|
|
I've been trying to setup a VPN between the local network here and a few roaming co-workers. The VPN went initially went up with no problems but I'm finding it fairly difficult to use and I'm not sure even whether it's OpenVPN's fault; I just don't have the tools to test things. I am able to ping across with no problems, and the other machine shows up on my network neighborhood with no problems. However, the VPN was going to be used primarily for database protocols and, while I am able to establish a database connection (most of the time) across the gateway and do very simple queries, if I launch the full database application it waits for about a minute before crashing out with "Database connection unexpectedly closed". Database protocol uses TCP. With a window open to the verb9 statuses, I see about a second of heavy activity after which the packets drop down to their previous once-every-other-second rate. Server is 1.4.x on Linux, Client is 1.5beta6 on WinXP. I have the server here and have moved it to verb9, but I really am not sure of what I am looking for, there are no obvious error messages to my eyes. I do remember seeing a couple dozen "HMAC authentication failure" messages a couple weeks ago when trying to transfer files (using network neighborhood, very slow), but those messages have not repeated. (I do see some "DYNAMIC COMPRESSION OFF, DYNAMIC COMPRESSION ON" messages, but I assume those are unrelated) In my mind, the connection seems to be up and running (and recovers quickly after network outages), but any attempt to do anything more than just look at the computers causes significant degradation and drops. I would appreciate any ideas that anyone out there may have. Here is the server-side configuration script: ----------------------------------------------------------------------- # # Sample OpenVPN configuration file for # office using a pre-shared static key. # # '#' or ';' may be used to delimit comments. # Use a dynamic tun device. # For Linux 2.2 or non-Linux OSes, # you may want to use an explicit # unit number such as "tun1". # OpenVPN also supports virtual # ethernet "tap" devices. dev tap # 10.1.0.1 is our local VPN endpoint (office). # 10.1.0.2 is our remote VPN endpoint (home). ; ifconfig 192.168.0.250 192.168.0.251 # Our up script will establish routes # once the VPN is alive. ; up ./clarence.up up ./bridge.up # Our pre-shared static key secret joel.key # OpenVPN uses UDP port 5000 by default. # Each OpenVPN tunnel must use # a different port number. # lport or rport can be used # to denote different ports # for local and remote. port 5002 # Downgrade UID and GID to # "nobody" after initialization # for extra security. user nobody group nogroup # If you built OpenVPN with # LZO compression, uncomment # out the following line. comp-lzo # Send a UDP ping to remote once # every 15 seconds to keep # stateful firewall connection # alive. Uncomment this # out if you are using a stateful # firewall. ping 15 # Uncomment this section for a more reliable detection when a system # loses its connection. For example, dial-ups or laptops that # travel to other locations. ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key # Verbosity level. # 0 -- quiet except for fatal errors. # 1 -- mostly quiet, but display non-fatal network errors. # 3 -- medium output, good for normal operation. # 9 -- verbose, good for troubleshooting #verb 3 verb 9 ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |