Jan, thank you! I made another bash script as posted here
http://ubuntuforums.org/showthread.php?t=159661 to flush iptables and now IT
WORKS!

many thanks. :-)

2010/3/22 Jan Just Keijser <***@nikhef.nl>

> miamia miamia wrote:
>
>> Hi,
>> I tried to allow all traffic in firewall with cmds:
>> # iptables -X
>> # iptables -t nat -F
>> # iptables -t nat -X
>> # iptables -t mangle -F
>> # iptables -t mangle -X
>> # iptables -P INPUT ACCEPT
>> # iptables -P FORWARD ACCEPT
>> # iptables -P OUTPUT ACCEPT
>> I have changed my log file - openvpn.log is attached and syslog too. Error
>> is the same. Thanks for help.
>>
>> when did you make these changes: because your syslog is full of messages
> like
>
> Mar 22 17:14:38 localhost kernel: [10772.568028] iptables denied: IN=eth1
> OUT= MAC=00:e0:4c:ea:0a:d1:00:1a:6b:e8:15:2b:08:00 SRC=192.168.1.34
> DST=192.168.1.40 LEN=42 TOS=0x00 PREC=0x00 TTL=128 ID=48622 PROTO=UDP
> SPT=3817 DPT=1194 LEN=22
> which states that incoming traffic is blocked ... Try /etc/init.d/iptables
> stop
> or
> iptables -F
>
> HTH,
>
> JJK
>
>
>
> 2010/3/22 Jan Just Keijser <***@nikhef.nl <mailto:***@nikhef.nl>>
>>
>>
>> miamia miamia wrote:
>>
>> Hello,
>> what am I doing wrong? I am getting "read UDPv4: Connection
>> reset by peer (WSAECONNRESET) (code=10054)" and I cannot
>> connect to my server. My desktop and server are in LAN
>> 192.168.1.x. Thanks.
>>
>> most likely a firewall issue...
>>
>> And where openvpn stores logs? I tried to change it is
>> server.conf to openvpn.log but in var/log/ is nothing. ..
>>
>> if you have specified
>> log file.log
>> then the log files are stored in the directory where openvpn was
>> started ; it would be better to use
>> log /var/log/openvpn.log
>> and look in that file - if there are no connection attempts listed
>> in the server log then you're definitely looking at a firewall issue.
>>
>> HTH,
>>
>> JJK
>>
>> You can see my log from windows machine:
>> Mon Mar 22 15:11:15 2010 NOTE: --user option is not
>> implemented on Windows
>> Mon Mar 22 15:11:15 2010 NOTE: --group option is not
>> implemented on Windows
>> Mon Mar 22 15:11:15 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL]
>> [LZO2] [PKCS11] built on Dec 11 2009
>> Mon Mar 22 15:11:15 2010 NOTE: OpenVPN 2.1 requires
>> '--script-security 2' or higher to call user-defined scripts
>> or executables
>> Mon Mar 22 15:11:15 2010 LZO compression initialized
>> Mon Mar 22 15:11:15 2010 Control Channel MTU parms [ L:1542
>> D:138 EF:38 EB:0 ET:0 EL:0 ]
>> Mon Mar 22 15:11:15 2010 Data Channel MTU parms [ L:1542
>> D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
>> Mon Mar 22 15:11:15 2010 Local Options hash (VER=V4): '41690919'
>> Mon Mar 22 15:11:15 2010 Expected Remote Options hash
>> (VER=V4): '530fdded'
>> Mon Mar 22 15:11:15 2010 Socket Buffers: R=[8192->8192]
>> S=[8192->8192]
>> Mon Mar 22 15:11:15 2010 UDPv4 link local: [undef]
>> Mon Mar 22 15:11:15 2010 UDPv4 link remote: 192.168.1.40:1194
>> <http://192.168.1.40:1194/> <http://192.168.1.40:1194
>>
>> <http://192.168.1.40:1194/>>
>>
>> Mon Mar 22 15:11:18 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:18 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:20 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:22 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:24 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:26 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:28 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:30 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:32 2010 read UDPv4: Connection reset by peer
>> (WSAECONNRESET) (code=10054)
>> Mon Mar 22 15:11:32 2010 TCP/UDP: Closing socket
>> Mon Mar 22 15:11:32 2010 SIGTERM[hard,] received, process exiting
>>
>>
>>
>>
>

Just curious if anyone can help me with a high-latency connection I'm attempting.

Single client to a DD-WRT router w/ Static key



Mon Mar 22 16:48:06 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Mon Mar 22 16:48:06 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 22 16:48:06 2010 LZO compression initialized
Mon Mar 22 16:48:06 2010 TAP-WIN32 device [oVPN Connection] opened: \\.\Global\{9012C50C-6307-4611-BA15-CC81FFB7A75D}.tap
Mon Mar 22 16:48:06 2010 Successful ARP Flush on interface [25] {9012C50C-6307-4611-BA15-CC81FFB7A75D}
Mon Mar 22 16:48:06 2010 UDPv4 link local (bound): [undef]:1194
Mon Mar 22 16:48:06 2010 UDPv4 link remote: 174.35.141.x:1194
Mon Mar 22 16:48:06 2010 TCP/UDP: Incoming packet rejected from 192.168.0.1:1194[2], expected peer address: 174.35.141.x:1194 (allow this incoming source address/port by removing --remote or adding --float)






Just used the quick-setup guide from the DD-WRT forum, so it's done with startup commands instead of using the VPN GUI. ( I have another one at home I'm testing with GUI setups and PKI)



as you can see it's advising me to add --remote or --float to the command list, but I'm not certain as to the command syntax for this purpose. Thanks?



The VPN only needs to support the one client with remote access to his desktop files.



Startup
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo "
-----BEGIN OpenVPN Static key V1-----
2048 static key
-----END OpenVPN Static key V1-----
" > /tmp/static.key
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 1194 --proto udp --verb 3 --daemon











Firewalliptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT