# openvpn won't connect [solved]

## plut0

I just installed openvpn 2.0.6 on gentoo and trying to connect via windows xp 2.0.7.  I am not getting very far in the connection, i keep getting the messages "Unroutable control packet received from..."  I did a lot of research but the answers didn't help.  One of which says the cert generated is bad, but I verified both the client and server certs.  The other answer was date/time is off but that isn't the case either.  What am I doing wrong here?

client config:

```
client

dev tun

proto udp

remote [server] 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

comp-lzo

verb 3
```

server config:

```
port 1194

proto udp

dev tun

ca keys/ca.crt

cert keys/vpn.crt

key keys/vpn.key

dh keys/dh1024.pem

server 10.8.0.1 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 172.16.0.0 255.255.0.0"

push "route 10.8.0.0 255.255.255.0"

keepalive 10 120

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 4
```

client log:

```
Wed Jul 26 19:46:44 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006

Wed Jul 26 19:46:44 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Wed Jul 26 19:46:44 2006 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Wed Jul 26 19:46:44 2006 LZO compression initialized

Wed Jul 26 19:46:44 2006 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

Wed Jul 26 19:46:44 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]

Wed Jul 26 19:46:44 2006 Local Options hash (VER=V4): '41690919'

Wed Jul 26 19:46:44 2006 Expected Remote Options hash (VER=V4): '530fdded'

Wed Jul 26 19:46:44 2006 UDPv4 link local: [undef]

Wed Jul 26 19:46:44 2006 UDPv4 link remote: [server]:1194

Wed Jul 26 19:46:51 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Wed Jul 26 19:47:01 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Wed Jul 26 19:47:11 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Wed Jul 26 19:47:22 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Wed Jul 26 19:47:32 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Wed Jul 26 19:47:42 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Wed Jul 26 19:47:44 2006 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Wed Jul 26 19:47:44 2006 TLS Error: TLS handshake failed

Wed Jul 26 19:47:44 2006 TCP/UDP: Closing socket

Wed Jul 26 19:47:44 2006 SIGUSR1[soft,tls-error] received, process restarting

Wed Jul 26 19:47:44 2006 Restart pause, 2 second(s)
```

server log:

```
Wed Jul 26 19:45:39 2006 OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jul 26 2006

Wed Jul 26 19:45:39 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Wed Jul 26 19:45:39 2006 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext

Wed Jul 26 19:45:39 2006 TUN/TAP device tun0 opened

Wed Jul 26 19:45:39 2006 UDPv4 link local (bound): [undef]:1194

Wed Jul 26 19:45:39 2006 UDPv4 link remote: [undef]

Wed Jul 26 19:46:02 2006 Peer Connection Initiated with [client]:1306

Wed Jul 26 19:46:02 2006 Initialization Sequence Completed
```

Last edited by plut0 on Thu Jul 27, 2006 3:39 pm; edited 1 time in total

----------

## magic919

You need to read the log.  And then follow the link it suggests.

http://openvpn.net/howto.html#mitm

You've almost cracked it.

----------

## plut0

Thanks for the info, that got rid of the warning but not the problem unfortunately.  This is what I did...

I added this to the client config:

```
ns-cert-type server

tls-client

tls-auth ta.key 1

cipher BF-CBC
```

And this to the server config:

```
tls-server

tls-auth keys/ta.key 0

cipher BF-CBC
```

And now on the client logs the warning message is gone:

```
Thu Jul 27 10:11:34 2006 us=221245 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file

Thu Jul 27 10:11:34 2006 us=221282 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Jul 27 10:11:34 2006 us=242889 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
```

But on the server I still get this (not sure if this matters or not):

```
Thu Jul 27 10:21:01 2006 us=11862 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
```

And on the client I still see these messages:

```
Thu Jul 27 10:22:27 2006 us=745792 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Thu Jul 27 10:22:37 2006 us=345341 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)

Thu Jul 27 10:22:48 2006 us=296248 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
```

----------

## plut0

Well this is silly but openvpn wasn't using the right config file is why I was having problems.  :Embarassed: 

----------

