Menu
▾
▴
openvpn-users
|
From: <vin...@ya...> - 2004-04-18 19:02:00
|
I have OpenVPN installed on my Fedora server and my Macos 10.3 laptop as the client (with tunnel-1.2.1 installed and loaded). Intranet network is 192.168.0.0 mask 255.255.255.0 fedora eth0: 192.168.0.252 fedora eth1 (pretend this is my public ip): 192.168.1.1 Macos en0 (my client machine): 192.168.1.2 My config file (static-home.conf) is: dev tap remote 192.168.1.1 ifconfig 192.168.0.10 255.255.255.0 up ./home.up secret static.key comp-lzo verb 3 When I run "sudo openvpn --config static-home.conf" I get the following: 0: OpenVPN 1.6_rc4 powerpc-apple-darwin7.3.0 [SSL] [LZO] built on Apr 18 2004 1: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key 2: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 3: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key 4: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 5: LZO compression initialized 6: Cannot allocate TUN/TAP dev dynamically 7: Exiting I ran kextload and got "kextload: /System/Library/Extensions/tunnel.kext loaded successfully" so I know the tunnel is working and the devices are there. Any ideas as to why it isn't working? Thanks, Vincent. ____________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html |
|
From: Tim W. <ti...@th...> - 2007-01-09 20:35:41
|
Hi,=20 I'm trying to make a VPN connection from openvpn 2.0.9 on RHL7 to openvpn=20 2.0.7 on CentOS 4.4. I've attempted to follow the instructions from=20 http://openvpn.net/howto.html#quick The CentOS box is the server in my environment and the RHL7 box is the clie= nt.=20 I created the server keys and the client keys on the CentOS box and scp'd t= he=20 client keys to the RHL7 box. I can start the server on the CentOS box and sorta get a connection from th= e=20 RHL7 client. This is the text of the output when running=20 # openvpn /etc/openvpn/server.conf Tue Jan 9 15:17:31 2007 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO]=20 [EPOLL] built on Apr 29 2006 Tue Jan 9 15:17:31 2007 Diffie-Hellman initialized with 1024 bit key Tue Jan 9 15:17:31 2007 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0= =20 EL:0 ] Tue Jan 9 15:17:31 2007 TUN/TAP device tun0 opened Tue Jan 9 15:17:31 2007 /sbin/ip link set dev tun0 up mtu 1500 Tue Jan 9 15:17:31 2007 /sbin/ip addr add dev tun0 local 10.8.0.1 peer=20 10.8.0.2Tue Jan 9 15:17:31 2007 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2 Tue Jan 9 15:17:31 2007 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:13= 5=20 ET:0 EL:0 AF:3/1 ] Tue Jan 9 15:17:31 2007 GID set to nobody Tue Jan 9 15:17:31 2007 UID set to nobody Tue Jan 9 15:17:31 2007 Listening for incoming TCP connection on [undef]:1= 194 Tue Jan 9 15:17:31 2007 TCPv4_SERVER link local (bound): [undef]:1194 Tue Jan 9 15:17:31 2007 TCPv4_SERVER link remote: [undef] Tue Jan 9 15:17:31 2007 MULTI: multi_init called, r=3D256 v=3D256 Tue Jan 9 15:17:31 2007 IFCONFIG POOL: base=3D10.8.0.4 size=3D62 Tue Jan 9 15:17:31 2007 IFCONFIG POOL LIST Tue Jan 9 15:17:31 2007 ServerName,10.8.0.4 Tue Jan 9 15:17:31 2007 MULTI: TCP INIT maxclients=3D1024 maxevents=3D1028 Tue Jan 9 15:17:31 2007 Initialization Sequence Completed # egrep -v "^(#|*$|;)" server.conf port 1194 proto tcp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/server.key # This file should be kept secret dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-to-client keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3 and when running # openvpn ./client.conf Tue Jan 9 14:54:14 2007 VERIFY OK:=20 depth=3D0, /C=3DUS/ST=3DNA/O=3DOrgName/CN=3DCommonName/Ema...@e-... Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized= =20 with 128 bit key Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Using 160 bit message=20 hash 'SHA1' for HMAC authentication Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized= =20 with 128 bit key Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Using 160 bit message=20 hash 'SHA1' for HMAC authentication Tue Jan 9 14:54:14 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3=20 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA Tue Jan 9 14:54:14 2007 [ServerName] Peer Connection Initiated with=20 192.168.1.252:1194 Tue Jan 9 14:54:15 2007 SENT CONTROL [ServerName]: 'PUSH_REQUEST'=20 (status=3D1)Tue Jan 9 14:54:15 2007 PUSH: Received control=20 message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart=20 120,ifconfig 10.8.0.6 10.8.0.5' Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: timers and/or timeouts modified Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: --ifconfig/up options modified Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: route options modified Tue Jan 9 14:54:15 2007 Cannot allocate TUN/TAP dev dynamically Tue Jan 9 14:54:15 2007 Exiting # egrep -v "^(#|*$|;)" client.conf client dev tun proto tcp remote serverDomain 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca /etc/openvpn/clientkeys/ca.crt cert /etc/openvpn/clientkeys/client.crt key /etc/openvpn/clientkeys/client.key comp-lzo verb 3 What am I missing? Thanks,=20 Tim =2D-=20 =46edora Core release 5 (Bordeaux), Linux 2.6.18-1.2257.fc5 14:50:01 up 6 days, 35 min, 2 users, load average: 0.36, 0.28, 0.19 MP3/OGG archive Total playlength : 9 days, 8 hours, 14 mins 50 seconds "It's what you learn after you know it all that counts" John Wooden |
|
From: Mike H. <mha...@fu...> - 2007-01-09 22:43:03
|
Hey Tim, a couple of things to check on the client machine: 1. Is TUN/TAP support enabled in the kernel (either compiled in or as a module)? 2. If as a module, is it loaded prior to starting OpenVPN? e.g. modprobe tun 3. Did you create the tun character device? e.g. mkdir /dev/net mknod /dev/net/tun c 10 200 -- Mike Tim Wunder wrote: > Hi, > I'm trying to make a VPN connection from openvpn 2.0.9 on RHL7 to openvpn > 2.0.7 on CentOS 4.4. I've attempted to follow the instructions from > http://openvpn.net/howto.html#quick > > The CentOS box is the server in my environment and the RHL7 box is the client. > I created the server keys and the client keys on the CentOS box and scp'd the > client keys to the RHL7 box. > > I can start the server on the CentOS box and sorta get a connection from the > RHL7 client. This is the text of the output when running > # openvpn /etc/openvpn/server.conf > Tue Jan 9 15:17:31 2007 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] > [EPOLL] built on Apr 29 2006 > Tue Jan 9 15:17:31 2007 Diffie-Hellman initialized with 1024 bit key > Tue Jan 9 15:17:31 2007 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 > EL:0 ] > Tue Jan 9 15:17:31 2007 TUN/TAP device tun0 opened > Tue Jan 9 15:17:31 2007 /sbin/ip link set dev tun0 up mtu 1500 > Tue Jan 9 15:17:31 2007 /sbin/ip addr add dev tun0 local 10.8.0.1 peer > 10.8.0.2Tue Jan 9 15:17:31 2007 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2 > Tue Jan 9 15:17:31 2007 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 > ET:0 EL:0 AF:3/1 ] > Tue Jan 9 15:17:31 2007 GID set to nobody > Tue Jan 9 15:17:31 2007 UID set to nobody > Tue Jan 9 15:17:31 2007 Listening for incoming TCP connection on [undef]:1194 > Tue Jan 9 15:17:31 2007 TCPv4_SERVER link local (bound): [undef]:1194 > Tue Jan 9 15:17:31 2007 TCPv4_SERVER link remote: [undef] > Tue Jan 9 15:17:31 2007 MULTI: multi_init called, r=256 v=256 > Tue Jan 9 15:17:31 