openvpn client config file need

[yc3948]

Could you please provide client config file sample, the *.ovpn

[Eric]

You posted this in 3 separate forums simultaneously. DON'T DO THAT!

That's basically spamming. I'm deleting the other copies of this post.

I will answer your question, since someone else might need the answer:

.ovpn files are the same as the .conf files present in the zip file you can download from the web interface, once you've configured the server. They are interchangable -- two names for the same thing. The way gargoyle implements OpenVPN, you don't need to manually enter the client config data -- you can just upload the necessary openvpn configuration files you downloaded from the gargoyle openvpn server. If you're connecting to a non-gargoyle openvpn server whoever configured the server should be able to give you an appropriate config/ovpn file + other necessary files, which you can upload and should work without any necessary modification.

The only caveat is that you can't have a TAP configuration.

[yc3948]

WRRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Jun 27 14:49:26 2012 us=243511 Current Parameter Settings:
Wed Jun 27 14:49:26 2012 us=243605 config = 'client1.ovpn'
Wed Jun 27 14:49:26 2012 us=243635 mode = 0
Wed Jun 27 14:49:26 2012 us=243662 show_ciphers = DISABLED
Wed Jun 27 14:49:26 2012 us=243690 show_digests = DISABLED
Wed Jun 27 14:49:26 2012 us=243718 show_engines = DISABLED
Wed Jun 27 14:49:26 2012 us=243744 genkey = DISABLED
Wed Jun 27 14:49:26 2012 us=243773 key_pass_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=243801 show_tls_ciphers = DISABLED
Wed Jun 27 14:49:26 2012 us=243828 proto = 0
Wed Jun 27 14:49:26 2012 us=243854 local = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=243883 remote_list[0] = {XXX.com', 1194}
Wed Jun 27 14:49:26 2012 us=243912 remote_random = DISABLED
Wed Jun 27 14:49:26 2012 us=243940 local_port = 1194
Wed Jun 27 14:49:26 2012 us=243967 remote_port = 1194
Wed Jun 27 14:49:26 2012 us=243995 remote_float = DISABLED
Wed Jun 27 14:49:26 2012 us=244021 ipchange = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=244050 bind_local = DISABLED
Wed Jun 27 14:49:26 2012 us=244075 dev = 'tun'
Wed Jun 27 14:49:26 2012 us=244102 dev_type = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=244130 dev_node = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=244157 tun_ipv6 = DISABLED
Wed Jun 27 14:49:26 2012 us=244185 ifconfig_local = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=244213 ifconfig_remote_netmask = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=244242 ifconfig_noexec = DISABLED
Wed Jun 27 14:49:26 2012 us=244270 ifconfig_nowarn = DISABLED
Wed Jun 27 14:49:26 2012 us=244296 shaper = 0
Wed Jun 27 14:49:26 2012 us=244324 tun_mtu = 1500
Wed Jun 27 14:49:26 2012 us=244351 tun_mtu_defined = ENABLED
Wed Jun 27 14:49:26 2012 us=244377 link_mtu = 1500
Wed Jun 27 14:49:26 2012 us=244406 link_mtu_defined = DISABLED
Wed Jun 27 14:49:26 2012 us=244433 tun_mtu_extra = 0
Wed Jun 27 14:49:26 2012 us=244465 tun_mtu_extra_defined = DISABLED
Wed Jun 27 14:49:26 2012 us=244495 fragment = 0
Wed Jun 27 14:49:26 2012 us=244522 mtu_discover_type = -1
Wed Jun 27 14:49:26 2012 us=244547 mtu_test = 0
Wed Jun 27 14:49:26 2012 us=244575 mlock = DISABLED
Wed Jun 27 14:49:26 2012 us=244602 keepalive_ping = 0
Wed Jun 27 14:49:26 2012 us=244630 keepalive_timeout = 0
Wed Jun 27 14:49:26 2012 us=244658 inactivity_timeout = 0
Wed Jun 27 14:49:26 2012 us=244685 ping_send_timeout = 0
Wed Jun 27 14:49:26 2012 us=244714 ping_rec_timeout = 120
Wed Jun 27 14:49:26 2012 us=244740 ping_rec_timeout_action = 2
Wed Jun 27 14:49:26 2012 us=244767 ping_timer_remote = DISABLED
Wed Jun 27 14:49:26 2012 us=244795 remap_sigusr1 = 0
Wed Jun 27 14:49:26 2012 us=244823 explicit_exit_notification = 0
Wed Jun 27 14:49:26 2012 us=244852 persist_tun = ENABLED
