[Wylug-help] OpenVPN - was simple iptables rule

Gary Stainburn gary.stainburn at ringways.co.uk
Fri Feb 18 15:01:57 GMT 2005 

On Friday 18 February 2005 7:53 am, Lee Evans wrote:
> Send the output of 'iptables -Ln' from both machines

Garyh has policy set to accept for INPUT OUTPUT and FORWARD.  However it
is behind an ADSL firewall.  I don't think the problem's at this end as
I have had this talking to another box at work using OpenVPN on the
same port number.

Eddie only has the two iptables rules listed below.  From garyh I can
ping eddie successfully.

Also, I sould have noted in the OP that I've checked that the keys
match, file permissions etc match and that the configs *look* okay.

>
>
> Regards
> lee
>
> > -----Original Message-----
> > From: wylug-help-admin at wylug.org.uk
> > [mailto:wylug-help-admin at wylug.org.uk] On Behalf Of Gary Stainburn
> > Sent: 17 February 2005 22:36
> > To: Wylug-help at wylug.org.uk
> > Subject: [Wylug-help] OpenVPN - was simple iptables rule
> >
> > On Tuesday 15 February 2005 7:09 pm, Gary Stainburn wrote:
> > > On Tuesday 15 February 2005 4:51 pm, lee at leeevans.org wrote:
> > > > hi,
> > > >
> > > > very simply:
> > > >
> > > > iptables -A INPUT -i eth1 -s your.ip.address.here -j ACCEPT
> > > > iptables -A INPUT -i eth1 -j DROP
> > > >
> > > >
> > > > lee
> > >
> > > Hi Lee
> > >
> > > The commands ran without errors but I was unable to connect to
> > > the host. Tomorrow I'll get someone to plug the cable back in and
> > > try again.
> > >
> > > Gary
> >
> > Amazingly, when I connected the cables, it worked.  I then started
> > playing with OpenVPN again (tried a while back but had to leave
> > it).
> >
> > Eddie is the box at work listening, gary is my home PC making the
> > connection.
> >
> > OpenVPN starts okay on eddie and sits there.
> > OpenVPN starts okay on gary with no error messages.
> > Once OpenVPN's running on gary, error messages (code=111) appear on
> > eddie. If I stop the program on gary the errors on eddie stop.
> >
> > I don't manage to get a working VPN.  Below are the screen grabs
> > for both gary and eddie.
> >
> > gary
> > ~~~~
> > [root at garyh openvpn]# openvpn --config gary-home.conf
> > Thu Feb 17 22:29:53 2005 0: OpenVPN 1.6.0 i686-pc-linux-gnu
> > [SSL] [LZO]
> > built on Aug 21 2004
> > Thu Feb 17 22:29:53 2005 1: Static Encrypt: Cipher 'BF-CBC'
> > initialized
> > with 128 bit key
> > Thu Feb 17 22:29:53 2005 2: Static Encrypt: Using 160 bit message
> > hash 'SHA1' for HMAC authentication
> > Thu Feb 17 22:29:53 2005 3: Static Decrypt: Cipher 'BF-CBC'
> > initialized
> > with 128 bit key
> > Thu Feb 17 22:29:53 2005 4: Static Decrypt: Using 160 bit message
> > hash 'SHA1' for HMAC authentication
> > Thu Feb 17 22:29:53 2005 5: LZO compression initialized
> > Thu Feb 17 22:29:53 2005 6: TUN/TAP device tun0 opened
> > Thu Feb 17 22:29:53 2005 7: /sbin/ifconfig tun0 192.168.2.2
> > pointopoint
> > 192.168.2.1 mtu 1255
> > Thu Feb 17 22:29:53 2005 8: ./gary-home.up tun0 1255 1300
> > 192.168.2.2 192.168.2.1 init
> > Thu Feb 17 22:29:53 2005 9: Data Channel MTU parms [ L:1300
> > D:1300 EF:45
> > EB:19 ET:0 EL:0 ]
> > Thu Feb 17 22:29:53 2005 10: Local Options hash (VER=V3):
> > 'c8d38d76' Thu Feb 17 22:29:53 2005 11: Expected Remote Options
> > hash (VER=V3): '4b8e646a'
> > Thu Feb 17 22:29:53 2005 12: UDPv4 link local (bound): [undef]:5000