2007 IFCONFIG POOL: base=10.8.0.4 size=62 > Tue Jan 9 15:17:31 2007 IFCONFIG POOL LIST > Tue Jan 9 15:17:31 2007 ServerName,10.8.0.4 > Tue Jan 9 15:17:31 2007 MULTI: TCP INIT maxclients=1024 maxevents=1028 > Tue Jan 9 15:17:31 2007 Initialization Sequence Completed > > > # egrep -v "^(#|*$|;)" server.conf > port 1194 > proto tcp > dev tun > ca /etc/openvpn/easy-rsa/keys/ca.crt > cert /etc/openvpn/easy-rsa/keys/server.crt > key /etc/openvpn/server.key # This file should be kept secret > dh /etc/openvpn/easy-rsa/keys/dh1024.pem > server 10.8.0.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > client-to-client > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 3 > > > > and when running > # openvpn ./client.conf > Tue Jan 9 14:54:14 2007 VERIFY OK: > depth=0, /C=US/ST=NA/O=OrgName/CN=CommonName/Ema...@e-... > Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized > with 128 bit key > Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Using 160 bit message > hash 'SHA1' for HMAC authentication > Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized > with 128 bit key > Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Using 160 bit message > hash 'SHA1' for HMAC authentication > Tue Jan 9 14:54:14 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 > EDH-RSA-DES-CBC3-SHA, 1024 bit RSA > Tue Jan 9 14:54:14 2007 [ServerName] Peer Connection Initiated with > 192.168.1.252:1194 > Tue Jan 9 14:54:15 2007 SENT CONTROL [ServerName]: 'PUSH_REQUEST' > (status=1)Tue Jan 9 14:54:15 2007 PUSH: Received control > message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart > 120,ifconfig 10.8.0.6 10.8.0.5' > Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: timers and/or timeouts modified > Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: --ifconfig/up options modified > Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: route options modified > Tue Jan 9 14:54:15 2007 Cannot allocate TUN/TAP dev dynamically > Tue Jan 9 14:54:15 2007 Exiting > > # egrep -v "^(#|*$|;)" client.conf > client > dev tun > proto tcp > remote serverDomain 1194 > resolv-retry infinite > nobind > user nobody > group nobody > persist-key > persist-tun > ca /etc/openvpn/clientkeys/ca.crt > cert /etc/openvpn/clientkeys/client.crt > key /etc/openvpn/clientkeys/client.key > comp-lzo > verb 3 > > What am I missing? > > Thanks, > Tim > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users |
|
From: Tim W. <ti...@th...> - 2007-01-10 14:01:27
|
Hi Mike The client machine is running an old linux kernel, 2.4.22, I don't see=20 anything tun or tap related after an 'lsmod' I don't seem to have any tun.o module, but there is an ethertap.o module th= at=20 I loaded this morning. I also created the tun character device as described= =20 in your post.=20 It has made no difference, I continue to get the same error. I looked at th= e=20 kernel's 'make xconfig' and don't see where I enable the tun module.=20 I tried commenting out /dev/tun and uncommenting /dev/tap in both the=20 client.conf and server.conf files to see if loading ethertap.o and trying t= o=20 use tap would make it better. Still no change in results... I'm starting to think I'm going to need to update this RHL7 box to somethin= g=20 more current, like CentOS 4.4, or Fedora Core 6 in order to get this to wor= k=20 (probly somethign I should do anyway). Regards,=20 Tim On Tuesday 09 January 2007 5:24 pm, Mike Hambidge wrote: > Hey Tim, a couple of things to check on the client machine: > > 1. Is TUN/TAP support enabled in the kernel (either compiled in or as a > module)? > 2. If as a module, is it loaded prior to starting OpenVPN? e.g. > modprobe tun > 3. Did