openvpn on 6.01

jgreen2173

OpenVPN

« Reply #75 on: January 07, 2005, 11:36:36 PM »

Well after removing that rpm I still get the following errors....
Is there a way to uninstall the previous version of openvpn that never really got installed properly...

rpm -Uvh *.rpm
Preparing... ########################################### [100%]
file /usr/sbin/openvpn conflicts between attempted installs of openvpn-2.0_rc6-1 and openvpn-2.0_beta18-1
file /usr/share/man/man8/openvpn.8.gz conflicts between attempted installs of openvpn-2.0_rc6-1 and openvpn-2.0_beta18-1
file /usr/share/openvpn/easy-rsa/README conflicts between attempted installs of openvpn-2.0_rc6-1 and openvpn-2.0_beta18-1
file /usr/share/openvpn/sample-config-files/client.conf conflicts between attempted installs of openvpn-2.0_rc6-1 and openvpn-2.0_beta18-1

Logged

MarkR

56
+0/-0

openvpn on 6.01

« Reply #76 on: January 10, 2005, 05:17:09 PM »

Hi all,

I have been looking to set this up on my server, unfortunatly i am unable to 'Add Local Network'
i get the following error "Error: router address is not accessible from local network. Did not add network"

i am running in server-gateway mode
my internal ip is 192.168.0.5
my external ip is 192.168.1.2
my router ip is 192.168.1.1

any ideas/suggestions

thanks
mark

Logged

...

stevewray

openvpn on 6.01

« Reply #77 on: January 11, 2005, 03:01:43 AM »

Quote from: "cydonia"

I'm having a a problem with OpenVPN and just wanted to confirm a basic setup question.

I get the following message after i log in. I'm not sure that i actually log in though, since i can use any combo of user/pass and it still says it.

Fri Dec 10 17:37:22 2004 us=775475 TLS Error: Unroutable control packet received from 220.245.132.171:1194 (si=3 op=P_CONTROL_V1)
Fri Dec 10 17:37:22 2004 us=783189 TLS Error: Unroutable control packet received from 220.245.132.171:1194 (si=3 op=P_CONTROL_V1)

Reading later in the list it seems that the howto answered this chaps question.

Well I get the error and I don't see a fix in the howto.

Could someone please advise?

Thanks!

Logged

cydonia

openvpn on 6.01

« Reply #78 on: January 11, 2005, 07:38:50 AM »

Quote from: "stevewray"

Reading later in the list it seems that the howto answered this chaps question.

Well I get the error and I don't see a fix in the howto.

Could someone please advise?

Thanks!

Steve, make sure you add the local network as defined in server.conf, that is in the how to. I forgot to do that part. Its still not working for me though. I can login, and everything in the log looks fine, but i can't ping any of the remote computers.

Good luck. let us know how you go.

Tristan

Logged

duncan

openvpn on 6.01

« Reply #79 on: January 11, 2005, 07:46:50 AM »

Quote from: "MarkR"

Hi all,

I have been looking to set this up on my server, unfortunatly i am unable to 'Add Local Network'
i get the following error "Error: router address is not accessible from local network. Did not add network"

i am running in server-gateway mode
my internal ip is 192.168.0.5
my external ip is 192.168.1.2
my router ip is 192.168.1.1

any ideas/suggestions

thanks
mark

The router in this case would be 192.168.0.5.

Logged

cydonia

openvpn on 6.01

« Reply #80 on: January 11, 2005, 12:41:14 PM »

Quote from: "duncan"

Quote from: "MarkR"
Hi all,

I have been looking to set this up on my server, unfortunatly i am unable to 'Add Local Network'
i get the following error "Error: router address is not accessible from local network. Did not add network"

i am running in server-gateway mode
my internal ip is 192.168.0.5
my external ip is 192.168.1.2
my router ip is 192.168.1.1

any ideas/suggestions

thanks
mark

How is it possible to have a router on a different IP than the client? shouldn't it be 192.168.1.5?

