Topic: [ANNOUNCE] smeserver-openvpn-bridge-fws-1.1-2.rpm

[Daniel B.]

Sorry, you're right, it's /etc/openvpn/easy-rsa/keys/bridge, not /etc/openvpn/easy-rsa/server-bridge. All the files should be ok if they are not empty. If the installation of ie7 told you that openvpn may not work properly, you should uninstall your client and re-install it so that tap-win32 driver is reinstalled. Maybe it's the issue. If this doesn't fix your problem, please erease all your certificates, regenerate them and send me your /var/log/httpd/admin_error_log files (by mail: daniel@firewall-services.com)

[Daniel B.]

the 1st stable release (1.0-1) is available as an rpm. have a look at http://sme.firewall-services.com/spip.php?article2

[Daniel B.]

a stupid empty directory is missing from 1.0-1, if you have done a fresh install a the contrib smeserver-openvpn-bridge-fws-1.0-1, please upgrade to smeserver-openvpn-bridge-fws-1.0-2, I've just uploaded it.

[blacknz]

Hi Guys,

I'm having the same problem as Imcintyre has been having.

Did you ever find the solution to this?

I am using a freshly installed smeserver-openvpn-bridge-fws-1.0-2 following the directions given in the how-to.

I have tried deleting the certs and regenerating them but still got the same result.
The user definitely has VPN access enabled.

My client is WinXP Pro running Firefox 2.0 & IE 6.

Heres a copy of OpenVPN's output:

Mon Dec 11 15:20:29 2006 us=405932 Current Parameter Settings:
Mon Dec 11 15:20:29 2006 us=406246   config = 'C:\Program Files\OpenVPN\config\VPN.ovpn'
Mon Dec 11 15:20:29 2006 us=406376   mode = 0
Mon Dec 11 15:20:29 2006 us=406459   show_ciphers = DISABLED
Mon Dec 11 15:20:29 2006 us=406545   show_digests = DISABLED
Mon Dec 11 15:20:29 2006 us=408572   show_engines = DISABLED
Mon Dec 11 15:20:29 2006 us=408738   genkey = DISABLED
Mon Dec 11 15:20:29 2006 us=415313   key_pass_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=415449   show_tls_ciphers = DISABLED
Mon Dec 11 15:20:29 2006 us=415517   proto = 0
Mon Dec 11 15:20:29 2006 us=415584   local = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=415649   remote_list[0] = {'kevinblackmore.dyndns.org', 1194}
Mon Dec 11 15:20:29 2006 us=415971   remote_random = DISABLED
Mon Dec 11 15:20:29 2006 us=416025   local_port = 1194
Mon Dec 11 15:20:29 2006 us=416079   remote_port = 1194
Mon Dec 11 15:20:29 2006 us=416141   remote_float = DISABLED
Mon Dec 11 15:20:29 2006 us=416207   ipchange = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=416277   bind_local = DISABLED
Mon Dec 11 15:20:29 2006 us=416344   dev = 'tap'
Mon Dec 11 15:20:29 2006 us=416402   dev_type = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=416448   dev_node = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=416494   tun_ipv6 = DISABLED
Mon Dec 11 15:20:29 2006 us=416556   ifconfig_local = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=419413   ifconfig_remote_netmask = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=421926   ifconfig_noexec = DISABLED
Mon Dec 11 15:20:29 2006 us=424783   ifconfig_nowarn = DISABLED
Mon Dec 11 15:20:29 2006 us=427240   shaper = 0
Mon Dec 11 15:20:29 2006 us=429707   tun_mtu = 1500
Mon Dec 11 15:20:29 2006 us=431926   tun_mtu_defined = ENABLED
Mon Dec 11 15:20:29 2006 us=434402   link_mtu = 1500
Mon Dec 11 15:20:29 2006 us=436707   link_mtu_defined = DISABLED
Mon Dec 11 15:20:29 2006 us=439201   tun_mtu_extra = 32
Mon Dec 11 15:20:29 2006 us=441878   tun_mtu_extra_defined = ENABLED
Mon Dec 11 15:20:29 2006 us=444345   fragment = 1400
Mon Dec 11 15:20:29 2006 us=446813   mtu_discover_type = -1
Mon Dec 11 15:20:29 2006 us=449014   mtu_test = 0
Mon Dec 11 15:20:29 2006 us=451484   mlock = DISABLED
Mon Dec 11 15:20:29 2006 us=453776   keepalive_ping = 0
Mon Dec 11 15:20:29 2006 us=456886   keepalive_timeout = 0
Mon Dec 11 15:20:29 2006 us=459337   inactivity_timeout = 0
Mon Dec 11 15:20:29 2006 us=461807   ping_send_timeout = 0
Mon Dec 11 15:20:29 2006 us=466724   ping_rec_timeout = 120
Mon Dec 11 15:20:29 2006 us=469163   ping_rec_timeout_action = 2
Mon Dec 11 15:20:29 2006 us=472354   ping_timer_remote = DISABLED
Mon Dec 11 15:20:29 2006 us=474831   remap_sigusr1 = 0
Mon Dec 11 15:20:29 2006 us=477300   explicit_exit_notification = 0
Mon Dec 11 15:20:29 2006 us=479790   persist_tun = DISABLED
Mon Dec 11 15:20:29 2006 us=482014   persist_local_ip = DISABLED
Mon Dec 11 15:20:29 2006 us=484497   persist_remote_ip = DISABLED
Mon Dec 11 15:20:29 2006 us=486797   persist_key = DISABLED
Mon Dec 11 15:20:29 2006 us=489515   mssfix = 1450
Mon Dec 11 15:20:29 2006 us=491969   resolve_retry_seconds = 1000000000
Mon Dec 11 15:20:29 2006 us=494448   connect_retry_seconds = 5
Mon Dec 11 15:20:29 2006 us=496905   username = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=499119   groupname = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=501599   chroot_dir = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=504360   cd_dir = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=506836   writepid = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=509359   up_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=527804   down_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=530353   down_pre = DISABLED
Mon Dec 11 15:20:29 2006 us=532647   up_restart = DISABLED
Mon Dec 11 15:20:29 2006 us=536491   up_delay = DISABLED
Mon Dec 11 15:20:29 2006 us=538818   daemon = DISABLED
Mon Dec 11 15:20:29 2006 us=541196   inetd = 0
Mon Dec 11 15:20:29 2006 us=543545   log = DISABLED
Mon Dec 11 15:20:29 2006 us=545921   suppress_timestamps = DISABLED
Mon Dec 11 15:20:29 2006 us=548001   nice = 0
Mon Dec 11 15:20:29 2006 us=550584   verbosity = 4
Mon Dec 11 15:20:29 2006 us=552907   mute = 0
Mon Dec 11 15:20:29 2006 us=555100   gremlin = 0
Mon Dec 11 15:20:29 2006 us=557463   status_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=559816   status_file_version = 1
Mon Dec 11 15:20:29 2006 us=562165   status_file_update_freq = 60
Mon Dec 11 15:20:29 2006 us=564252   occ = ENABLED
Mon Dec 11 15:20:29 2006 us=567581   rcvbuf = 0
Mon Dec 11 15:20:29 2006 us=569882   sndbuf = 0
Mon Dec 11 15:20:29 2006 us=576831   socks_proxy_server = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=579264   socks_proxy_port = 0
Mon Dec 11 15:20:29 2006 us=582033   socks_proxy_retry = DISABLED
Mon Dec 11 15:20:29 2006 us=584386   fast_io = DISABLED
Mon Dec 11 15:20:29 2006 us=586709   comp_lzo = ENABLED
