1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

winodws openvpn server + tamoto client saide configure help ?

Discussion in 'Tomato Firmware' started by harryctg, Jul 25, 2011.

  1. harryctg

    harryctg Networkin' Nut Member

    Windows 2008 open vpn server + Tomato usb

    I have one dedicated windows 2008 server in usa collocation. I setup the open vpn server on that windows server.

    Server.openvpn

    local XXX.XXX.XXX.XX
    port 8888
    proto udp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    client-config-dir ccd
    route 192.168.11.0 255.255.255.0
    route 192.168.10.0 255.255.255.0
    route 10.8.0.0 255.255.255.252
    client-to-client
    push "route 192.168.11.0 255.255.255.0"
    push "route 192.168.10.0 255.255.255.0"
    push "route 10.8.0.0 255.255.255.252"
    keepalive 10 120
    comp-lzo
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3

    ccd

    iroute 192.168.10.0 255.255.255.0
    iroute 192.168.11.0 255.255.255.0
    iroute 10.8.0.1 255.255.255.252

    what ii like to do is that my tamoto router will establish a vpn connection to my windows server
    and I will assign static ip to all my pc , and all those pc areget alive in the local network
    I can get ping pc form server as well I will get ping server form pc

    Can any one tell me what I have to do
    In vpn tunnel and other configuration
    Plz help me out
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Try to set it up in the GUI and post if you have problems.
     
  3. harryctg

    harryctg Networkin' Nut Member

    i tried several time but its not working can i get your email address so i can mail you
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Just post here what errors you're getting and how you configured it. Just be sure to not post a) the ip address/name of the VPN server or b) your certificates.
     
  5. harryctg

    harryctg Networkin' Nut Member

    HELLO
    first of all i don't know what are the basic i have configure
    so plz see those image and try to help me casue after vpn establish i cant get my local pc form the server

    plz check those image link to see the all configuration i configure .
    http://harryctg.pixa.us/images/19396924/tunnel-4-[1600x1200]
    http://harryctg.pixa.us/images/19396922/tunnel-2-[1600x1200]
    http://harryctg.pixa.us/images/19396921/tunnel-1-[1600x1200]
    http://harryctg.pixa.us/images/19396920/time-zone-[1600x1200]
    http://harryctg.pixa.us/images/19396919/basic-autentaction-[1600x1200]
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You have "Create NAT on tunnel" selected. That will keep anything on the server side from seeing anything on the client LAN (but not visa versa). Unchecking this box will only work if you have the server setup correctly for it. In your original post you said:
    To clarify, ccd should be a directory, with a file named the same as your client certificate's CommonName. In that file should be a single line:
    Code:
    iroute 192.168.10.0 255.255.255.0
    . Is that how you have it?


    Also, I recommend you edit your last post and remove the tunnel-3 image. You shouldn't post your keys/certs anywhere public, even if it only shows part of them.
     
  7. harryctg

    harryctg Networkin' Nut Member

    yes i Unchec
    after that when i put i local ip im my anotheer pc like 192.168.10.108
    i able to ping my server fomr that pc my pc
    but form the server i cant get my pc cant
    i need both way connection .
    now tell me how i able to get my local ip form the server .
    i badly need help if you think you can plz add me harry_ctg@yahoo.com
     
  8. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You may have already answered some of this, but there's enough of a language barrier I'd like to confirm:
    Can you ping from the VPN server to the VPN client (the client router's LAN address, not the address of a computer on the client LAN)?
    Can you ping from the VPN server to a computer on the client LAN?
    Can you ping from the VPN client (the client router, not a computer on the client LAN) to the VPN server?
    Can you ping from a computer on the client LAN to the VPN server?
    Can you ping from a computer on the server LAN to a computer on the client LAN?
    Can you ping from a computer on the client LAN to a computer on the server LAN?

    Also, the routing tables from the server and client while connected would be useful. Also the logs from the client and server when you connect.
     
  9. harryctg

    harryctg Networkin' Nut Member

    i dont have any routing table plz help to do this if necessary

    Server real ip – xxx.xxx.xxx.xxx

    My local pc1 = 192.168.10.108 255.255.255.0 DG 192.168.10.1
    My local pc2 = 192.168.10.109

    1. VPN server (xxx.xxx.xxx.xxx ) to the VPN client 192.168.10.1 request time out
    2. VPN server (xxx.xxx.xxx.xxx ) to a computer on the client LAN 192.168.10.108 request time out
    3. VPN client 192.168.10.108 to client router 102.168.10.1 ping
    Reply from 192xx.xx.xx.xx: bytes=32 time<1ms TTL=64
    Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
    Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
    Reply from 192.168.10.1: bytes=32 time<1ms TTL=64

    4 client LAN 192.168.10.108 to the VPN serverXXX.XXX.XXX.XXX?