Tristan

Logged

duncan

openvpn on 6.01

« Reply #81 on: January 12, 2005, 09:28:44 AM »

Quote from: "cydonia"

How is it possible to have a router on a different IP than the client? shouldn't it be 192.168.1.5?

Tristan

Nope. 192.168.0.5 is the address of the machine doing the routing. It is doing the routing because it is running openvpn. The internet router (192.168.1.1) has nothing to do with this. Adding a local network like this sets up the routes in the gateway (usually it points to another local router)and adjusts the firewall rules.

Logged

BartManInNZ

31
+0/-0

openvpn on 6.01

« Reply #82 on: January 28, 2005, 04:15:38 AM »

Quote from: "Appesteijn"

Does the client.crt has anything in it when you've made it on your server? Maybe you could try to remove all certificates on your server and then rebuild them.

I do the following:

Code: [Select]

[root@sme easy-rsa]# ./build-key client
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Generating a 1024 bit RSA private key

However my client.crt file contains 0 lines!! Any ideas as to why this is?? The server.crt file is ok however.

Regards,

Bart

Logged

Franco

1,171
+0/-0

OpenVPN is killing me

« Reply #83 on: February 24, 2005, 05:21:30 PM »

I have read all posts on the forums and on the openvpn site, and I'm not able to make openvpn work for me.
I get this error initializing it:
[root@SME openvpn]# service openvpn start
Starting openvpn: SIOCDELRT: No such process
[ OK ]
I found that if I comment the line openvpn.up the service starts fine, but I'm still unable to connect in both situations. I'm assuming that the error above is the responsible for not letting me in.
I was able to connect once and after rebooting the server...if anyone can shed me a light in the right direction, I would much appreciate it.
Thanks,

This is my log file from the client side:

Quote

Thu Feb 24 12:57:19 2005 us=223104 Current Parameter Settings:
Thu Feb 24 12:57:19 2005 us=223502 config = 'VPN.ovpn'
Thu Feb 24 12:57:19 2005 us=223573 mode = 0
Thu Feb 24 12:57:19 2005 us=225913 show_ciphers = DISABLED
Thu Feb 24 12:57:19 2005 us=226014 show_digests = DISABLED
Thu Feb 24 12:57:19 2005 us=226080 show_engines = DISABLED
Thu Feb 24 12:57:19 2005 us=226144 genkey = DISABLED
Thu Feb 24 12:57:19 2005 us=226206 key_pass_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=226271 show_tls_ciphers = DISABLED
Thu Feb 24 12:57:19 2005 us=226334 proto = 0
Thu Feb 24 12:57:19 2005 us=226395 local = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=226485 remote_list[0] = {'200.180.0.48, 1194}
Thu Feb 24 12:57:19 2005 us=226569 remote_random = DISABLED
Thu Feb 24 12:57:19 2005 us=226637 local_port = 1194
Thu Feb 24 12:57:19 2005 us=226702 remote_port = 1194
Thu Feb 24 12:57:19 2005 us=226767 remote_float = DISABLED
Thu Feb 24 12:57:19 2005 us=227180 ipchange = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=227248 bind_local = ENABLED
Thu Feb 24 12:57:19 2005 us=227311 dev = 'tap0'
Thu Feb 24 12:57:19 2005 us=227375 dev_type = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=227440 dev_node = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=227504 tun_ipv6 = DISABLED
Thu Feb 24 12:57:19 2005 us=227569 ifconfig_local = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=227637 ifconfig_remote_netmask = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=227704 ifconfig_noexec = DISABLED
Thu Feb 24 12:57:19 2005 us=227769 ifconfig_nowarn = DISABLED
Thu Feb 24 12:57:19 2005 us=227834 shaper = 0
Thu Feb 24 12:57:19 2005 us=227898 tun_mtu = 1500
Thu Feb 24 12:57:19 2005 us=227962 tun_mtu_defined = ENABLED
Thu Feb 24 12:57:19 2005 us=228028 link_mtu = 1500
Thu Feb 24 12:57:19 2005 us=228094 link_mtu_defined = DISABLED
Thu Feb 24 12:57:19 2005 us=228160 tun_mtu_extra = 32
Thu Feb 24 12:57:19 2005 us=228225 tun_mtu_extra_defined = ENABLED
Thu Feb 24 12:57:19 2005 us=228292 fragment = 0
Thu Feb 24 12:57:19 2005 us=228357 mtu_discover_type = -1
Thu Feb 24 12:57:19 2005 us=242617 mtu_test = 1
Thu Feb 24 12:57:19 2005 us=242744 mlock = DISABLED
Thu Feb 24 12:57:19 2005 us=242807 keepalive_ping = 0
Thu Feb 24 12:57:19 2005 us=242869 keepalive_timeout = 0
Thu Feb 24 12:57:19 2005 us=242931 inactivity_timeout = 0
Thu Feb 24 12:57:19 2005 us=242993 ping_send_timeout = 0
Thu Feb 24 12:57:19 2005 us=243056 ping_rec_timeout = 120
Thu Feb 24 12:57:19 2005 us=243119 ping_rec_timeout_action = 2
Thu Feb 24 12:57:19 2005 us=243182 ping_timer_remote = DISABLED
Thu Feb 24 12:57:19 2005 us=243244 remap_sigusr1 = 0
Thu Feb 24 12:57:19 2005 us=243308 explicit_exit_notification = 0
Thu Feb 24 12:57:19 2005 us=243368 persist_tun = DISABLED
Thu Feb 24 12:57:19 2005 us=243430 persist_local_ip = DISABLED
Thu Feb 24 12:57:19 2005 us=243492 persist_remote_ip = DISABLED
Thu Feb 24 12:57:19 2005 us=243554 persist_key = DISABLED
Thu Feb 24 12:57:19 2005 us=243617 mssfix = 1450
Thu Feb 24 12:57:19 2005 us=243684 resolve_retry_seconds = 1000000000
Thu Feb 24 12:57:19 2005 us=243749 connect_retry_seconds = 5
Thu Feb 24 12:57:19 2005 us=243812 username = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=243875 groupname = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=243937 chroot_dir = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=243998 cd_dir = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=244060 writepid = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=244122 up_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=244184 down_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=244246 down_pre = DISABLED
Thu Feb 24 12:57:19 2005 us=244308 up_restart = DISABLED
Thu Feb 24 12:57:19 2005 us=244427 up_delay = DISABLED
Thu Feb 24 12:57:19 2005 us=244497 daemon = DISABLED
Thu Feb 24 12:57:19 2005 us=244558 inetd = 0
Thu Feb 24 12:57:19 2005 us=244617 log = DISABLED
Thu Feb 24 12:57:19 2005 us=244681 suppress_timestamps = DISABLED
Thu Feb 24 12:57:19 2005 us=325502 nice = 0
Thu Feb 24 12:57:19 2005 us=325584 verbosity = 4
Thu Feb 24 12:57:19 2005 us=325643 mute = 0
Thu Feb 24 12:57:19 2005 us=325701 gremlin = 0