Wed Jun 27 14:49:26 2012 us=244879 persist_local_ip = DISABLED
Wed Jun 27 14:49:26 2012 us=244906 persist_remote_ip = DISABLED
Wed Jun 27 14:49:26 2012 us=244934 persist_key = ENABLED
Wed Jun 27 14:49:26 2012 us=244960 mssfix = 1450
Wed Jun 27 14:49:26 2012 us=244990 resolve_retry_seconds = 1000000000
Wed Jun 27 14:49:26 2012 us=245018 connect_retry_seconds = 5
Wed Jun 27 14:49:26 2012 us=245044 username = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245073 groupname = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245099 chroot_dir = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245127 cd_dir = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245155 writepid = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245181 up_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245210 down_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=245237 down_pre = DISABLED
Wed Jun 27 14:49:26 2012 us=245264 up_restart = DISABLED
Wed Jun 27 14:49:26 2012 us=245292 up_delay = DISABLED
Wed Jun 27 14:49:26 2012 us=245317 daemon = DISABLED
Wed Jun 27 14:49:26 2012 us=245345 inetd = 0
Wed Jun 27 14:49:26 2012 us=245383 log = DISABLED
Wed Jun 27 14:49:26 2012 us=245414 suppress_timestamps = DISABLED
Wed Jun 27 14:49:26 2012 us=245441 nice = 0
Wed Jun 27 14:49:26 2012 us=245466 verbosity = 5
Wed Jun 27 14:49:26 2012 us=283672 mute = 0
Wed Jun 27 14:49:26 2012 us=283724 gremlin = 0
Wed Jun 27 14:49:26 2012 us=283758 status_file = 'current_status'
Wed Jun 27 14:49:26 2012 us=283792 status_file_version = 1
Wed Jun 27 14:49:26 2012 us=283826 status_file_update_freq = 60
Wed Jun 27 14:49:26 2012 us=283860 occ = ENABLED
Wed Jun 27 14:49:26 2012 us=283895 rcvbuf = 0
Wed Jun 27 14:49:26 2012 us=283929 sndbuf = 0
Wed Jun 27 14:49:26 2012 us=283975 socks_proxy_server = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=284026 socks_proxy_port = 0
Wed Jun 27 14:49:26 2012 us=284060 socks_proxy_retry = DISABLED
Wed Jun 27 14:49:26 2012 us=284094 fast_io = DISABLED
Wed Jun 27 14:49:26 2012 us=284128 comp_lzo = ENABLED
Wed Jun 27 14:49:26 2012 us=284162 comp_lzo_adaptive = ENABLED
Wed Jun 27 14:49:26 2012 us=284196 route_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=284231 route_default_gateway = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=316387 route_noexec = DISABLED
Wed Jun 27 14:49:26 2012 us=316436 route_delay = 0
Wed Jun 27 14:49:26 2012 us=316471 route_delay_window = 30
Wed Jun 27 14:49:26 2012 us=316505 route_delay_defined = ENABLED
Wed Jun 27 14:49:26 2012 us=316540 management_addr = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=316573 management_port = 0
Wed Jun 27 14:49:26 2012 us=316605 management_user_pass = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=316639 management_log_history_cache = 250
Wed Jun 27 14:49:26 2012 us=316672 management_echo_buffer_size = 100
Wed Jun 27 14:49:26 2012 us=316708 management_query_passwords = DISABLED
Wed Jun 27 14:49:26 2012 us=316742 management_hold = DISABLED
Wed Jun 27 14:49:26 2012 us=316781 shared_secret_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=316818 key_direction = 0
Wed Jun 27 14:49:26 2012 us=316853 ciphername_defined = ENABLED
Wed Jun 27 14:49:26 2012 us=316887 ciphername = 'BF-CBC'
Wed Jun 27 14:49:26 2012 us=316921 authname_defined = ENABLED
Wed Jun 27 14:49:26 2012 us=347810 authname = 'SHA1'
Wed Jun 27 14:49:26 2012 us=347873 keysize = 16
Wed Jun 27 14:49:26 2012 us=347909 engine = DISABLED
Wed Jun 27 14:49:26 2012 us=347943 replay = ENABLED
Wed Jun 27 14:49:26 2012 us=347978 mute_replay_warnings = DISABLED
Wed Jun 27 14:49:26 2012 us=348014 replay_window = 64
Wed Jun 27 14:49:26 2012 us=348050 replay_time = 15
Wed Jun 27 14:49:26 2012 us=348086 packet_id_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=348123 use_iv = ENABLED
Wed Jun 27 14:49:26 2012 us=348155 test_crypto = DISABLED
Wed Jun 27 14:49:26 2012 us=348190 tls_server = DISABLED
