Closed GoogleCodeExporter closed 9 years ago
The openvpn of ics-openvpn should behave in the same way as the normal version.
Do you have a server log or can do a tcpdump to see get more information?
Original comment by arne@rfc2549.org
on 13 Sep 2012 at 8:41
This is the tcpdump. Note that I'm connected to the server through the same
router, so some packets should be of SSH.
Original comment by furlan.g...@gmail.com
on 14 Sep 2012 at 12:10
Attachments:
The tcpdump shows exactly same what openvpn shows. The client tries to connet
and gets a connection refused:
02:08:10.875841 IP 192.168.1.129.41736 > 192.168.1.130.1194: UDP, length 14
02:08:10.875873 IP 192.168.1.130 > 192.168.1.129: ICMP 192.168.1.130 udp port
1194 unreachable, length 50
and later again:
02:08:12.975888 IP 192.168.1.129.41736 > 192.168.1.130.1194: UDP, length 14
02:08:12.975919 IP 192.168.1.130 > 192.168.1.129: ICMP 192.168.1.130 udp port
1194 unreachable, length 50
Original comment by arne@rfc2549.org
on 14 Sep 2012 at 10:22
This is the log of a working connection, same certs and key, just from my
MacBook. Why should it work properly on the same wifi and not with my Android
device? The router has no rules about nor the MacBook nor the Nexus 7.
Original comment by furlan.g...@gmail.com
on 14 Sep 2012 at 10:42
Attachments:
The second log does not show any connection to 192.168.1.30:1194 as the first.
It shows only a udp connection from port 443 to 1025
Original comment by arne@rfc2549.org
on 14 Sep 2012 at 10:49
Oops, my bad.. I just remembered I changed the port but not the configuration
file =(
In any case now it seems it fails the TLS key negotation.
Log attached.
Original comment by furlan.g...@gmail.com
on 14 Sep 2012 at 10:54
Attachments:
Update: this is the server error: Fri Sep 14 12:58:22 2012 TLS Error: cannot
locate HMAC in incoming packet from 192.168.1.129:35064
Original comment by furlan.g...@gmail.com
on 14 Sep 2012 at 10:58
Such error are mostly configuration errors. Did you try to import the
configuration file that works on your macbook?
Original comment by arne@rfc2549.org
on 14 Sep 2012 at 10:59
Yes, I did just that. HMAC may mean hardware mac? Maybe the ics-openvpn setups
the tun device with all-zeros mac address?
Original comment by furlan.g...@gmail.com
on 14 Sep 2012 at 11:00
http://en.wikipedia.org/wiki/HMAC
this is another configuration error. You are missing the tls auth settings. If
you configuration is not imported correctly can you show me your macbook
configuration?
Original comment by arne@rfc2549.org
on 14 Sep 2012 at 11:08
Resolved, thanks. It seems that the tls cert line was commented out. Most
probably Tunnelblick automatically detects it and correct the problem.
Original comment by furlan.g...@gmail.com
on 14 Sep 2012 at 11:15
I am closing the bug since it was a configuration mistake
Original comment by arne@rfc2549.org
on 14 Sep 2012 at 11:16
Original issue reported on code.google.com by
furlan.g...@gmail.com
on 13 Sep 2012 at 4:39