Thu Feb 24 12:57:19 2005 us=325761 status_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=325822 status_file_version = 1
Thu Feb 24 12:57:19 2005 us=325885 status_file_update_freq = 60
Thu Feb 24 12:57:19 2005 us=325943 occ = ENABLED
Thu Feb 24 12:57:19 2005 us=326002 rcvbuf = 0
Thu Feb 24 12:57:19 2005 us=326060 sndbuf = 0
Thu Feb 24 12:57:19 2005 us=326150 socks_proxy_server = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=326216 socks_proxy_port = 0
Thu Feb 24 12:57:19 2005 us=326278 socks_proxy_retry = DISABLED
Thu Feb 24 12:57:19 2005 us=326338 fast_io = DISABLED
Thu Feb 24 12:57:19 2005 us=326398 comp_lzo = ENABLED
Thu Feb 24 12:57:19 2005 us=326458 comp_lzo_adaptive = ENABLED
Thu Feb 24 12:57:19 2005 us=326519 route_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=326583 route_default_gateway = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=326646 route_noexec = DISABLED
Thu Feb 24 12:57:19 2005 us=326708 route_delay = 0
Thu Feb 24 12:57:19 2005 us=326770 route_delay_window = 30
Thu Feb 24 12:57:19 2005 us=326832 route_delay_defined = ENABLED
Thu Feb 24 12:57:19 2005 us=326896 management_addr = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=326959 management_port = 0
Thu Feb 24 12:57:19 2005 us=327022 management_user_pass = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=327089 management_log_history_cache = 250
Thu Feb 24 12:57:19 2005 us=327156 management_echo_buffer_size = 100
Thu Feb 24 12:57:19 2005 us=327221 management_query_passwords = DISABLED
Thu Feb 24 12:57:19 2005 us=327285 management_hold = DISABLED
Thu Feb 24 12:57:19 2005 us=327350 shared_secret_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=327413 key_direction = 0
Thu Feb 24 12:57:19 2005 us=327475 ciphername_defined = ENABLED
Thu Feb 24 12:57:19 2005 us=327537 ciphername = 'BF-CBC'
Thu Feb 24 12:57:19 2005 us=327601 authname_defined = ENABLED
Thu Feb 24 12:57:19 2005 us=327663 authname = 'SHA1'
Thu Feb 24 12:57:19 2005 us=327723 keysize = 0
Thu Feb 24 12:57:19 2005 us=327783 engine = DISABLED
Thu Feb 24 12:57:19 2005 us=327843 replay = ENABLED
Thu Feb 24 12:57:19 2005 us=327907 mute_replay_warnings = DISABLED
Thu Feb 24 12:57:19 2005 us=327971 replay_window = 64
Thu Feb 24 12:57:19 2005 us=328033 replay_time = 15
Thu Feb 24 12:57:19 2005 us=328097 packet_id_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=328158 use_iv = ENABLED
Thu Feb 24 12:57:19 2005 us=328219 test_crypto = DISABLED
Thu Feb 24 12:57:19 2005 us=328282 tls_server = DISABLED
Thu Feb 24 12:57:19 2005 us=328345 tls_client = ENABLED
Thu Feb 24 12:57:19 2005 us=328407 key_method = 2
Thu Feb 24 12:57:19 2005 us=328467 ca_file = 'ca.crt'
Thu Feb 24 12:57:19 2005 us=328528 dh_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=392540 cert_file = 'client.crt'
Thu Feb 24 12:57:19 2005 us=392621 priv_key_file = 'client.key'
Thu Feb 24 12:57:19 2005 us=392685 pkcs12_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=392746 cryptoapi_cert = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=392806 cipher_list = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=392866 tls_verify = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=392925 tls_remote = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=392985 crl_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=393046 ns_cert_type = 0
Thu Feb 24 12:57:19 2005 us=393104 tls_timeout = 2
Thu Feb 24 12:57:19 2005 us=393165 renegotiate_bytes = 0
Thu Feb 24 12:57:19 2005 us=393228 renegotiate_packets = 0
Thu Feb 24 12:57:19 2005 us=393292 renegotiate_seconds = 3600
Thu Feb 24 12:57:19 2005 us=393353 handshake_window = 60
Thu Feb 24 12:57:19 2005 us=393417 transition_window = 3600
Thu Feb 24 12:57:19 2005 us=393479 single_session = DISABLED
Thu Feb 24 12:57:19 2005 us=393542 tls_exit = DISABLED
Thu Feb 24 12:57:19 2005 us=393605 tls_auth_file = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=408230 server_network = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408325 server_netmask = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408396 server_bridge_ip = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408468 server_bridge_netmask = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408540 server_bridge_pool_start = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408611 server_bridge_pool_end = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408681 ifconfig_pool_defined = DISABLED