Wed Jun 27 14:49:26 2012 us=348227 tls_client = ENABLED
Wed Jun 27 14:49:26 2012 us=348262 key_method = 2
Wed Jun 27 14:49:26 2012 us=348297 ca_file = 'ca.crt'
Wed Jun 27 14:49:26 2012 us=348333 dh_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=348368 cert_file = 'client1.crt'
Wed Jun 27 14:49:26 2012 us=391409 priv_key_file = 'client1.key'
Wed Jun 27 14:49:26 2012 us=391460 pkcs12_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=391495 cryptoapi_cert = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=391530 cipher_list = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=391564 tls_verify = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=391600 tls_remote = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=391636 crl_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=391672 ns_cert_type = 64
Wed Jun 27 14:49:26 2012 us=391707 tls_timeout = 2
Wed Jun 27 14:49:26 2012 us=391751 renegotiate_bytes = 0
Wed Jun 27 14:49:26 2012 us=391787 renegotiate_packets = 0
Wed Jun 27 14:49:26 2012 us=391823 renegotiate_seconds = 3600
Wed Jun 27 14:49:26 2012 us=391859 handshake_window = 60
Wed Jun 27 14:49:26 2012 us=391895 transition_window = 3600
Wed Jun 27 14:49:26 2012 us=391928 single_session = DISABLED
Wed Jun 27 14:49:26 2012 us=391964 tls_exit = DISABLED
Wed Jun 27 14:49:26 2012 us=439217 tls_auth_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=439298 server_network = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439339 server_netmask = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439379 server_bridge_ip = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439419 server_bridge_netmask = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439460 server_bridge_pool_start = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439525 server_bridge_pool_end = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439564 ifconfig_pool_defined = DISABLED
Wed Jun 27 14:49:26 2012 us=439602 ifconfig_pool_start = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439643 ifconfig_pool_end = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439682 ifconfig_pool_netmask = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=439719 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=439757 ifconfig_pool_persist_refresh_freq = 600
Wed Jun 27 14:49:26 2012 us=439795 ifconfig_pool_linear = DISABLED
Wed Jun 27 14:49:26 2012 us=439831 n_bcast_buf = 256
Wed Jun 27 14:49:26 2012 us=490697 tcp_queue_limit = 64
Wed Jun 27 14:49:26 2012 us=490743 real_hash_size = 256
Wed Jun 27 14:49:26 2012 us=490778 virtual_hash_size = 256
Wed Jun 27 14:49:26 2012 us=490812 client_connect_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=490954 learn_address_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=491003 client_disconnect_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=491042 client_config_dir = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=491078 ccd_exclusive = DISABLED
Wed Jun 27 14:49:26 2012 us=491119 tmp_dir = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=491159 push_ifconfig_defined = DISABLED
Wed Jun 27 14:49:26 2012 us=491200 push_ifconfig_local = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=491242 push_ifconfig_remote_netmask = 0.0.0.0
Wed Jun 27 14:49:26 2012 us=491278 enable_c2c = DISABLED
Wed Jun 27 14:49:26 2012 us=491313 duplicate_cn = DISABLED
Wed Jun 27 14:49:26 2012 us=491349 cf_max = 0
Wed Jun 27 14:49:26 2012 us=540373 cf_per = 0
Wed Jun 27 14:49:26 2012 us=540422 max_clients = 1024
Wed Jun 27 14:49:26 2012 us=540460 max_routes_per_client = 256
Wed Jun 27 14:49:26 2012 us=540496 client_cert_not_required = DISABLED
Wed Jun 27 14:49:26 2012 us=540533 username_as_common_name = DISABLED
Wed Jun 27 14:49:26 2012 us=540572 auth_user_pass_verify_script = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=540646 auth_user_pass_verify_script_via_file = DISABLED