> > Thu Feb 17 22:29:53 2005 13: UDPv4 link remote: 195.217.92.130:5000
> > Thu Feb 17 22:29:56 2005 14: select : Interrupted system call
> > (code=4) Thu Feb 17 22:29:56 2005 15: SIGINT received, exiting
> > Thu Feb 17 22:29:56 2005 16: Closing TCP/UDP socket
> > Thu Feb 17 22:29:56 2005 17: Closing TUN/TAP device
> > Thu Feb 17 22:29:56 2005 18: ./gary-home.down tun0 1255 1300   init
> > SIOCDELRT: No such process
> > SIOCDELRT: No such process
> > SIOCDELRT: No such process
> > SIOCDELRT: No such process
> > [root at garyh openvpn]#
> >
> > eddie
> > ~~~~~
> > [root at eddie openvpn]# openvpn --config gary-home.conf
> > Thu Feb 17 22:22:50 2005 0: OpenVPN 1.6.0 i686-pc-linux-gnu
> > [SSL] [LZO]
> > built on Oct 27 2004
> > Thu Feb 17 22:22:50 2005 1: Static Encrypt: Cipher 'BF-CBC'
> > initialized
> > with 128 bit key
> > Thu Feb 17 22:22:50 2005 2: Static Encrypt: Using 160 bit message
> > hash 'SHA1' for HMAC authentication
> > Thu Feb 17 22:22:50 2005 3: Static Decrypt: Cipher 'BF-CBC'
> > initialized
> > with 128 bit key
> > Thu Feb 17 22:22:50 2005 4: Static Decrypt: Using 160 bit message
> > hash 'SHA1' for HMAC authentication
> > Thu Feb 17 22:22:50 2005 5: LZO compression initialized
> > Thu Feb 17 22:22:50 2005 6: TUN/TAP device tun0 opened
> > Thu Feb 17 22:22:50 2005 7: /sbin/ifconfig tun0 192.168.2.1
> > pointopoint
> > 192.168.2.2 mtu 1255
> > Thu Feb 17 22:22:50 2005 8: ./gary-home.up tun0 1255 1300
> > 192.168.2.1 192.168.2.2 init
> > Thu Feb 17 22:22:50 2005 9: Data Channel MTU parms [ L:1300
> > D:1300 EF:45
> > EB:19 ET:0 EL:0 ]
> > Thu Feb 17 22:22:50 2005 10: Local Options hash (VER=V3):
> > '4b8e646a' Thu Feb 17 22:22:50 2005 11: Expected Remote Options
> > hash (VER=V3): 'c8d38d76'
> > Thu Feb 17 22:22:50 2005 12: UDPv4 link local (bound): [undef]:5000
> > Thu Feb 17 22:22:50 2005 13: UDPv4 link remote: [undef]
> > Thu Feb 17 22:23:00 2005 14: Peer Connection Initiated with
> > 80.229.164.202:5000
> > Thu Feb 17 22:23:01 2005 15: read UDPv4 [ECONNREFUSED]: Connection
> > refused (code=111)
> > Thu Feb 17 22:23:02 2005 16: read UDPv4 [ECONNREFUSED]: Connection
> > refused (code=111)
> > Thu Feb 17 22:23:03 2005 17: read UDPv4 [ECONNREFUSED]: Connection
> > refused (code=111)
> > Thu Feb 17 22:23:10 2005 18: read UDPv4 [ECONNREFUSED]: Connection
> > refused (code=111)
> > Thu Feb 17 22:23:12 2005 19: select : Interrupted system call
> > (code=4) Thu Feb 17 22:23:12 2005 20: SIGINT received, exiting
> > Thu Feb 17 22:23:12 2005 21: Closing TCP/UDP socket
> > Thu Feb 17 22:23:12 2005 22: Closing TUN/TAP device
> > Thu Feb 17 22:23:12 2005 23: ./gary-home.down tun0 1255 1300   init
> > sh: ./gary-home.down: No such file or directory
> > Thu Feb 17 22:23:12 2005 24: script failed: could not execute shell
> > command
> > Thu Feb 17 22:23:12 2005 25: Exiting
> > [root at eddie openvpn]#
> > --
> > Gary Stainburn
> >
> > This email does not contain private or confidential material as it
> > may be snooped on by interested government parties for unknown
> > and undisclosed purposes - Regulation of Investigatory Powers
> > Act, 2000
> >
> >
> > _______________________________________________
> > Wylug-help mailing list
> > Wylug-help at wylug.org.uk
> > http://list.wylug.org.uk/mailman/listinfo/wylug-help

--
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000

More information about the Wylug-help mailing list