Posted: Fri Feb 02, 2007 0:35 Post subject: OpenVPN TCP connection reset
I have two WRT54GLs, one at home, one at the office. The home ISP is Comcast, which requires me to use a DHCP WAN address (and disable STP), the office requires me to statically address the WAN port (and leave STP enabled). These are the only differences between the routers (that I know of!).
I have configured OpenVPN using certificates on both routers identically (with unique certificates for each router...d'oh). Each router is registered with DynDNS, and responds to pings to the registered name and domain.
"ps | grep openvpn" reports openvpn running on each router.
Each router reports essentially the correct time, as each uses NTP to the same server, and the time zones are configured identically. Using local time or not has no effect on my home router, connection works with it either selected or not, so I left it selected, and ensured the office router is the same.
I can establish a client VPN connection from my laptop to my home router, with no problem. Using a virtually identical client config (with the obvious router name differences), I cannot establish a connection to my office router. I get a "connection reset" error in the client log:
Thinking maybe the office ISP is doing something "helpful" with ports or protocols, I have changed the port in all the relevant spots to 80 from 1194, no joy. I changed the protocol from TCP to UDP, also no joy.
Looking at the logs for a successful connection to my home router, seeing encryption entries, unlike in the failed connection to my office router, it occurred to me that maybe I fatfingered the keys for the office router. I created new keys for the office router in OpenVPN/easy-rsa and updated the startup script to reflect these new keys, no joy.
I've gone thru the config screens line by line for the two routers, and can find no obvious differences, except for those required by the different ISPs.
I'm stuck. I have no idea where to look next. It seems like I can establish a TCP connection to my office router, but the VPN never gets established. What should I look for, what am I likely to have overlooked?
Maybe you should try copying the exact startup script from your home router, with the same keys, to the office router and see if you can establish a connection.
Thanks, I used the startup script from my home router, still no joy.
I looked more carefully at the client log, and saw a series of TLS errors. I looked in this forum, as well as on various OpenVPN forums (fora?) and found mention of loopback issues, and mapping the loopback adapter to the correct network. This address mapping, it turns out, is on servers other than these routers. However, I changed the loopback setting and now it works.
Now I have one router with loopback turned on, and one with it turned off, both working. I guess it's a switch with which to play if your OpenVPN server isn't working <grin>.
So, with it working, I swapped back the old startup script, which killed it again. Back to using the startup script from my home router in both routers, and all is peaches and cream. Thanks for the idea and poke, now I'm in business!