I have a webmin running openvpn with which I generated my client keys and the server key. On the windows side I used windows openvpn client to connect to the vpn. However the connection keeps failing:
Logs on the server:
Thu Jan 17 11:08:55 2013 OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Thu Jan 17 11:08:55 2013 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Thu Jan 17 11:08:55 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Jan 17 11:08:55 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jan 17 11:08:55 2013 WARNING: file 'keys/test/check.key' is group or others accessible
Thu Jan 17 11:08:55 2013 TLS-Auth MTU parms [ L:1541 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jan 17 11:08:55 2013 WARNING: potential conflict between --local address [192.168.1.100] and --ifconfig address pair [192.168.1.1, 192.168.1.2] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Thu Jan 17 11:08:55 2013 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.1/255.255.255.255]
Thu Jan 17 11:08:55 2013 TUN/TAP device tun0 opened
Thu Jan 17 11:08:55 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jan 17 11:08:55 2013 /sbin/ifconfig tun0 192.168.1.1 pointopoint 192.168.1.2 mtu 1500
Thu Jan 17 11:08:55 2013 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Thu Jan 17 11:08:55 2013 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jan 17 11:08:55 2013 GID set to nogroup
Thu Jan 17 11:08:55 2013 UID set to nobody
Thu Jan 17 11:08:55 2013 Listening for incoming TCP connection on [AF_INET]192.168.1.100:1194
Thu Jan 17 11:08:55 2013 TCPv4_SERVER link local (bound): [AF_INET]192.168.1.100:1194
Thu Jan 17 11:08:55 2013 TCPv4_SERVER link remote: [undef]
Thu Jan 17 11:08:55 2013 Initialization Sequence Completed
Openvpn client log:
hu Jan 17 11:03:57 2013 OpenVPN 2.3.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan 8 2013
Enter Management Password:
Thu Jan 17 11:03:57 2013 MANAGEMENT: Socket bind failed on local address [AF_INET]127.0.0.1:25340: Address already in use (WSAEADDRINUSE)
Thu Jan 17 11:03:57 2013 Exiting due to fatal error
What am I doing wrong?
Server configuration file:
port 1194
proto tcp-server
dev tun0
ca keys/test/ca.crt
cert keys/test/check.crt
key keys/test/check.key
dh keys/test/dh2048.pem
server 192.168.1.0 255.255.255.0
crl-verify keys/test/crl.pem
cipher BF-CFB
user nobody
group nogroup
status servers/VPn1/logs/openvpn-status.log
log-append servers/VPn1/logs/openvpn.log
verb 2
mute 20
max-clients 100
local 192.168.1.100
keepalive 10 120
client-config-dir /etc/openvpn/servers/VPn1/ccd
client-to-client
duplicate-cn
comp-lzo
persist-key
persist-tun
ccd-exclusive
Client configuration:
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert client1.crt
key client1.key
remote 192.168.1.100 1194
tls-auth ta.key 1
cipher BF-CFB
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
route 192.168.1.0 255.255.255.0
Best Answer
You cannot connect to your vpn because your Windows PC is in the same subnet as the VPN.
openvpn shows you the following hint:
Are you trying to connect to the VPN inside the target net? This is impossible because then will will always have an IP from the the same subet and the routing will not work.
Else try to change the IP addresses on the VPN side. I use
172.16.x.xfor VPN because it is very unlikely that you find such a net somewhere.