Thu Feb 24 12:57:19 2005 us=408752 ifconfig_pool_start = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408823 ifconfig_pool_end = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408895 ifconfig_pool_netmask = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=408966 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=409034 ifconfig_pool_persist_refresh_freq = 600
Thu Feb 24 12:57:19 2005 us=409102 ifconfig_pool_linear = DISABLED
Thu Feb 24 12:57:19 2005 us=409169 n_bcast_buf = 256
Thu Feb 24 12:57:19 2005 us=409233 tcp_queue_limit = 64
Thu Feb 24 12:57:19 2005 us=409296 real_hash_size = 256
Thu Feb 24 12:57:19 2005 us=409359 virtual_hash_size = 256
Thu Feb 24 12:57:19 2005 us=409423 client_connect_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=409490 learn_address_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=409557 client_disconnect_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=409622 client_config_dir = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=409686 ccd_exclusive = DISABLED
Thu Feb 24 12:57:19 2005 us=409748 tmp_dir = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=409814 push_ifconfig_defined = DISABLED
Thu Feb 24 12:57:19 2005 us=409886 push_ifconfig_local = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=409959 push_ifconfig_remote_netmask = 0.0.0.0
Thu Feb 24 12:57:19 2005 us=410026 enable_c2c = DISABLED
Thu Feb 24 12:57:19 2005 us=410088 duplicate_cn = DISABLED
Thu Feb 24 12:57:19 2005 us=487811 cf_max = 0
Thu Feb 24 12:57:19 2005 us=487883 cf_per = 0
Thu Feb 24 12:57:19 2005 us=487945 max_clients = 1024
Thu Feb 24 12:57:19 2005 us=488011 client_cert_not_required = DISABLED
Thu Feb 24 12:57:19 2005 us=488076 username_as_common_name = DISABLED
Thu Feb 24 12:57:19 2005 us=488141 auth_user_pass_verify_script = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=488212 auth_user_pass_verify_script_via_file = DISABLED
Thu Feb 24 12:57:19 2005 us=488275 client = DISABLED
Thu Feb 24 12:57:19 2005 us=488333 pull = ENABLED
Thu Feb 24 12:57:19 2005 us=488393 auth_user_pass_file = 'stdin'
Thu Feb 24 12:57:19 2005 us=488464 show_net_up = DISABLED
Thu Feb 24 12:57:19 2005 us=488524 route_method = 0
Thu Feb 24 12:57:19 2005 us=488584 ip_win32_defined = DISABLED
Thu Feb 24 12:57:19 2005 us=488644 ip_win32_type = 3
Thu Feb 24 12:57:19 2005 us=488705 dhcp_masq_offset = 0
Thu Feb 24 12:57:19 2005 us=488771 dhcp_lease_time = 31536000
Thu Feb 24 12:57:19 2005 us=488832 tap_sleep = 0
Thu Feb 24 12:57:19 2005 us=488892 dhcp_options = DISABLED
Thu Feb 24 12:57:19 2005 us=488953 dhcp_renew = DISABLED
Thu Feb 24 12:57:19 2005 us=489015 dhcp_pre_release = DISABLED
Thu Feb 24 12:57:19 2005 us=489076 dhcp_release = DISABLED
Thu Feb 24 12:57:19 2005 us=489137 domain = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=489198 netbios_scope = '[UNDEF]'
Thu Feb 24 12:57:19 2005 us=489260 netbios_node_type = 0
Thu Feb 24 12:57:19 2005 us=489320 disable_nbt = DISABLED
Thu Feb 24 12:57:19 2005 us=489389 OpenVPN 2.0_rc10 Win32-MinGW [SSL] [LZO] built on Jan 27 2005
Enter Auth Password:
Thu Feb 24 12:57:27 2005 us=380006 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 24 12:57:27 2005 us=622625 LZO compression initialized
Thu Feb 24 12:57:27 2005 us=623318 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Feb 24 12:57:27 2005 us=713401 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:23 ET:32 EL:0 AF:3/1 ]
Thu Feb 24 12:57:27 2005 us=713666 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Feb 24 12:57:27 2005 us=713751 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Feb 24 12:57:27 2005 us=713900 Local Options hash (VER=V4): 'd79ca330'
Thu Feb 24 12:57:27 2005 us=714016 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu Feb 24 12:57:27 2005 us=714194 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Feb 24 12:57:27 2005 us=714309 UDPv4 link local (bound): [undef]:1194
Thu Feb 24 12:57:27 2005 us=714380 UDPv4 link remote: 200.180.0.48:1194
Thu Feb 24 12:58:16 2005 us=558390 TCP/UDP: Closing socket
Thu Feb 24 12:58:16 2005 us=562151 SIGTERM[hard,] received, process exiting