you create the tun character device? e.g. > mkdir /dev/net > mknod /dev/net/tun c 10 200 > > -- Mike > > Tim Wunder wrote: > > Hi, > > I'm trying to make a VPN connection from openvpn 2.0.9 on RHL7 to openv= pn > > 2.0.7 on CentOS 4.4. I've attempted to follow the instructions from > > http://openvpn.net/howto.html#quick > > > > The CentOS box is the server in my environment and the RHL7 box is the > > client. I created the server keys and the client keys on the CentOS box > > and scp'd the client keys to the RHL7 box. > > > > I can start the server on the CentOS box and sorta get a connection from > > the RHL7 client. This is the text of the output when running > > # openvpn /etc/openvpn/server.conf > > Tue Jan 9 15:17:31 2007 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] > > [EPOLL] built on Apr 29 2006 > > Tue Jan 9 15:17:31 2007 Diffie-Hellman initialized with 1024 bit key > > Tue Jan 9 15:17:31 2007 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 > > ET:0 EL:0 ] > > Tue Jan 9 15:17:31 2007 TUN/TAP device tun0 opened > > Tue Jan 9 15:17:31 2007 /sbin/ip link set dev tun0 up mtu 1500 > > Tue Jan 9 15:17:31 2007 /sbin/ip addr add dev tun0 local 10.8.0.1 peer > > 10.8.0.2Tue Jan 9 15:17:31 2007 /sbin/ip route add 10.8.0.0/24 via > > 10.8.0.2 Tue Jan 9 15:17:31 2007 Data Channel MTU parms [ L:1544 D:1450 > > EF:44 EB:135 ET:0 EL:0 AF:3/1 ] > > Tue Jan 9 15:17:31 2007 GID set to nobody > > Tue Jan 9 15:17:31 2007 UID set to nobody > > Tue Jan 9 15:17:31 2007 Listening for incoming TCP connection on > > [undef]:1194 Tue Jan 9 15:17:31 2007 TCPv4_SERVER link local (bound): > > [undef]:1194 Tue Jan 9 15:17:31 2007 TCPv4_SERVER link remote: [undef] > > Tue Jan 9 15:17:31 2007 MULTI: multi_init called, r=3D256 v=3D256 > > Tue Jan 9 15:17:31 2007 IFCONFIG POOL: base=3D10.8.0.4 size=3D62 > > Tue Jan 9 15:17:31 2007 IFCONFIG POOL LIST > > Tue Jan 9 15:17:31 2007 ServerName,10.8.0.4 > > Tue Jan 9 15:17:31 2007 MULTI: TCP INIT maxclients=3D1024 maxevents=3D= 1028 > > Tue Jan 9 15:17:31 2007 Initialization Sequence Completed > > > > > > # egrep -v "^(#|*$|;)" server.conf > > port 1194 > > proto tcp > > dev tun > > ca /etc/openvpn/easy-rsa/keys/ca.crt > > cert /etc/openvpn/easy-rsa/keys/server.crt > > key /etc/openvpn/server.key # This file should be kept secret > > dh /etc/openvpn/easy-rsa/keys/dh1024.pem > > server 10.8.0.0 255.255.255.0 > > ifconfig-pool-persist ipp.txt > > client-to-client > > keepalive 10 120 > > comp-lzo > > user nobody > > group nobody > > persist-key > > persist-tun > > status openvpn-status.log > > verb 3 > > > > > > > > and when running > > # openvpn ./client.conf > > Tue Jan 9 14:54:14 2007 VERIFY OK: > > depth=3D0, /C=3DUS/ST=3DNA/O=3DOrgName/CN=3DCommonName/Email=3Dmy@e-mai= l.com > > Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Cipher 'BF-CBC' > > initialized with 128 bit key > > Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Using 160 bit message > > hash 'SHA1' for HMAC authentication > > Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Cipher 'BF-CBC' > > initialized with 128 bit key > > Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Using 160 bit message > > hash 'SHA1' for HMAC authentication > > Tue Jan 9 14:54:14 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 > > EDH-RSA-DES-CBC3-SHA, 1024 bit RSA > > Tue Jan 9 14:54:14 2007 [ServerName] Peer Connection Initiated with > > 192.168.1.252:1194 > > Tue Jan 9 14:54:15 2007 SENT CONTROL [ServerName]: 'PUSH_REQUEST' > > (status=3D1)Tue Jan 9 14:54:15 2007 PUSH: Received control > > message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart > > 120,ifconfig 10.8.0.6 