    Pinging XXX.XXX.XXX.XXXwith 32 bytes of data:

    Reply from XXX.XXX.XXX.XXX: bytes=32 time=330ms TTL=109
    Reply from XXX.XXX.XXX.XXX: bytes=32 time=330ms TTL=107
    Reply from XXX.XXX.XXX.XXX: bytes=32 time=316ms TTL=109
    Reply from XXX.XXX.XXX.XXX: bytes=32 time=329ms TTL=109

    Server log
    Sat Jul 30 09:40:09 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
    Sat Jul 30 09:40:09 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sat Jul 30 09:40:09 2011 Diffie-Hellman initialized with 1024 bit key
    Sat Jul 30 09:40:09 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Jul 30 09:40:10 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sat Jul 30 09:40:10 2011 ROUTE default_gateway=X.X.X.X
    Sat Jul 30 09:40:10 2011 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{795D9708-63F3-454D-ACF6-06684EEA39F8}.tap
    Sat Jul 30 09:40:10 2011 TAP-Win32 Driver Version 9.7
    Sat Jul 30 09:40:10 2011 TAP-Win32 MTU=1500
    Sat Jul 30 09:40:10 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {795D9708-63F3-454D-ACF6-06684EEA39F8} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
    Sat Jul 30 09:40:10 2011 Sleeping for 10 seconds...
    Sat Jul 30 09:40:20 2011 Successful ARP Flush on interface [28] {795D9708-63F3-454D-ACF6-06684EEA39F8}
    Sat Jul 30 09:40:20 2011 C:\WINDOWS\system32\route.exe ADD 192.168.11.0 MASK 255.255.255.0 10.8.0.2
    Sat Jul 30 09:40:20 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sat Jul 30 09:40:20 2011 Route addition via IPAPI succeeded [adaptive]
    Sat Jul 30 09:40:20 2011 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.8.0.2
    Sat Jul 30 09:40:20 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sat Jul 30 09:40:20 2011 Route addition via IPAPI succeeded [adaptive]
    Sat Jul 30 09:40:20 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.252 10.8.0.2
    Sat Jul 30 09:40:20 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sat Jul 30 09:40:20 2011 Route addition via IPAPI succeeded [adaptive]
    Sat Jul 30 09:40:20 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
    Sat Jul 30 09:40:20 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sat Jul 30 09:40:20 2011 Route addition via IPAPI succeeded [adaptive]
    Sat Jul 30 09:40:20 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jul 30 09:40:20 2011 UDPv4 link local (bound): XXX.XXX.XXX.XXX:8888
    Sat Jul 30 09:40:20 2011 UDPv4 link remote: [undef]
    Sat Jul 30 09:40:20 2011 MULTI: multi_init called, r=256 v=256
    Sat Jul 30 09:40:20 2011 IFCONFIG POOL: base=10.8.0.4 size=62
    Sat Jul 30 09:40:20 2011 IFCONFIG POOL LIST
    Sat Jul 30 09:40:20 2011 client1,10.8.0.4
    Sat Jul 30 09:40:20 2011 Initialization Sequence Completed
    Sat Jul 30 09:40:20 2011 MULTI: multi_create_instance called
    Sat Jul 30 09:40:20 2011 1:17000 Re-using SSL/TLS context
    Sat Jul 30 09:40:20 2011 xx.xx.xx.xx:17000 LZO compression initialized
    Sat Jul 30 09:40:20 2011 xx.xx.xx.xx:17000 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Jul 30 09:40:20 2011 xx.xx.xx.xx:17000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jul 30 09:40:20 2011 xx.xx.xx.xx:17000 Local Options hash (VER=V4): '530fdded'
    Sat Jul 30 09:40:20 2011 xx.xx.xx.xx:17000 Expected Remote Options hash (VER=V4): '41690919'
    Sat Jul 30 09:40:20 2011 xx.xx.xx.xx:17000 TLS: Initial packet from xxx.xxx.xx.xx:17000, sid=d4fa589a 497bca74
    Sat Jul 30 09:41:21 2011 xx.xx.xx.xx:17000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Jul 30 09:41:21 2011 xx.xx.xx.xx:17000 TLS Error: TLS handshake failed
    Sat Jul 30 09:41:21 2011 xx.xx.xx.xx:17000 SIGUSR1[soft,tls-error] received, client-instance restarting
    Sat Jul 30 09:41:23 2011 MULTI: multi_create_instance called
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 Re-using SSL/TLS context
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 LZO compression initialized
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 Local Options hash (VER=V4): '530fdded'
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 Expected Remote Options hash (VER=V4): '41690919'
    Sat Jul 30 09:41:23 2011 xx.xx.xx.xx:17003 TLS: Initial packet from x.x.x.x17003, sid=d91b6078 e7c15556
    Sat Jul 30 09:42:23 2011 xx.xx.xx.xx:17003 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Jul 30 09:42:23 2011 xx.xx.xx.xx:17003 TLS Error: TLS handshake failed
    Sat Jul 30 09:42:23 2011 xx.xx.xx.xx:17003 SIGUSR1[soft,tls-error] received, client-instance restarting
    Sat Jul 30 09:42:24 2011 MULTI: multi_create_instance called
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 Re-using SSL/TLS context
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 LZO compression initialized
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 Local Options hash (VER=V4): '530fdded'
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 Expected Remote Options hash (VER=V4): '41690919'
    Sat Jul 30 09:42:24 2011 xx.xx.xx.xx:17133 TLS: Initial packet from x.x.x.x:17133, sid=0888e9b4 9309c2eb
    Sat Jul 30 09:43:16 2011 MULTI: multi_create_instance called
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 Re-using SSL/TLS context
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 LZO compression initialized
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 Local Options hash (VER=V4): '530fdded'
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 Expected Remote Options hash (VER=V4): '41690919'
    Sat Jul 30 09:43:16 2011 xx.xx.xx.xx:17008 TLS: Initial packet from x.x.x.x:17008, sid=5a9b06f1 3228a61b
    Sat Jul 30 09:43:24 2011 xx.xx.xx.xx:17133 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Jul 30 09:43:24 2011 xx.xx.xx.xx:17133 TLS Error: TLS handshake failed
    Sat Jul 30 09:43:24 2011 xx.xx.xx.xx:17133 SIGUSR1[soft,tls-error] received, client-instance restarting
    Sat Jul 30 09:44:16 2011 xx.xx.xx.xx:17008 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Jul 30 09:44:16 2011 xx.xx.xx.xx:17008 TLS Error: TLS handshake failed
    Sat Jul 30 09:44:16 2011 xx.xx.xx.xx:17008 SIGUSR1[soft,tls-error] received, client-instance restarting
    Sat Jul 30 09:44:18 2011 MULTI: multi_create_instance called
    Sat Jul 30 09:44:18 2011 xx.xx.xx.xx:17001 Re-using SSL/TLS context
    Sat Jul 30 09:44:18 2011 xx.xx.xx.xx:17001 LZO compression initialized
    Sat Jul 30 09:44:18 2011 :17001 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Jul 30 09:44:18 2011 :17001 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jul 30 09:44:18 2011 11:17001 Local Options hash (VER=V4): '530fdded'
    Sat Jul 30 09:44:18 2011 :17001 Expected Remote Options hash (VER=V4): '41690919'
    Sat Jul 30 09:44:18 2011 1:17001 TLS: Initial packet from x.x.x.x.:17001, sid=0f8422ad 9bdfac67
     