Logged

Knuddi

540
+0/-0

openvpn on 6.01

« Reply #84 on: February 24, 2005, 07:19:08 PM »

If you are using the howto from sme.swerts-knudsen.dk then it seems as if your server and maybe also client conf files are not complete.

Could you post them and also a "ls -la /etc/openvpn/"

/jesper

Logged

www.scanmailx.com | www.smeoptimizer.com

Franco

1,171
+0/-0

openvpn on 6.01

« Reply #85 on: February 24, 2005, 07:54:58 PM »

Jesper,
Thank you for the reply.
I'm using the tutorial, and confess that I changed attributes trying to fix the problem. I have tried the connection from behind another SME (not sure if it would make a difference) and from a Dialup connection without success.

Quote

root]# ls -la /etc/openvpn/
total 56
drwxr-xr-x 3 root root 4096 Feb 24 13:00 .
drwxr-xr-x 45 root root 4096 Feb 24 14:21 ..
-rw-r--r-- 1 root root 1269 Feb 24 10:53 ca.crt
-rw-r--r-- 1 root root 245 Feb 24 10:56 dh1024.pem
drwxr-xr-x 3 root root 4096 Feb 24 10:45 easy-rsa
-rwxr-xr-x 1 root root 104 Nov 17 06:31 logoff.sh
-rwxr-xr-x 1 root root 562 Nov 17 06:32 logoff_user.pl
-rwxr-xr-x 1 root root 378 Feb 24 15:17 openvpn-status.log
-rwx------ 1 root root 198 Feb 24 12:56 openvpn.up
-rw-r--r-- 1 root root 762 Feb 24 13:00 server.conf
-rw-r--r-- 1 root root 3579 Feb 24 10:53 server.crt
-rw-r--r-- 1 root root 891 Feb 24 10:54 server.key
-rwxr-xr-x 1 root root 108 Nov 17 06:32 validate.sh
-rwxr-xr-x 1 root root 1242 Feb 24 09:16 validate_user.pl

my server.conf:

Quote

port 1194
dev tap

tls-server

dh dh1024.pem
ca ca.crt
cert server.crt
key server.key

auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh

up ./openvpn.up

mode server
duplicate-cn
ifconfig 192.168.1.1 255.255.255.0

ifconfig-pool 192.168.1.100 192.168.1.200 255.255.255.0 # IP range for openvpn client

mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120

push "ping 20"
push "ping-restart 60"
push "dhcp-option DOMAIN XXXXXXX.com" # push the DNS domain suffixpush "dhcp-option DNS 192.168.0.5" # push DNS entries to openvpn clientpush "route 192.168.0.0 255.255.255.0 192.168.1.1" # add route to to protected network

comp-lzo
status-version 2status openvpn-status.log
verb 3

openvpn.up

Quote

#!/bin/sh

route del -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.5
route del -net 192.168.1.0 netmask 255.255.255.0 dev tap0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

