Jump to content

Connect to OpenVPN from behind a firewall


marty331
 Share

Recommended Posts

So here's the skinny - I have two OpenVPN servers now, both in my home.  One is running on a Raspberry Pi and the other is an OpenVPN Access Server running on Ubuntu 14.04 (64bit).  I am trying to access either of them (we'll concentrate on the OpenVPN Access Server) from my client's office.  I can connect just fine when I am not one said client's network.  However when on the client's network I see the following:

 

sudo openvpn client.ovpn
[sudo] password for marty331: 
Tue Jul  5 19:05:35 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Tue Jul  5 19:05:35 2016 library versions: OpenSSL 1.0.2g-fips  1 Mar 2016, LZO 2.08
Tue Jul  5 19:05:35 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jul  5 19:05:35 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:35 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:35 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Tue Jul  5 19:05:35 2016 UDPv4 link local: [undef]
Tue Jul  5 19:05:35 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Tue Jul  5 19:05:39 2016 Server poll timeout, restarting
Tue Jul  5 19:05:39 2016 SIGUSR1[soft,server_poll] received, process restarting
Tue Jul  5 19:05:39 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jul  5 19:05:39 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:39 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:39 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Tue Jul  5 19:05:39 2016 UDPv4 link local: [undef]
Tue Jul  5 19:05:39 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Tue Jul  5 19:05:43 2016 Server poll timeout, restarting
Tue Jul  5 19:05:43 2016 SIGUSR1[soft,server_poll] received, process restarting
Tue Jul  5 19:05:43 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jul  5 19:05:43 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:43 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:43 2016 Socket Buffers: R=[87380->200000] S=[16384->200000]
Tue Jul  5 19:05:43 2016 Attempting to establish TCP connection with [AF_INET]super.secret.ipaddress:444 [nonblock]
Tue Jul  5 19:05:44 2016 TCP connection established with [AF_INET]super.secret.ipaddress:444
Tue Jul  5 19:05:44 2016 TCPv4_CLIENT link local: [undef]
Tue Jul  5 19:05:44 2016 TCPv4_CLIENT link remote: [AF_INET]super.secret.ipaddress:444
Tue Jul  5 19:05:44 2016 TLS: Initial packet from [AF_INET]super.secret.ipaddress:444, sid=aeb6abae 035f030d
Tue Jul  5 19:05:44 2016 VERIFY OK: depth=1, CN=OpenVPN CA
Tue Jul  5 19:05:44 2016 VERIFY OK: nsCertType=SERVER
Tue Jul  5 19:05:44 2016 VERIFY OK: depth=0, CN=OpenVPN Server
Tue Jul  5 19:05:45 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul  5 19:05:45 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:45 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul  5 19:05:45 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul  5 19:05:45 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul  5 19:05:45 2016 [OpenVPN Server] Peer Connection Initiated with [AF_INET]super.secret.ipaddress:444
Tue Jul  5 19:05:47 2016 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Tue Jul  5 19:05:47 2016 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,socket-flags TCP_NODELAY,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.224.1,dhcp-option DNS 127.0.1.1,register-dns,block-ipv6,ifconfig 172.27.224.7 255.255.252.0'
Tue Jul  5 19:05:47 2016 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
Tue Jul  5 19:05:47 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.10)
Tue Jul  5 19:05:47 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.10)
Tue Jul  5 19:05:47 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.10)
Tue Jul  5 19:05:47 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:17: register-dns (2.3.10)
Tue Jul  5 19:05:47 2016 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: block-ipv6 (2.3.10)
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: LZO parms modified
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: --socket-flags option modified
Tue Jul  5 19:05:47 2016 Socket flags: TCP_NODELAY=1 succeeded
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: route options modified
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: route-related options modified
Tue Jul  5 19:05:47 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul  5 19:05:47 2016 ROUTE_GATEWAY 172.20.1.1/255.255.240.0 IFACE=wlp3s0 HWADDR=th:is:nt:th:ad:dr
Tue Jul  5 19:05:47 2016 TUN/TAP device tun0 opened
Tue Jul  5 19:05:47 2016 TUN/TAP TX queue length set to 100
Tue Jul  5 19:05:47 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul  5 19:05:47 2016 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul  5 19:05:47 2016 /sbin/ip addr add dev tun0 172.27.224.7/22 broadcast 172.27.227.255
Tue Jul  5 19:05:52 2016 ROUTE remote_host is NOT LOCAL
Tue Jul  5 19:05:52 2016 /sbin/ip route add super.secret.ipaddress/32 via 172.20.1.1
Tue Jul  5 19:05:52 2016 /sbin/ip route add 0.0.0.0/1 via 172.27.224.1
Tue Jul  5 19:05:52 2016 /sbin/ip route add 128.0.0.0/1 via 172.27.224.1
Tue Jul  5 19:05:52 2016 Initialization Sequence Completed
Wed Jul  6 01:05:44 2016 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Jul  6 01:05:44 2016 VERIFY OK: nsCertType=SERVER
