openvpn connection issue
 

I have been trying to get HotspotVPN's openvpn service working on my N800 (OS2008) but have not been successful.

Here is the log:

Nokia-N800-50-2:/media/mmc1/hotspotvpn2# openvpn hotspotvpn2.ovpn
Fri Mar 28 13:03:02 2008 OpenVPN 2.0.9 arm-unknown-linux-gnueabi [SSL] [LZO] [EPOLL] built on Jan 11 2008
Fri Mar 28 13:03:02 2008 WARNING: file 'XXXXX.com.key' is group or others accessible
Fri Mar 28 13:03:02 2008 WARNING: file 'ta.key' is group or others accessible
Fri Mar 28 13:03:02 2008 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Mar 28 13:03:02 2008 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 28 13:03:02 2008 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 28 13:03:02 2008 LZO compression initialized
Fri Mar 28 13:03:02 2008 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Mar 28 13:03:02 2008 RESOLVE: NOTE: hoosac.dcsanswires.com resolves to 3 addresses, choosing one by random
Fri Mar 28 13:03:02 2008 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Mar 28 13:03:02 2008 Local Options hash (VER=V4): 'ee93268d'
Fri Mar 28 13:03:02 2008 Expected Remote Options hash (VER=V4): 'bd577cd1'
Fri Mar 28 13:03:02 2008 Attempting to establish TCP connection with 64.27.12.216:443
Fri Mar 28 13:03:02 2008 TCP connection established with 64.27.12.216:443
Fri Mar 28 13:03:02 2008 TCPv4_CLIENT link local: [undef]
Fri Mar 28 13:03:02 2008 TCPv4_CLIENT link remote: 64.27.12.216:443
Fri Mar 28 13:03:03 2008 TLS: Initial packet from 64.27.12.216:443, sid=c8f4bdc8 b9530b75
Fri Mar 28 13:03:10 2008 VERIFY OK: depth=1, /C=US/ST=DC/L=DistrictOfColumbia/O=HotSpotVPN/OU=/CN=WiFiConsulting/emailAddress=pki@w.com
Fri Mar 28 13:03:10 2008 VERIFY OK: nsCertType=SERVER
Fri Mar 28 13:03:10 2008 VERIFY OK: depth=0, /C=US/ST=DC/O=HotSpotVPN/OU=ting/CN=server/emailAddress=pki@w.com
Fri Mar 28 13:03:15 2008 Connection reset, restarting [0]
Fri Mar 28 13:03:15 2008 TCP/UDP: Closing socket
Fri Mar 28 13:03:15 2008 SIGUSR1[soft,connection-reset] received, process restarting
Fri Mar 28 13:03:15 2008 Restart pause, 5 second(s)
Fri Mar 28 13:03:20 2008 Re-using SSL/TLS context
Fri Mar 28 13:03:20 2008 LZO compression initialized
Fri Mar 28 13:03:20 2008 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]

The connection restarts over and over. Has anyone come across this problem? This issue is specific to openvpn on N800. because when I tried to connect on Ubuntu, the connection went through without any problems.

Log on Ubuntu:

Fri Mar 28 13:17:57 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 21 2007
Fri Mar 28 13:17:57 2008 WARNING: file 'xxxx@yahoo.com.key' is group or others accessible
Fri Mar 28 13:17:57 2008 WARNING: file 'ta.key' is group or others accessible
Fri Mar 28 13:17:57 2008 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Mar 28 13:17:57 2008 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 28 13:17:57 2008 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 28 13:17:57 2008 LZO compression initialized
Fri Mar 28 13:17:57 2008 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Mar 28 13:17:58 2008 RESOLVE: NOTE: hoosac.dcsanswires.com resolves to 3 addresses, choosing one by random
Fri Mar 28 13:17:58 2008 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Mar 28 13:17:58 2008 Local Options hash (VER=V4): 'ee93268d'
Fri Mar 28 13:17:58 2008 Expected Remote Options hash (VER=V4): 'bd577cd1'
Fri Mar 28 13:17:58 2008 Attempting to establish TCP connection with 67.159.37.136:443
Fri Mar 28 13:17:58 2008 TCP connection established with 67.159.37.136:443
Fri Mar 28 13:17:58 2008 TCPv4_CLIENT link local: [undef]
Fri Mar 28 13:17:58 2008 TCPv4_CLIENT link remote: 67.159.37.136:443
Fri Mar 28 13:17:58 2008 TLS: Initial packet from 67.159.37.136:443, sid=a30446ab 75b18a95
Fri Mar 28 13:18:03 2008 VERIFY OK: depth=1, /C=US/ST=DC/L=DistrictOfColumbia/O=HotSpotVPN/OU=Wi/CN=Witing/emailAddress=pki@wcom
Fri Mar 28 13:18:03 2008 VERIFY OK: nsCertType=SERVER
Fri Mar 28 13:18:03 2008 VERIFY OK: depth=0, /C=US/ST=DC/O=HotSpotVPN/OU=W/CN=server/emailAddress=pki@wi.com
Fri Mar 28 13:18:12 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 28 13:18:12 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 28 13:18:12 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 28 13:18:12 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 28 13:18:12 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Mar 28 13:18:12 2008 [server] Peer Connection Initiated with 67.159.37.136:443

is this a openvpn bug? any help would be appreciated.

Re: openvpn connection issue
 

Trying UDP settings in the ovpn config file (suggested by hotspotvpn support) got me through:
port 53
proto udp

This initially caused a problem because 53 was taken by dnsmasq so I changed /etc/init.d/dnsmasq and added the '-p 55' option to the startup options so that dnsmasq uses port 55.

But I am still having a dns issue as I posted in another thread

Re: openvpn connection issue
 

53 udp is standard port for dns. dnsmasq is the local dns-cache running on the nit for getting together the different dns servers from the different interfaces (resolv.confs in /tmp) when you changed the port to 55 your local dns (127.0.0.1) is likely unusable and you must have the providers dns server in /etc/resolv.conf instead of nameserver 127.0.0.1.

Re: openvpn connection issue
 

You are correct. I had to included an entry for the vpn provider's nameserver to get things going. I thought I was done when nslookups started to work but was disappointed when I couldn't access any websites in the browser.