10.8.0.5' > > Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: timers and/or timeouts modified > > Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: --ifconfig/up options modified > > Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: route options modified > > Tue Jan 9 14:54:15 2007 Cannot allocate TUN/TAP dev dynamically > > Tue Jan 9 14:54:15 2007 Exiting > > > > # egrep -v "^(#|*$|;)" client.conf > > client > > dev tun > > proto tcp > > remote serverDomain 1194 > > resolv-retry infinite > > nobind > > user nobody > > group nobody > > persist-key > > persist-tun > > ca /etc/openvpn/clientkeys/ca.crt > > cert /etc/openvpn/clientkeys/client.crt > > key /etc/openvpn/clientkeys/client.key > > comp-lzo > > verb 3 > > > > What am I missing? > > > > Thanks, > > Tim > > > > > > > > ------------------------------------------------------------------------ > > > > -----------------------------------------------------------------------= =2D- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share > > your opinions on IT & business topics through brief surveys - and earn > > cash > > http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID= =3DDEVDEV > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Openvpn-users mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openvpn-users |
|
From: Mike H. <mha...@fu...> - 2007-01-10 16:41:31
|
I don't have any experience with the 2.4 kernel, but I imagine it
includes TUN/TAP support. For the 2.6.17 kernel I'm running, the TUN/TAP
support is located in xconfig under:
->Device Drivers
->Network Device Support
-> Universal TUN/TAP device driver support
Once enabled, the ".config" file will contain:
CONFIG_TUN=y
If compiled as a module (CONFIG_TUN=m) the module name will be named "tun"
The openvpn man page has more information concerning TUN/TAP setup. Just
search for "TUN/TAP DRIVER SETUP". You can view the man page online at:
http://openvpn.net/man.html
-- Mike
Tim Wunder wrote:
> Hi Mike
>
> The client machine is running an old linux kernel, 2.4.22, I don't see
> anything tun or tap related after an 'lsmod'
> I don't seem to have any tun.o module, but there is an ethertap.o module that
> I loaded this morning. I also created the tun character device as described
> in your post.
>
> It has made no difference, I continue to get the same error. I looked at the
> kernel's 'make xconfig' and don't see where I enable the tun module.
>
> I tried commenting out /dev/tun and uncommenting /dev/tap in both the
> client.conf and server.conf files to see if loading ethertap.o and trying to
> use tap would make it better. Still no change in results...
>
> I'm starting to think I'm going to need to update this RHL7 box to something
> more current, like CentOS 4.4, or Fedora Core 6 in order to get this to work
> (probly somethign I should do anyway).
>
> Regards,
> Tim
>
> On Tuesday 09 January 2007 5:24 pm, Mike Hambidge wrote:
>> Hey Tim, a couple of things to check on the client machine:
>>
>> 1. Is TUN/TAP support enabled in the kernel (either compiled in or as a
>> module)?
>> 2. If as a module, is it loaded prior to starting OpenVPN? e.g.
>> modprobe tun
>> 3. Did you create the tun character device? e.g.
>> mkdir /dev/net
>> mknod /dev/net/tun c 10 200
>>
>> -- Mike
>>
>> Tim Wunder wrote:
>>> Hi,
>>> I'm trying to make a VPN connection from openvpn 2.0.9 on RHL7 to openvpn
>>> 2.0.7 on CentOS 4.4. I've attempted to follow the instructions from
>>> http://openvpn.net/howto.html#quick
>>>
>>> The CentOS box is the server in my environment and the RHL7 box is the
>>> client. I created the server keys and the client keys on the CentOS box
>>> and scp'd the client keys to the RHL7 box.
