Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




4201 posts

Uber Geek


# 89927 11-Sep-2011 17:07
Send private message

Hi everyone,
Having a bit of trouble establishing a connection with Astrill when in openVPN mode. Works fine in openWeb. I have contacted astril support, who are great, but i am too impatient to wait lol.
Here are the logs when trying the LA 1 server...TCP:
[9/11/2011 11:45:22] Detected local IP: 192.168.1.104
[9/11/2011 11:45:22] Detected default gateway: 192.168.1.1
[9/11/2011 11:45:23] OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] built on Oct 12 2010
[9/11/2011 11:45:23] Need hold release from management interface, waiting...
[9/11/2011 11:45:23] Flushing routing cache...
[9/11/2011 11:45:24] Terminated

UDP:
[9/11/2011 11:46:24] Detected local IP: 192.168.1.104
[9/11/2011 11:46:24] Detected default gateway: 192.168.1.1
[9/11/2011 11:46:25] OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] built on Oct 12 2010
[9/11/2011 11:46:25] Need hold release from management interface, waiting...
[9/11/2011 11:46:25] Flushing routing cache...
[9/11/2011 11:46:26] Terminated

any ideas?

Cheers,
Sam

Create new topic
15205 posts

Uber Geek

Trusted
Subscriber

  # 519792 12-Sep-2011 09:31
Send private message

Sometimes LA1 doesn't work, it's the default and probably just gets overloaded. Try Canada or one of the other servers with a * beside the name.



4201 posts

Uber Geek


  # 519894 12-Sep-2011 12:35
Send private message

Tried heaps of different servers and no luck on any. Im thinking it is something on my end.

Im running a cisco router. Wondering if i need to add extra ports to the access lists? port 443 is allowed through though so im a bit puzzled as to why it didnt connect with tcp

 
 
 
 




4201 posts

Uber Geek


  # 519899 12-Sep-2011 12:39
Send private message

Just got an email back from support...
They have said it is probably the firewall on my computer. Well i have turned off windows firewall so it must be the cisco firewall..
Here is a part of the config:
no ip bootp server
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall sip
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall skinny
ip audit notify log
ip audit po max-events 100
ip audit name intrusion info action alarm
ip audit name intrusion attack action alarm drop reset

anything in there i need to remove? or add?

and here is my access list's...
access-list 1 remark The local LAN.
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 101 permit icmp any any packet-too-big
access-list 101 deny tcp any any eq 22
access-list 101 deny tcp any any eq telnet
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.1.1
access-list 102 deny ip any host 192.168.1.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log

will be doing some googling but would love to hear everyones comments.

15205 posts

Uber Geek

Trusted
Subscriber

  # 519900 12-Sep-2011 12:41
Send private message

Try turning off the firewall completely for a minute then connecting. If it works, enable the firewall and try to work out what ports it's using.



4201 posts

Uber Geek


  # 520105 12-Sep-2011 18:34
Send private message

Turning off the firewall isnt that easy for me as I have to re-write the config. I know it uses 443 for tcp connection.

Someone must have used atrill with a cisco router. I cant be the first lol



4201 posts

Uber Geek


  # 520924 14-Sep-2011 12:57
Send private message

So trying to eliminate stuff...
Plugged in an old Netcom nb6 to replace the cisco router for now.
-No change-
Turned off firewall in wireless AP (I forgot that was still on. should be off anyways)
-No change-
Disable AVG
-No change-

WTF IS GOING ON!?!

Tearing my hair out on this one



4201 posts

Uber Geek


  # 520926 14-Sep-2011 13:01
Send private message

Have tried a TCP connection on ports 80, 443 & 8292.
Log keeps showing the same thing:
[9/14/2011 12:59:12] Detected local IP: 192.168.1.4
[9/14/2011 12:59:12] Detected default gateway: 192.168.1.1
[9/14/2011 12:59:13] OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] built on Oct 12 2010
[9/14/2011 12:59:13] Need hold release from management interface, waiting...
[9/14/2011 12:59:13] [Debug] Management Interface is disconnected
[9/14/2011 12:59:13] [Debug] MgmtProcess raised exception - Connection Closed Gracefully.
[9/14/2011 12:59:13] Flushing routing cache...
[9/14/2011 12:59:14] Terminated

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35


Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24


The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52


Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.