From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Problems with Core 70 and OpenVPN N2N Date: Fri, 12 Jul 2013 00:06:39 +0200 Message-ID: <1373580399.10320.44.camel@hughes.tremer.info> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7657205081434297886==" List-Id: --===============7657205081434297886== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Could you provide the iptables ruleset that is loaded? This should not be caused by the latest NAT changes in core update 70. But that's just a wild guess. -Michael On Thu, 2013-07-11 at 20:33 +0200, Erik K. wrote: > Hi all, > have tried today Core 70 and OpenVPN N2N and i have had problems to establi= sh the connection.=20 >=20 > The infrastructure: >=20 > IPFire (remote) <--> Router <--> [ Internet ] <--> (local) Router <--> (lo= cal) IPFire >=20 > So both sides with double NAT. The log messages gives me the following back >=20 > Jul 11 18:17:35 ipfire Testn2n[13565]: UDPv4 link remote: 192.168.20.2:5329 > Jul 11 18:19:09 ipfire Testn2n[13808]: TLS Error: client->client or server-= >server connection attempted from 192.168.20.2:5329 > Jul 11 18:18:01 ipfire Testn2n[13565]: event_wait : Interrupted system call= (code=3D4) > have never seen this message (in the middle) before... >=20 > So i looked to the configuration file on the TLS-client where the "Remote H= ost/IP" was stated with the 192.168.20.2 (red0 IP), i changed it then to the = remote IP (in versions before Core 70 this was not necessary) and the followi= ng log output was stated. >=20 > Jul 11 20:22:49 ipfire Testn2n[6875]: Expected Remote Options hash (VER=3DV= 4): '9e986809' > Jul 11 20:22:49 ipfire-bbach Testn2n[[6875]: UDPv4 link remote: 172.11.xx.x= x:5329 > Jul 11 20:23:50 ipfire Testn2n[[6875]: [UNDEF] Inactivity timeout (--ping-r= estart), restarting >=20 >=20 > Looks like a closed firewall. Portforwarding from both upstream routers to = IPFire was made, outgoing FW was in mode 0 . >=20 > May some one have an idea what=C2=B4s causing this problem ? >=20 >=20 > Greetings=20 >=20 >=20 > Erik >=20 >=20 > _______________________________________________ > Development mailing list > Development(a)lists.ipfire.org > http://lists.ipfire.org/mailman/listinfo/development --===============7657205081434297886==--