Wed Jun 27 14:49:26 2012 us=540686 client = ENABLED
Wed Jun 27 14:49:26 2012 us=540719 pull = ENABLED
Wed Jun 27 14:49:26 2012 us=540753 auth_user_pass_file = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=540796 show_net_up = DISABLED
Wed Jun 27 14:49:26 2012 us=540833 route_method = 0
Wed Jun 27 14:49:26 2012 us=540869 ip_win32_defined = DISABLED
Wed Jun 27 14:49:26 2012 us=540904 ip_win32_type = 3
Wed Jun 27 14:49:26 2012 us=540941 dhcp_masq_offset = 0
Wed Jun 27 14:49:26 2012 us=591036 dhcp_lease_time = 31536000
Wed Jun 27 14:49:26 2012 us=591081 tap_sleep = 0
Wed Jun 27 14:49:26 2012 us=591115 dhcp_options = DISABLED
Wed Jun 27 14:49:26 2012 us=591148 dhcp_renew = DISABLED
Wed Jun 27 14:49:26 2012 us=591182 dhcp_pre_release = DISABLED
Wed Jun 27 14:49:26 2012 us=591215 dhcp_release = DISABLED
Wed Jun 27 14:49:26 2012 us=591248 domain = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=591280 netbios_scope = '[UNDEF]'
Wed Jun 27 14:49:26 2012 us=591313 netbios_node_type = 0
Wed Jun 27 14:49:26 2012 us=591345 disable_nbt = DISABLED
Wed Jun 27 14:49:26 2012 us=591397 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Jun 27 14:49:26 2012 us=591669 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 27 14:49:26 2012 us=598673 LZO compression initialized
Wed Jun 27 14:49:26 2012 us=598961 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 27 14:49:26 2012 us=819534 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 27 14:49:26 2012 us=819731 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jun 27 14:49:26 2012 us=819781 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jun 27 14:49:26 2012 us=819866 Local Options hash (VER=V4): '41690919'
Wed Jun 27 14:49:26 2012 us=819924 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jun 27 14:49:26 2012 us=820144 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jun 27 14:49:26 2012 us=820210 UDPv4 link local: [undef]
Wed Jun 27 14:49:26 2012 us=820263 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Wed Jun 27 14:49:26 2012 us=885316 TLS: Initial packet from XXX.XXX.XXX.XXX:1194, sid=8da38feb f78663f9
Wed Jun 27 14:49:27 2012 us=433650 VERIFY ERROR: depth=1, error=certificate has expired: /C=__/ST=UnknownProvince/L=UnknownCity/O=UnknownOrg/OU=UnknownOrgUnit/CN=fzvniscrlxxiokw/name=fzvniscrlxxiokw/emailAddress=fzvniscrlxxiokw@wqqvwfxxvlkjtxn.com
Wed Jun 27 14:49:27 2012 us=433981 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Jun 27 14:49:27 2012 us=434031 TLS Error: TLS object -> incoming plaintext read error
Wed Jun 27 14:49:27 2012 us=434067 TLS Error: TLS handshake failed
Wed Jun 27 14:49:27 2012 us=434384 TCP/UDP: Closing socket
Wed Jun 27 14:49:27 2012 us=434612 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 27 14:49:27 2012 us=434657 Restart pause, 2 second(s)
Wed Jun 27 14:49:29 2012 us=419202 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 27 14:49:29 2012 us=419300 Re-using SSL/TLS context
Wed Jun 27 14:49:29 2012 us=419373 LZO compression initialized
Wed Jun 27 14:49:29 2012 us=419529 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 27 14:49:29 2012 us=420245 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 27 14:49:29 2012 us=420345 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jun 27 14:49:29 2012 us=420387 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jun 27 14:49:29 2012 us=420453 Local Options hash (VER=V4): '41690919'
Wed Jun 27 14:49:29 2012 us=420509 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jun 27 14:49:29 2012 us=420617 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jun 27 14:49:29 2012 us=420687 UDPv4 link local: [undef]
Wed Jun 27 14:49:29 2012 us=420724 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Wed Jun 27 14:49:29 2012 us=421275 TCP/UDP: Closing socket
Wed Jun 27 14:49:29 2012 us=422114 SIGTERM[hard,] received, process exiting

