I have set up an Openvpn server on a Raspberry Pi at a remote location I can access through another OpenVPN server. The new server is a proof-of-concept to check how client-to-client comm inside the tunnel works.
For initial testing I am using my Windows10 laptop and a RaspberryPi both on my home LAN. The RaspberryPi will later be moved to yet another distinct LAN. Initial tests: 1) Connect RPi to tunnel-only server Command: sudo openvpn --config /home/pi/openvpn/SSRemote001.ovpn This works fine and I can communicate with the vpn server and also open an ssh session into it from the RPi. 2) Connect the Windows PC to the tunnel-only server. Now possible to ping the openvpn server etc. Those initial teste were done with a sizable time separation and *not* at the same time. 3) Now connect the RPi again to its (password-less) connection. 4) Connect the Windows 10 PC now fails with TLS negotiation error (timeout) 5) Close both connections. 6) Now again try to connect the RPi, but now it fails also on TLS as does the Windows 10 connection... 7) Go have dinner for some time... 8) Now back and can connect the RPi fine again! 9) But when the RPi is connected the Windows connection attempt fails with a TLS timeout error. What could be causing this strange behavior? It seems like when the server has been connected to it goes blind for a while but then returns to normal for a new comm session.... Don't know how long one has to wait for. Server config: -------------- port 1196 #NOTE: the port differs between server instances! server 10.117.3.0 255.255.255.0 'nopool' #Tunnel Network base address proto udp4 #Use only ipv4 dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/AGIVPN.crt key /etc/openvpn/keys/AGIVPN.key # This file should be kept secret dh /etc/openvpn/keys/dh2048.pem tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret key-direction 0 topology subnet ifconfig-pool 10.117.3.2 10.117.3.127 255.255.255.0 #Server: 10.117.3.1 client-config-dir /etc/openvpn/ccdtun ifconfig-pool-persist ipptun.txt #Specific config for VPN tunnel only access: client-to-client #End specifics keepalive 10 120 cipher AES-256-CBC comp-lzo #Compress transfered data max-clients 20 #Might be set as appropriate for usage persist-key persist-tun verb 4 #Log files verbosity explicit-exit-notify 1 #Make the server notify client before restarting status /etc/openvpn/log/ovpn-status_tun.log log-append /etc/openvpn/log/ovpn_tun.log RPi Client config: ------------------ remote xyzx.myowndomain.com 1193 #Only for client-to-client comm client dev tun proto udp resolv-retry infinite nobind persist-key persist-tun auth-nocache mute-replay-warnings remote-cert-tls server key-direction 1 cipher AES-256-CBC comp-lzo verb 1 mute 20 Next follows all the cert/key encryption data The Windows laptop client config is similar but it uses an encrypted key for security. The connections from the RPi units are to be done automatically so their ovpn files are not password protected. NOTE: ----- The router at the server site is doing port forward from incoming port 1193 to server port 1196. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
