[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] HELP-ME OpenVPN x iptables

Subject: [Openvpn-users] HELP-ME OpenVPN x iptables
From: cristiano furtado <jasonnfedora@xxxxxxxxxxxx>
Date: Wed, 10 Jan 2007 16:33:33 -0300 (ART)

I am trying to raise one tunel with openvpn 2,0 to put I am having problems with firewall. used rules:

iptables -t filter INPUT -i ppp0 -p tcp --dport 1194 -j ACCEPT
iptables -t filter INPUT -i ppp0 -p udp --dport 1194 -j ACCEPT

error:

Server:

Wed Jan 10 14:12:04 2007 TLS: Initial packet from 201.50.87.166:1194, sid=242775bc 91db3d7b
Wed Jan 10 14:12:07 2007 TLS: new session incoming connection from 201.50.87.166:1194
Wed Jan 10 14:12:09 2007 TLS: new session incoming connection from 201.50.87.166:1194
Wed Jan 10 14:13:04 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 10 14:13:04 2007 TLS Error: TLS handshake failed
Wed Jan 10 14:13:04 2007 TCP/UDP: Closing socket

Client:

Wed Jan 10 14:56:16 2007 UDPv4 link remote: 201.50.46.253:1194
Wed Jan 10 14:56:33 2007 TLS: Initial packet from 201.50.46.253:1194, sid=ab1fed5e 62455089
Wed Jan 10 14:56:34 2007 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=BR/ST=BAHIA/L=SALVADOR/O=FBASIL/OU=VPN/CN=JASONN/emailAddress=JASONNFEDORA@xxxxxxxxx
Wed Jan 10 14:56:34 2007 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Jan 10 14:56:34 2007 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 10 14:56:34 2007 TLS Error: TLS handshake failed
Wed Jan 10 14:56:34 2007 TCP/UDP: Closing socket
Wed Jan 10 14:56:34 2007 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 10 14:56:34 2007 Restart pause, 2 second(s)

and

Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_ACK_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:54 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_ACK_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)
Wed Jan 10 14:23:00 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1)

great

JasonnFedora

JasonnFedora
Administrador de Sistemas Linux
Salvador - Bahia

Fedora Core 6

__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] HELP-ME OpenVPN x iptables
  - From: Erich Titl

References:
- Re: [Openvpn-users] Cannot allocate TUN/TAP dev dynamically
  - From: Tim Wunder

Prev by Date: [Openvpn-users] Minimal time to wait for final 2.1
Next by Date: Re: [Openvpn-users] Newbie question: Samba with OpenVPN and DNS names
Previous by thread: Re: [Openvpn-users] Cannot allocate TUN/TAP dev dynamically
Next by thread: Re: [Openvpn-users] HELP-ME OpenVPN x iptables
Index(es):
- Date
- Thread