  10. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The TLS handshake errors mean you don't haven't properly entered authorized certificates on the client.
     
  11. harryctg

    harryctg Networkin' Nut Member

    bro you just tell me that key are failed
    i make the open vpn server 6 times in 2 server but all are same result
    i log i found in the router plz check

    Aug 2 02:38:57 unknown daemon.notice openvpn[1001]: LZO compression initialized
    Aug 2 02:38:57 unknown daemon.notice openvpn[1001]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Aug 2 02:38:57 unknown daemon.notice openvpn[1001]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug 2 02:38:57 unknown daemon.notice openvpn[1005]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Aug 2 02:38:57 unknown daemon.notice openvpn[1005]: UDPv4 link local: [undef]
    Aug 2 02:38:57 unknown daemon.notice openvpn[1005]: UDPv4 link remote: xxx.xxx.xxx.xxx:8888
    Aug 2 02:39:57 unknown daemon.err openvpn[1005]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Aug 2 02:39:57 unknown daemon.err openvpn[1005]: TLS Error: TLS handshake failed
    Aug 2 02:39:57 unknown daemon.notice openvpn[1005]: TCP/UDP: Closing socket
    Aug 2 02:39:57 unknown daemon.notice openvpn[1005]: SIGUSR1[soft,tls-error] received, process restarting
    Aug 2 02:39:57 unknown daemon.notice openvpn[1005]: Restart pause, 2 second(s)
    Aug 2 02:39:59 unknown daemon.warn openvpn[1005]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Aug 2 02:39:59 unknown daemon.warn openvpn[1005]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: Re-using SSL/TLS context
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: LZO compression initialized
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: UDPv4 link local: [undef]
    Aug 2 02:39:59 unknown daemon.notice openvpn[1005]: UDPv4 link remote: xxx.xxx.xxx.xxx:8888
    Aug 2 02:41:00 unknown daemon.err openvpn[1005]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Aug 2 02:41:00 unknown daemon.err openvpn[1005]: TLS Error: TLS handshake failed
    Aug 2 02:41:00 unknown daemon.notice openvpn[1005]: TCP/UDP: Closing socket
    Aug 2 02:41:00 unknown daemon.notice openvpn[1005]: SIGUSR1[soft,tls-error] received, process restarting
    Aug 2 02:41:00 unknown daemon.notice openvpn[1005]: Restart pause, 2 second(s)

    do i need to setup the server part in my router as well as like client part to run vpn
     

Share This Page