>>>
>>> I can start the server on the CentOS box and sorta get a connection from
>>> the RHL7 client. This is the text of the output when running
>>> # openvpn /etc/openvpn/server.conf
>>> Tue Jan 9 15:17:31 2007 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO]
>>> [EPOLL] built on Apr 29 2006
>>> Tue Jan 9 15:17:31 2007 Diffie-Hellman initialized with 1024 bit key
>>> Tue Jan 9 15:17:31 2007 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0
>>> ET:0 EL:0 ]
>>> Tue Jan 9 15:17:31 2007 TUN/TAP device tun0 opened
>>> Tue Jan 9 15:17:31 2007 /sbin/ip link set dev tun0 up mtu 1500
>>> Tue Jan 9 15:17:31 2007 /sbin/ip addr add dev tun0 local 10.8.0.1 peer
>>> 10.8.0.2Tue Jan 9 15:17:31 2007 /sbin/ip route add 10.8.0.0/24 via
>>> 10.8.0.2 Tue Jan 9 15:17:31 2007 Data Channel MTU parms [ L:1544 D:1450
>>> EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
>>> Tue Jan 9 15:17:31 2007 GID set to nobody
>>> Tue Jan 9 15:17:31 2007 UID set to nobody
>>> Tue Jan 9 15:17:31 2007 Listening for incoming TCP connection on
>>> [undef]:1194 Tue Jan 9 15:17:31 2007 TCPv4_SERVER link local (bound):
>>> [undef]:1194 Tue Jan 9 15:17:31 2007 TCPv4_SERVER link remote: [undef]
>>> Tue Jan 9 15:17:31 2007 MULTI: multi_init called, r=256 v=256
>>> Tue Jan 9 15:17:31 2007 IFCONFIG POOL: base=10.8.0.4 size=62
>>> Tue Jan 9 15:17:31 2007 IFCONFIG POOL LIST
>>> Tue Jan 9 15:17:31 2007 ServerName,10.8.0.4
>>> Tue Jan 9 15:17:31 2007 MULTI: TCP INIT maxclients=1024 maxevents=1028
>>> Tue Jan 9 15:17:31 2007 Initialization Sequence Completed
>>>
>>>
>>> # egrep -v "^(#|*$|;)" server.conf
>>> port 1194
>>> proto tcp
>>> dev tun
>>> ca /etc/openvpn/easy-rsa/keys/ca.crt
>>> cert /etc/openvpn/easy-rsa/keys/server.crt
>>> key /etc/openvpn/server.key # This file should be kept secret
>>> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
>>> server 10.8.0.0 255.255.255.0
>>> ifconfig-pool-persist ipp.txt
>>> client-to-client
>>> keepalive 10 120
>>> comp-lzo
>>> user nobody
>>> group nobody
>>> persist-key
>>> persist-tun
>>> status openvpn-status.log
>>> verb 3
>>>
>>>
>>>
>>> and when running
>>> # openvpn ./client.conf
>>> Tue Jan 9 14:54:14 2007 VERIFY OK:
>>> depth=0, /C=US/ST=NA/O=OrgName/CN=CommonName/Ema...@e-...
>>> Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Cipher 'BF-CBC'
>>> initialized with 128 bit key
>>> Tue Jan 9 14:54:14 2007 Data Channel Encrypt: Using 160 bit message
>>> hash 'SHA1' for HMAC authentication
>>> Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Cipher 'BF-CBC'
>>> initialized with 128 bit key
>>> Tue Jan 9 14:54:14 2007 Data Channel Decrypt: Using 160 bit message
>>> hash 'SHA1' for HMAC authentication
>>> Tue Jan 9 14:54:14 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
>>> EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
>>> Tue Jan 9 14:54:14 2007 [ServerName] Peer Connection Initiated with
>>> 192.168.1.252:1194
>>> Tue Jan 9 14:54:15 2007 SENT CONTROL [ServerName]: 'PUSH_REQUEST'
>>> (status=1)Tue Jan 9 14:54:15 2007 PUSH: Received control
>>> message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart
>>> 120,ifconfig 10.8.0.6 10.8.0.5'
>>> Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: timers and/or timeouts modified
>>> Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: --ifconfig/up options modified
>>> Tue Jan 9 14:54:15 2007 OPTIONS IMPORT: route options modified
>>> Tue Jan 9 14:54:15 2007 Cannot allocate TUN/TAP dev dynamically
>>> Tue Jan 9 14:54:15 2007 Exiting
>>>
>>> # egrep -v "^(#|*$|;)" client.conf
>>> client
>>> dev tun
>>> proto tcp
>>> remote serverDomain 1194
>>> resolv-retry infinite
>>> nobind
>>> user nobody
>>> group nobody
>>> persist-key
>>> persist-tun
>>> ca /etc/openvpn/clientkeys/ca.crt
>>> cert /etc/openvpn/clientkeys/client.crt
>>> key /etc/openvpn/clientkeys/client.key
>>> comp-lzo
>>> verb 3
>>>
>>> What am I missing?