Where 192.168.0.5 is my server.
My client's file:

Quote

port 1194
dev tap0

remote XXXXXXXX.com

tls-client
auth-user-pass

ca ca.crt
cert client.crt
key client.key

mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull

comp-lzo
verb

I have opened UDP 1194 both TCP and UDP (to see if it would work), iptables -L show it open.
I added the 192.168.1.0/24 and 192.168.0.5 local network.
When trying to connect, the client get stuck right after sending the login/pass.
I re-did the keys many times and var/log/messages show errors as:

Quote

kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:96:52:5d:00:04:27:fd:a6:5e:08:00 SRC=200.180.XXX.XXX DST=XXX.XX.XXX.XX LEN=42 TOS=0x00 PREC=0x00 TTL=122 ID=51641 PROTO=UDP SPT=1194 DPT=1194 LEN=22

Logged

Franco

1,171
+0/-0

openvpn on 6.01

« Reply #86 on: March 06, 2005, 12:56:53 AM »

Jesper,
You're right on,
I re-did the whole thing and the keys were the problem, I can now connect, ping, trace and everything. I can resolve other machines on the network but I cannot resolve SME, and cannot access it either, not even ping it, even thou it shows correctly on my client. And the reason for all that may be that I have no gateway:

Quote

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : sme.com.br
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-DE-9D-BD-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.100.107
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCP Server . . . . . . . . . . . : 192.168.100.0
DNS Servers . . . . . . . . . . . : 192.168.0.5
Lease Obtained. . . . . . . . . . : Saturday, March 05, 2005 8:11:09
Lease Expires . . . . . . . . . . : Sunday, March 05, 2006 8:11:09 PM

Do you have any idea on what could be wrong?
192.168.0.5 is my SME
Thanks,

Logged

MarkR

56
+0/-0

openvpn on 6.01

« Reply #87 on: March 17, 2005, 01:16:03 PM »

Hi All,

I've had a play with jespers openvpn setup, server and client side installed fine..??!!??

1) i have a few ms machines on the server side and i can ping the ip's(but they don't show up in network browser) i can still use the printers and shares but i have to type the ip address's(server side pc's have static ip's, could this cause probs?)
2) I also have a SCO unix host system but i am unable to ping its ip from the client,( if i log into the SME server console i can ping it from there???)

thanks

Logged

...

onsy

openvpn on 6.01

« Reply #88 on: March 17, 2005, 02:18:47 PM »

Quote from: "stuntshell"

Jesper,
You're right on,
I re-did the whole thing and the keys were the problem, I can now connect, ping, trace and everything. I can resolve other machines on the network but I cannot resolve SME, and cannot access it either, not even ping it, even thou it shows correctly on my client. And the reason for all that may be that I have no gateway:
Quote

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : sme.com.br
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-DE-9D-BD-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.100.107
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCP Server . . . . . . . . . . . : 192.168.100.0
DNS Servers . . . . . . . . . . . : 192.168.0.5
Lease Obtained. . . . . . . . . . : Saturday, March 05, 2005 8:11:09
Lease Expires . . . . . . . . . . : Sunday, March 05, 2006 8:11:09 PM

Do you have any idea on what could be wrong?
192.168.0.5 is my SME
Thanks,

Is it normal your interface shows an adresse in 192.168.100 network ? Your server.conf showed a dhcp attibution in 192.168.1 network and you wrote you added 192.168.1.O in local network.
So I think you're not in a "local-considered" network and perhaps you have no route on SME to the 192.168.100 network ?

Logged

Franco

1,171
+0/-0

openvpn on 6.01

« Reply #89 on: March 17, 2005, 04:03:31 PM »

Precisely onsy,
I tried adding the routes manually but it didn't work. When I try to add via the panel it tells me I cannot add them.

Thanks,

Logged