[yc3948]

client1.ovpn


client
remote xxxx.com 1194
dev tun
proto udp
status current_status
resolv-retry infinite
ns-cert-type server
verb 5

cipher BF-CBC
keysize 128

ca ca.crt
cert client1.crt
key client1.key

nobind
persist-key
persist-tun
comp-lzo

[yc3948]

1.jpg (69.31 KiB) Viewed 10421 times

[yc3948]

2.jpg (69.99 KiB) Viewed 10421 times

vexed vexed vexed

[yc3948]

3.jpg (34.28 KiB) Viewed 10420 times

[yc3948]

Any one can halp?

[Eric]

Did I not make myself clear above? What part of 'don't do that', all in caps, in red and bold did you have a problem understanding? Even after I posted that, you felt the need to post, again, in this thread. The only reason I haven't deleted that post is because I'd like anyone who comes across this to be fore-warned: posting your problem, especially with very few details, in multiple forums isn't the way to ask for help here.

Appending "bump" or something of that nature to your original post is acceptable -- that way you aren't double posting but indicating you still have the problem -- but starting multiple threads like this is not.

However... in this thread you do provide additional information and screenshots, and you do point out an issue that someone other than you might encounter. So.. in the interest of helping out other people with with the problem, people who most likely have better manners than you do and shouldn't be punished for your obnoxious behavior... let me address the issue you have posted about.

First, I notice this line

Code: Select all

Wed Jun 27 14:49:26 2012 us=591397 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

Gargoyle uses 2.1.4 of OpenVPN, and one of the directives in the config files Gargoyle generates isn't compatible with the 2.0.x releases. If you are using the Windows client from openvpn.se (it looks like you are), use the openvpn-2.1_beta7-gui-1.0.3-install.exe istead of the one marked as being based on 2.0 (even though that one is marked as stable while the other is not).

I suspect the issue with OpenVPN version is your problem, but there are three other potential pitfalls with connecting this way I should mention.

(1) It should go without saying that in addition to renaming the .config file to a .ovpn file the other files in the zip file should also be placed in the config directory.

(2) From the output above it looks like you have already done this, but it is important to edit the config (.ovpn) file and remove the "/etc/openvpn/" prefix from the lines that start with "ca" "cert" and "key". So,

Code: Select all

ca          /etc/openvpn/ca.crt
cert        /etc/openvpn/client1.crt
key         /etc/openvpn/client1.key

should be changed to:

Code: Select all

ca          ca.crt
cert        client1.crt
key         client1.key

Many linux/unix implementations put the config files in /etc/openvpn, but this won't work on a windows system, so this needs to be changed. Excluding the paths altogether as shown above should work on many linux systems too, so I will likely make this change in the next release.