Wed Jul  6 01:05:44 2016 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Jul  6 01:05:45 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul  6 01:05:45 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 01:05:45 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul  6 01:05:45 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 01:05:45 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Wed Jul  6 02:05:44 2016 TLS: tls_process: killed expiring key
^CWed Jul  6 06:11:30 2016 event_wait : Interrupted system call (code=4)
Wed Jul  6 06:11:30 2016 /sbin/ip route del super.secret.ipaddress/32
Wed Jul  6 06:11:30 2016 /sbin/ip route del 0.0.0.0/1
Wed Jul  6 06:11:30 2016 /sbin/ip route del 128.0.0.0/1
Wed Jul  6 06:11:30 2016 Closing TUN/TAP interface
Wed Jul  6 06:11:30 2016 /sbin/ip addr del dev tun0 172.27.224.7/22
Wed Jul  6 06:11:30 2016 SIGINT[hard,] received, process exiting
marty331@galago:~/open/pinkie$ sudo openvpn client.ovpn
[sudo] password for marty331: 
Wed Jul  6 07:00:59 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Wed Jul  6 07:00:59 2016 library versions: OpenSSL 1.0.2g-fips  1 Mar 2016, LZO 2.08
Wed Jul  6 07:00:59 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:00:59 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:00:59 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:00:59 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:00:59 2016 UDPv4 link local: [undef]
Wed Jul  6 07:00:59 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:03 2016 Server poll timeout, restarting
Wed Jul  6 07:01:03 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:03 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:03 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:03 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:03 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:03 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:03 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:07 2016 Server poll timeout, restarting
Wed Jul  6 07:01:07 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:07 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:07 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:07 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:07 2016 Socket Buffers: R=[87380->200000] S=[16384->200000]
Wed Jul  6 07:01:07 2016 Attempting to establish TCP connection with [AF_INET]super.secret.ipaddress:444 [nonblock]
Wed Jul  6 07:01:08 2016 TCP connection established with [AF_INET]super.secret.ipaddress:444
Wed Jul  6 07:01:08 2016 TCPv4_CLIENT link local: [undef]
Wed Jul  6 07:01:08 2016 TCPv4_CLIENT link remote: [AF_INET]super.secret.ipaddress:444
Wed Jul  6 07:01:12 2016 Server poll timeout, restarting
Wed Jul  6 07:01:12 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:12 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:12 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:12 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:12 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:12 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:12 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:16 2016 Server poll timeout, restarting
Wed Jul  6 07:01:16 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:16 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:16 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:16 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:16 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:16 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:16 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:20 2016 Server poll timeout, restarting
Wed Jul  6 07:01:20 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:20 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:20 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:20 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:20 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:20 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:20 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:24 2016 Server poll timeout, restarting
Wed Jul  6 07:01:24 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:24 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:24 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:24 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:24 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:24 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:24 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:28 2016 Server poll timeout, restarting
Wed Jul  6 07:01:28 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:28 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:28 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:28 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:28 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:28 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:28 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:32 2016 Server poll timeout, restarting
Wed Jul  6 07:01:32 2016 SIGUSR1[soft,server_poll] received, process restarting
Wed Jul  6 07:01:32 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul  6 07:01:32 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:32 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul  6 07:01:32 2016 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Jul  6 07:01:32 2016 UDPv4 link local: [undef]
Wed Jul  6 07:01:32 2016 UDPv4 link remote: [AF_INET]super.secret.ipaddress:1194
Wed Jul  6 07:01:36 2016 Server poll timeout, restarting
Wed Jul  6 07:01:36 2016 SIGUSR1[soft,server_poll] received, process restarting

 

 

Quote

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...