Hello, I added a virtual IP to my OpenVPN NIC as below: ... enp0s3:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 20.1.1.20 netmask 255.0.0.0 broadcast 20.255.255.255 ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet) ...
Then, I added the following line to my Server.conf file: local 20.1.1.20 I did the following iptables rules: IF_MAIN=enp0s3:1 IF_TUNNEL=tun20 YOUR_OPENVPN_SUBNET=10.10.0.0/16 iptables -I INPUT -p udp --dport 2000 -j ACCEPT iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -j SNAT --to 20.1.1.20 But, the client can't connect to the OpenVPN server and showed me below error: Sat Aug 12 11:10:24 2023 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) >How to solve it? >Thank you. Hello, The complete log is: 2023-08-13 10:30:37 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2023-08-13 10:30:37 Note: ovpn-dco-win driver is missing, disabling data channel offload. 2023-08-13 10:30:37 OpenVPN 2.6.5 [git:v2.6.5/cbc9e0ce412e7b42] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jun 13 2023 2023-08-13 10:30:37 Windows version 6.1 (Windows 7), amd64 executable 2023-08-13 10:30:37 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10 2023-08-13 10:30:37 DCO version: v0 2023-08-13 10:30:37 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343 2023-08-13 10:30:37 Need hold release from management interface, waiting... 2023-08-13 10:30:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1031 2023-08-13 10:30:38 MANAGEMENT: CMD 'state on' 2023-08-13 10:30:38 MANAGEMENT: CMD 'log on all' 2023-08-13 10:30:38 MANAGEMENT: CMD 'echo on all' 2023-08-13 10:30:38 MANAGEMENT: CMD 'bytecount 5' 2023-08-13 10:30:38 MANAGEMENT: CMD 'state' 2023-08-13 10:30:38 MANAGEMENT: CMD 'hold off' 2023-08-13 10:30:38 MANAGEMENT: CMD 'hold release' 2023-08-13 10:30:38 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.20:2000 2023-08-13 10:30:38 Socket Buffers: R=[8192->8192] S=[8192->8192] 2023-08-13 10:30:38 UDPv4 link local: (not bound) 2023-08-13 10:30:38 UDPv4 link remote: [AF_INET]192.168.1.20:2000 2023-08-13 10:30:38 MANAGEMENT: >STATE:1691906438,WAIT,,,,,, 2023-08-13 10:30:38 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) 2023-08-13 10:30:40 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) 2023-08-13 10:30:44 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) 2023-08-13 10:30:52 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) 2023-08-13 10:31:08 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) 2023-08-13 10:31:38 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2023-08-13 10:31:38 TLS Error: TLS handshake failed 2023-08-13 10:31:38 SIGUSR1[soft,tls-error] received, process restarting 2023-08-13 10:31:38 MANAGEMENT: >STATE:1691906498,RECONNECTING,tls-error,,,,, 2023-08-13 10:31:38 Restart pause, 1 second(s) 2023-08-13 10:31:39 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.20:2000 2023-08-13 10:31:39 Socket Buffers: R=[8192->8192] S=[8192->8192] 2023-08-13 10:31:39 UDPv4 link local: (not bound) 2023-08-13 10:31:39 UDPv4 link remote: [AF_INET]192.168.1.20:2000 2023-08-13 10:31:39 MANAGEMENT: >STATE:1691906499,WAIT,,,,,, 2023-08-13 10:31:39 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) 2023-08-13 10:31:41 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) The port and protocol are correct in the firewall rules. What is the problem? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
