Home / ubuntu / Questions / 413705
In Process
Stefan van den Akker
Asked: 2014-02-01 11:13:05 +0800 CST

OpenVPN connection refused (code=111)

  • 772

I'm trying to set up an OpenVPN server on my PC. I have followed the steps described here.

My server configuration file looks like this:

local 192.168.1.150
port 1194
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key

My client configurattion file looks like this:

remote A.B.C.D # this is my public IP address, is that correct?
port 1194
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key

When I start my server and client, the client gives the following:

Fri Jan 31 20:04:27 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013
Fri Jan 31 20:04:27 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 31 20:04:27 2014 WARNING: file 'static.key' is group or others accessible
Fri Jan 31 20:04:27 2014 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 31 20:04:27 2014 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 31 20:04:27 2014 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 31 20:04:27 2014 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 31 20:04:27 2014 Socket Buffers: R=[229376->131072] S=[229376->131072]
Fri Jan 31 20:04:27 2014 TUN/TAP device tun0 opened
Fri Jan 31 20:04:27 2014 TUN/TAP TX queue length set to 100
Fri Jan 31 20:04:27 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jan 31 20:04:27 2014 /sbin/ifconfig tun0 10.8.0.2 pointopoint 10.8.0.1 mtu 1500
Fri Jan 31 20:04:27 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Fri Jan 31 20:04:27 2014 Local Options hash (VER=V4): 'd3880969'
Fri Jan 31 20:04:27 2014 Expected Remote Options hash (VER=V4): 'c41bf3b8'
Fri Jan 31 20:04:27 2014 UDPv4 link local (bound): [undef]
Fri Jan 31 20:04:27 2014 UDPv4 link remote: [AF_INET]A.B.C.D:1194
Fri Jan 31 20:04:37 2014 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

I added a rule to my ufw to allow all incoming traffic to port 1194.

I also added a rule to my router's firewall, to allow all incoming traffic to port 1194.

I use a static IP address 192.168.1.150.

I tried turning off both firewalls to see if that would make it work, but no results.

Is there any reason why my client can't connect to my server? Notice I connect to my public IP address, is this correct? Or should it be something else?

EDIT:

Log of the server (verb 3):

Fri Jan 31 23:01:54 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013
Fri Jan 31 23:01:54 2014 WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail
Fri Jan 31 23:01:54 2014 WARNING: you are using user/group/chroot/setcon without persist-key -- this may cause restarts to fail
Fri Jan 31 23:01:54 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 31 23:01:54 2014 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 31 23:01:54 2014 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 31 23:01:54 2014 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 31 23:01:54 2014 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 31 23:01:54 2014 Socket Buffers: R=[229376->131072] S=[229376->131072]
Fri Jan 31 23:01:54 2014 TUN/TAP device tun0 opened
Fri Jan 31 23:01:54 2014 TUN/TAP TX queue length set to 100
Fri Jan 31 23:01:54 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jan 31 23:01:54 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Jan 31 23:01:54 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Fri Jan 31 23:01:54 2014 Local Options hash (VER=V4): 'c41bf3b8'
Fri Jan 31 23:01:54 2014 Expected Remote Options hash (VER=V4): 'd3880969'
Fri Jan 31 23:01:54 2014 GID set to neftas
Fri Jan 31 23:01:54 2014 UID set to neftas
Fri Jan 31 23:01:54 2014 UDPv4 link local (bound): [AF_INET]192.168.1.150:1194
Fri Jan 31 23:01:54 2014 UDPv4 link remote: [undef]
openvpn

2 Answers

  1. ECONNREFUSED means that the port you are trying to connect to is not open on the IP you are trying to connect to. This implies that either you are connecting to the wrong IP, you did not open the port on your firewalls successfully, the server did not launch successfully, or the server is using a different port. Try this:

    1) Use "nmap" on the server with hostname of "localhost" to check if the server is running properly in the port you want.

    2) Use it on the client with your server's public IP to check if the destination port is open.

    It would also help if you post the server log.

    • 3

  2. I was having the same problem while setting up an OpenVPN server from a VPS I had abroad. Through nmap I had derived that my port of choice (In my case, 443) over UDP was closed and not receiving traffic.

    I used ufw to make sure port 443/udp was open, and receiving the traffic I was requesting from my client.

    sudo apt-get install -y ufw
ufw allow ssh
ufw allow 443/udp (Insert your own port/protocol here)

    I then edited ufw's configuration files:

    sudo nano /etc/default/ufw

    and replaced:

    DEFAULT_FORWARD_POLICY="DROP"

    to

    DEFAULT_FORWARD_POLICY="ACCEPT"

    Then, a simple activation and restart of the OpenVPN did the trick.

    sudo ufw enable

    And checked it by typing in:

    sudo ufw status

    And checked that all of my firewall settings were correct, and then cross-checked it with nmap:

    sudo nmap -sU 443 localhost

    And that seemed to do it for me. Might not work for others, but it solved my problem and only took me about 5 minutes.

    • 1