peasthope@shaw.ca wrote: > Bob Proulx wrote: > > I would look to see that the ports match up on both sides of the > > OpenVPN connection. > > Just checked /etc/openvpn/myvpn.conf again. Yes, both ends aim for > dev tun, udp 1194. Good. > > I would look that it is allowed through the firewall. > > I reviewed the Shorewall configuration before learning that Shaw > Cable accidentally disconnected service and again after > reconnection. I like Shorewall. Not sure that all of these are required but this is what I have on my machine. rules: ACCEPT all fw udp openvpn policy: fw tun ACCEPT tun fw ACCEPT If you are using shorewall and if it were rejecting and if it were configured to log rejects to the syslog then you should see logging of anything shorewall is rejecting to /var/log/kern.log If not then I don't know. I use both OpenVPN and Shorewall and it works well for me. You might crank up the verbosity of the openvpn logging and see if it logs something interesting. # 0 is silent, except for fatal errors # 1 is default # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose ; verb 1 ;log openvpn.log ;log-append openvpn.log Pick something more verbose than the default and see if it gives a clue as to the problem. I would also fire up tcpdump at the same time and monitor traffic on that port. You should see it both leave and arrive on the different end points. I would run multiple copies on each host that had any involvement in the connection. tcpdump -lni any port 1194 > Nothing obvious, but shouldn't traceroute get a route? That does look suspicious. But to me it looks suspiciously like packets are getting dropped by a firewall and you already checked that they weren't. Bob
Attachment:
signature.asc
Description: Digital signature