IPSEC not available?

  • Question
  • Updated 5 years ago
using the free edition, attempting to test the connectivity. I have gotten to the point of creating a VPN tunnel but under Peering, do not have the ipsec option.
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Pat K

Pat K, Official Rep

  • 169 Posts
  • 17 Reply Likes
Hi Frank,

2 possibilities.

IPsec is accessed via a menu item on the left side of the web-ui which says "IPsec" - not on the peering page. Did your eyes skip over it?

Or - you have the Cloud Only - Trial Edition instead of the Datacenter Connect Trial Edition? Here is the one you need to eval IPsec connectivity.

http://www.cohesiveft.com/Cube/VPN/VP...

Thanks,

Pat K
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes
apparently, we are not using the proper one.
Photo of Pat K

Pat K, Official Rep

  • 169 Posts
  • 17 Reply Likes
If there are details of your evaluation you don't want to post to a public forum please feel free to ping us at support (at) cohesiveft.com

pk
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes
I have switched over to the proper version and made it much further than before. However, I'm stuck at the point of launching OpenVPN in our instances. From the config pdf I have gotten to page 42 under installing openvpn on windows clients.
When I attempt to connect, I get the following:
Fri Jul 23 15:59:08 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 23 15:59:08 2010 Re-using SSL/TLS context
Fri Jul 23 15:59:08 2010 LZO compression initialized
Fri Jul 23 15:59:08 2010 UDPv4 link local: [undef]
Fri Jul 23 15:59:08 2010 UDPv4 link remote: 10.208.182.83:1194

and it just cycles through that over and over.

I've added access for the current system I'm working on (the internal IP) to the vpncubed-mgrs group in order to explicity allow the access but it does nothing.
Photo of Pat K

Pat K, Official Rep

  • 169 Posts
  • 17 Reply Likes
Hi Frank,

Usually this is a security group issue - but you say here that you opened UDP 1194 from the current system to the vpncubed-mgrs group.

Just to double check:

- you launched the manager with the group that you added the access to (we make this mistake, sometimes you edit group FOO in us-east and you meant us-west)

- you opened up 1194 UDP not TCP, a lot of the tools have TCP as the default and it is easy to forget to shift it to udp (we make this mistake too!)

- You installed openvpn 2.1.1 via the .exe at the dowmload site, not via the MSI?

- You installed it as "Admiistrator"

- You ran it as "Administrator"

Cheers,

Pat K
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes
The manager was launched with the correct group/region
Opened UDP, not tcp
installed using the exe as administrator
running it as administrator
Photo of Pat K

Pat K, Official Rep

  • 169 Posts
  • 17 Reply Likes
- Even though it is a single manager configuration, you still need to "peer" the manager. Did you define manager 1 as "this instance" in the peering step?

- Did you get a clientpack from the manager and put it in the Blah\Program Files\openvpn\config directory

- In doing so rename the vpncubed.conf file to vpncubed.ovpn?
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes
under peering, i show Manager#1 this instance
yep, copied contents from the client pack into the config directory
renamed .conf to .ovpn
Also, added remote 1194 to the ovpn file as indicated. As a test, I changed this to the public IP with no success.
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes
if following the instructions as is, should I be able to ping the internal IP of the manager from the client instance?
Photo of Pat K

Pat K, Official Rep

  • 169 Posts
  • 17 Reply Likes
Yes. You should be able to ping 172.31.1.1 (if your Windows Firewall allows or is off)

And you definitely downloaded this:http://openvpn.net/index.php/open-sou... (2.1.1.exe)

and NOT this: http://openvpn.net/index.php/openvpn-...
Photo of FrankF

Frank

  • 7 Posts
  • 0 Reply Likes
yes, openvpn-2.1.1-install.exe is the file I am using for the install.

My question regarding pinging the manager...
Thats the IP I would see AFTER making the connection isn't it?

When I look at the instances in amazon, the vpncubed instance has an internal dns entry of (as an example) domU-12-34-56-78-90-AB.compute-1.internal which resolves to a 10.x.x.x IP when i try to ping it. I do not get any response though. Should I?
Photo of Pat K

Pat K, Official Rep

  • 169 Posts
  • 17 Reply Likes
No - that is outside the overlay - that would require ICMP to be open in the security group.

please email support (at) cohesiveft.com so we can maybe close the loop more quickly on IM or screen share.