aug 27 23:15:57 jeeves openvpn[14388]: 192.168.0.20:1194 PUSH: Received control message: 'PUSH_REQUEST'
Aug 27 23:15:57 jeeves openvpn[14388]: 192.168.0.20:1194 SENT CONTROL [Client]: 'AUTH_FAILED' (status=1)
Aug 27 23:15:57 jeeves openvpn[14388]: 192.168.0.20:1194 Delayed exit in 5 seconds
Aug 27 23:15:58 jeeves openvpn[14388]: 192.168.0.20:1194 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Aug 27 23:15:59 jeeves openvpn[14388]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Aug 27 23:16:01 jeeves openvpn[14388]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Aug 27 23:16:02 jeeves openvpn[14388]: 192.168.0.20:1194 SIGTERM[soft,delayed-exit] received, client-instance exiting

The /var/log/openvpn/logins files tells me:

VPN Access not enabled

As far as I can tell, everything is as it should be. Any help gratefully received.

Thanks,

Des

[crazybob]

You might want to try

config set openvpn service status enabled access public UDPPort 1194
signal-event remoteaccess-update

I found this in the site to site openvpn how to.

[ddougan]

Not sure if that's the issue - the server is seeing the negotiation begin, but has a problem, so it would appear that it's getting through the port OK (which I opened per the procedure).

[mojo]

Have you enabled VPN client access via the user panel in server-manager?

[ddougan]

Do you mean in the settings for each individual user?

No, I have not enabled that, as I believe that is for the PPTP built in to the server.

I have clients on 6.0 running OpenVPN successfully and basically followed the same procedure - it seems to be a problem related to 7.0.

[mojo]

From http://sme.swerts-knudsen.com/index.html?frame=http://sme.swerts-knudsen.com/howtos/howto_30.htm

OpenVPN provides a complete replacement of the time to time unreliable PPTP VPN which is a part of the standard SME distribution. This Howto is focused on using OpenVPN as a Windows 2k/XP Client to Server VPN connection.

I had the same problem, enabled the VPN client access and it works like a charm.

[ddougan]

Mojo, thanks for the help - enabling the VPN setting in the User panel solved the problem.

Hopefully Jesper will add this to the How-to for version 7.

Regards,

Des