Re: [Openvpn-users] openvpn on linux doesn't work anymore

[dario g. <scu...@gm...>]

hi,with the script works fine,the interface goes up and take ip address.now
i have to solve the gateway problem.
i'v noticed that openvpn tries to add this rule /sbin/route add -net 0.0.0.0
netmask 0.0.0.0 gw 10.0.8.1 but fails because tap0 hasn't already got an ip
address
if i add this rule manually after that the vpn works correctly.i've tried to
ad the rule in my openvpn-up script but obviously it doesn't work because
when it start
the tap0 hasn't already got an ip.i need a condition "if tap0 has got an ip
give this command..." how can i do?other solutions?
thank you very much ;)
dario





------------------------------------------
Hi,

Dario wrote:

> nothing change :(
> same errors.how can i do?
>
>
>  weird... try changing it to
 script-security 3 system
 up /root/openvpn-up.sh
and then create a scriptlet /root/openvpn-up.sh :

#!/bin/bash
/sbin/ifconfig tap0 up
/sbin/dhclient -e tap0

and do a
 chmod 755 /root/openvpn-up.sh
before trying again


cheers,

JJK


>  Hi Dario,
>>
>> just to test, try adding the line
>>  --script-security 3 system
>> to your server config file and try again.
>>
>> (see openvpn 2.1 manual page:
>>  The --script-security option was introduced in OpenVPN 2.1_rc9. For
>> configuration file compatibility with previous OpenVPN versions, use:
>> --script-security 3 system
>>
>> )
>>
>> If that does work for you then try modifying your config scripts so that
>> you use 'script-security 1 or 2'
>>
>> HTH,
>>
>> JJK
>>
>> dario govi wrote:
>>
>>> hi guys,i've just installed openvpn for the 2nd time on my ubuntu (also
>>> on fedora 10 )machine and it give to me some problems.i've also installed 3
>>> month ago with the same conf file and it worked fine!
>>> the server is ok,it work fine since december...the problem is in the
>>> client.this is my conf file
>>> remote 193.206.188.9 5002
>>> dev tap
>>> proto tcp-client
>>> tls-client
>>> #up "ifconfig tap0 up;dhclient -e tap0;echo;"
>>> #up-delay
>>> ca /etc/openvpn/keyrpovas/CA1.crt
>>> cert /etc/openvpn/keyrpovas/client2.crt
>>> key /etc/openvpn/keyrpovas/client2.key
>>> script-security 2
>>> ping 10
>>> verb 8
>>> mute 10
>>> pull #route-gateway 10.0.8.1
>>> #redirect-gateway
>>>
>>> i've got a dhcp server on the other side so my up commands are
>>> necessary.as <http://necessary.as> you can see i had to comment the up
>>> commands,if not i receive this error
>>>
>>> Mon Apr 20 14:27:56 2009 us=590490 TUN/TAP device tap0 opened
>>> Mon Apr 20 14:27:56 2009 us=590557 TUN/TAP TX queue length set to 100
>>> Mon Apr 20 14:27:56 2009 us=590676 ifconfig tap0 up;dhclient -e
>>> tap0;echo; tap0 1500 1575   init
>>> Mon Apr 20 14:27:56 2009 us=591658 script failed: could not execute
>>> external program
>>> Mon Apr 20 14:27:56 2009 us=591718 Exiting
>>>
>>> i also need the options route-gateway and redirect gateway but i receive
>>> this other error
>>>
>>> Mon Apr 20 14:42:05 2009 us=406582 /sbin/route add -net 0.0.0.0 netmask
>>> 0.0.0.0 gw 10.0.8.1
>>> SIOCADDRT: No such process
>>>
>>> it's very strange because it worked perfectly with old installation until
>>> 2 month ago.it <http://ago.it> give the same errors both with ubuntu and
>>> fedora 10.bye and thanks ;)
>>> dario
>>>
>>