>>>
>>> Thanks,
>>> Tim
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> -------------------------------------------------------------------------
>>> Take Surveys. Earn Cash. Influence the Future of IT
>>> Join SourceForge.net's Techsay panel and you'll get the chance to share
>>> your opinions on IT & business topics through brief surveys - and earn
>>> cash
>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
-
|
|
From: cristiano f. <jas...@ya...> - 2007-01-10 19:33:49
|
I am trying to raise one tunel with openvpn 2,0 to put I am having problems with firewall. used rules: iptables -t filter INPUT -i ppp0 -p tcp --dport 1194 -j ACCEPT iptables -t filter INPUT -i ppp0 -p udp --dport 1194 -j ACCEPT error: Server: Wed Jan 10 14:12:04 2007 TLS: Initial packet from 201.50.87.166:1194, sid=242775bc 91db3d7b Wed Jan 10 14:12:07 2007 TLS: new session incoming connection from 201.50.87.166:1194 Wed Jan 10 14:12:09 2007 TLS: new session incoming connection from 201.50.87.166:1194 Wed Jan 10 14:13:04 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Jan 10 14:13:04 2007 TLS Error: TLS handshake failed Wed Jan 10 14:13:04 2007 TCP/UDP: Closing socket Client: Wed Jan 10 14:56:16 2007 UDPv4 link remote: 201.50.46.253:1194 Wed Jan 10 14:56:33 2007 TLS: Initial packet from 201.50.46.253:1194, sid=ab1fed5e 62455089 Wed Jan 10 14:56:34 2007 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=BR/ST=BAHIA/L=SALVADOR/O=FBASIL/OU=VPN/CN=JASONN/ema...@GM... Wed Jan 10 14:56:34 2007 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Wed Jan 10 14:56:34 2007 TLS Error: TLS object -> incoming plaintext read error Wed Jan 10 14:56:34 2007 TLS Error: TLS handshake failed Wed Jan 10 14:56:34 2007 TCP/UDP: Closing socket Wed Jan 10 14:56:34 2007 SIGUSR1[soft,tls-error] received, process restarting Wed Jan 10 14:56:34 2007 Restart pause, 2 second(s) and Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:51 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_ACK_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:53 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:54 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_ACK_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:56 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:22:58 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) Wed Jan 10 14:23:00 2007 TLS Error: Unroutable control packet received from 201.50.46.253:1194 (si=3 op=P_CONTROL_V1) great JasonnFedora JasonnFedora Administrador de Sistemas Linux Salvador - Bahia Fedora Core 6 __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ |
|
From: Erich T. <eri...@th...> - 2007-01-10 23:44:49
|
Hi cristiano furtado wrote: > I am trying to raise one tunel with openvpn 2,0 to put I am having > problems with firewall. used rules: > > iptables -t filter INPUT -i ppp0 -p tcp --dport 1194 -j ACCEPT > iptables -t filter INPUT -i ppp0 -p udp --dport 1194 -j ACCEPT > > error: > > Server: > > Wed Jan 10 14:12:04 2007 TLS: Initial packet from 201.50.87.166:1194, > sid=242775bc 91db3d7b > Wed Jan 10 14:12:07 2007 TLS: new session incoming connection from > 201.50.87.166:1194 > Wed Jan 10 14:12:09 2007 TLS: new session incoming connection from > 201.50.87.166:1194 This is not an iptables problem, as you ae getting a new session initiation. > Wed Jan 10 14:13:04 2007 TLS Error: TLS key negotiation failed to > occur within 60 seconds (check your network connectivity) > Wed Jan 10 14:13:04 2007 TLS Error: TLS handshake failed rather obvious, a TLS problem... > Wed Jan 10 14:13:04 2007 TCP/UDP: Closing socket > > Client: > > Wed Jan 10 14:56:16 2007 UDPv4 link remote: 201.50.46.253:1194 > Wed Jan 10 14:56:33 2007 TLS: Initial packet from 201.50.46.253:1194, > sid=ab1fed5e 62455089 > Wed Jan 10 14:56:34 2007 VERIFY ERROR: depth=1, error=self signed > certificate in certificate chain: The client reports a problem with a self signed certificate. > /C=BR/ST=BAHIA/L=SALVADOR/O=FBASIL/OU=VPN/CN=JASONN/ema...@GM... > Wed Jan 10 14:56:34 2007 TLS_ERROR: BIO read tls_read_plaintext error: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed Apparently the client cannot verify the server certificate. Check your set up for missing CA certificate and certificate validity. cheers Erich |