(3) If you are trying to connect to the GUI from BEHIND the router, i.e. from one of the LAN clients and not from the WAN side, you may have problems. If you are trying to do this (though there really isn't any good reason to do so), you should edit the client config file and in the line that starts with "remote" switch the hostname or ip address there with the LAN ip address of the router (e.g. 192.168.1.1).

That should be enough to get you connected with this approach. I tested this today with Windows XP, openvpn-2.1_beta7-gui-1.0.3-install.exe and Gargoyle 1.5.5 on a TP-Link 1043ND earlier today, and it worked fine.

[yc3948]

Router models
I have 2 Buffalo WZR-HP-G300NH and 2 TP-Link TL-WR1043ND can use for this test

subnet IP ranges
Gargoyle Router
LAN IP Address:192.168.1.1
LAN Netmask:255.255.255.0

WAN IP Address:192.168.0.2
WAN Netmask:255.255.255.0
WAN Gateway IP:192.168.0.1
WAN DNS Server(s):202.27.158.40
203.180.129.67
8.8.8.8

ADSL2 Router
IP Address: 192.168.0.1
Subnet Mask: 255.255.255.0

DHCP Server: Enable
Start IP Address: 192.168.0.2
End IP Address: 192.168.0.11

diagram of your network
same ashttp://www.gargoyle-router.com/wiki/lib/exe/fe ... router.png but changer firewall to ADSL2 Router

and I use Version 1.5.5: OpenVPN and client run Windows XP, openvpn-2.1_beta7-gui-1.0.3-install.exe

still not working...

Did I not make myself clear above? What part of 'don't do that', all in caps, in red and bold did you have a problem understanding? Even after I posted that, you felt the need to post, again, in this thread. The only reason I haven't deleted that post is because I'd like anyone who comes across this to be fore-warned: posting your problem, especially with very few details, in multiple forums isn't the way to ask for help here.

Appending "bump" or something of that nature to your original post is acceptable -- that way you aren't double posting but indicating you still have the problem -- but starting multiple threads like this is not.

However... in this thread you do provide additional information and screenshots, and you do point out an issue that someone other than you might encounter. So.. in the interest of helping out other people with with the problem, people who most likely have better manners than you do and shouldn't be punished for your obnoxious behavior... let me address the issue you have posted about.

First, I notice this line

Code: Select all

Wed Jun 27 14:49:26 2012 us=591397 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

Gargoyle uses 2.1.4 of OpenVPN, and one of the directives in the config files Gargoyle generates isn't compatible with the 2.0.x releases. If you are using the Windows client from openvpn.se (it looks like you are), use the openvpn-2.1_beta7-gui-1.0.3-install.exe istead of the one marked as being based on 2.0 (even though that one is marked as stable while the other is not).

I suspect the issue with OpenVPN version is your problem, but there are three other potential pitfalls with connecting this way I should mention.

(1) It should go without saying that in addition to renaming the .config file to a .ovpn file the other files in the zip file should also be placed in the config directory.

(2) From the output above it looks like you have already done this, but it is important to edit the config (.ovpn) file and remove the "/etc/openvpn/" prefix from the lines that start with "ca" "cert" and "key". So,

Code: Select all

ca          /etc/openvpn/ca.crt
cert        /etc/openvpn/client1.crt
key         /etc/openvpn/client1.key

should be changed to:

Code: Select all

ca          ca.crt
cert        client1.crt
key         client1.key

Many linux/unix implementations put the config files in /etc/openvpn, but this won't work on a windows system, so this needs to be changed. Excluding the paths altogether as shown above should work on many linux systems too, so I will likely make this change in the next release.

(3) If you are trying to connect to the GUI from BEHIND the router, i.e. from one of the LAN clients and not from the WAN side, you may have problems. If you are trying to do this (though there really isn't any good reason to do so), you should edit the client config file and in the line that starts with "remote" switch the hostname or ip address there with the LAN ip address of the router (e.g. 192.168.1.1).

That should be enough to get you connected with this approach. I tested this today with Windows XP, openvpn-2.1_beta7-gui-1.0.3-install.exe and Gargoyle 1.5.5 on a TP-Link 1043ND earlier today, and it worked fine.