Mon Dec 11 15:20:29 2006 us=588971   comp_lzo_adaptive = ENABLED
Mon Dec 11 15:20:29 2006 us=591360   route_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=593723   route_default_gateway = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=596099   route_noexec = DISABLED
Mon Dec 11 15:20:29 2006 us=598204   route_delay = 0
Mon Dec 11 15:20:29 2006 us=600545   route_delay_window = 30
Mon Dec 11 15:20:29 2006 us=602904   route_delay_defined = ENABLED
Mon Dec 11 15:20:29 2006 us=605086   management_addr = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=607461   management_port = 0
Mon Dec 11 15:20:29 2006 us=609820   management_user_pass = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=612286   management_log_history_cache = 250
Mon Dec 11 15:20:29 2006 us=614356   management_echo_buffer_size = 100
Mon Dec 11 15:20:29 2006 us=616736   management_query_passwords = DISABLED
Mon Dec 11 15:20:29 2006 us=624996   management_hold = DISABLED
Mon Dec 11 15:20:29 2006 us=627362   shared_secret_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=630649   key_direction = 2
Mon Dec 11 15:20:29 2006 us=632958   ciphername_defined = ENABLED
Mon Dec 11 15:20:29 2006 us=635325   ciphername = 'BF-CBC'
Mon Dec 11 15:20:29 2006 us=637574   authname_defined = ENABLED
Mon Dec 11 15:20:29 2006 us=639895   authname = 'SHA1'
Mon Dec 11 15:20:29 2006 us=642264   keysize = 0
Mon Dec 11 15:20:29 2006 us=644644   engine = DISABLED
Mon Dec 11 15:20:29 2006 us=646916   replay = ENABLED
Mon Dec 11 15:20:29 2006 us=649045   mute_replay_warnings = DISABLED
Mon Dec 11 15:20:29 2006 us=651420   replay_window = 64
Mon Dec 11 15:20:29 2006 us=653784   replay_time = 15
Mon Dec 11 15:20:29 2006 us=655967   packet_id_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=658334   use_iv = ENABLED
Mon Dec 11 15:20:29 2006 us=660756   test_crypto = DISABLED
Mon Dec 11 15:20:29 2006 us=663085   tls_server = DISABLED
Mon Dec 11 15:20:29 2006 us=665155   tls_client = ENABLED
Mon Dec 11 15:20:29 2006 us=668595   key_method = 2
Mon Dec 11 15:20:29 2006 us=670901   ca_file = 'ca.crt'
Mon Dec 11 15:20:29 2006 us=673140   dh_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=675634   cert_file = 'kevin.crt'
Mon Dec 11 15:20:29 2006 us=677970   priv_key_file = 'kevin.key'
Mon Dec 11 15:20:29 2006 us=680257   pkcs12_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=682394   cryptoapi_cert = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=684764   cipher_list = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=687129   tls_verify = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=689301   tls_remote = 'server'
Mon Dec 11 15:20:29 2006 us=691706   crl_file = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=694041   ns_cert_type = 64
Mon Dec 11 15:20:29 2006 us=696385   tls_timeout = 2
Mon Dec 11 15:20:29 2006 us=698453   renegotiate_bytes = 0
Mon Dec 11 15:20:29 2006 us=700817   renegotiate_packets = 0
Mon Dec 11 15:20:29 2006 us=703175   renegotiate_seconds = 3600
Mon Dec 11 15:20:29 2006 us=705355   handshake_window = 60
Mon Dec 11 15:20:29 2006 us=707998   transition_window = 3600
Mon Dec 11 15:20:29 2006 us=710489   single_session = DISABLED
Mon Dec 11 15:20:29 2006 us=712819   tls_exit = DISABLED
Mon Dec 11 15:20:29 2006 us=714884   tls_auth_file = 'ta.key'
Mon Dec 11 15:20:29 2006 us=717267   server_network = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=719624   server_netmask = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=722128   server_bridge_ip = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=724484   server_bridge_netmask = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=726860   server_bridge_pool_start = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=729229   server_bridge_pool_end = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=731321   ifconfig_pool_defined = DISABLED
Mon Dec 11 15:20:29 2006 us=733690   ifconfig_pool_start = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=736068   ifconfig_pool_end = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=739039   ifconfig_pool_netmask = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=741467   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=743871   ifconfig_pool_persist_refresh_freq = 600
Mon Dec 11 15:20:29 2006 us=746245   ifconfig_pool_linear = DISABLED
Mon Dec 11 15:20:29 2006 us=748323   n_bcast_buf = 256
Mon Dec 11 15:20:29 2006 us=750673   tcp_queue_limit = 64
Mon Dec 11 15:20:29 2006 us=753862   real_hash_size = 256
Mon Dec 11 15:20:29 2006 us=756042   virtual_hash_size = 256
Mon Dec 11 15:20:29 2006 us=758412   client_connect_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=760791   learn_address_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=763154   client_disconnect_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=765239   client_config_dir = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=767603   ccd_exclusive = DISABLED
Mon Dec 11 15:20:29 2006 us=770249   tmp_dir = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=772424   push_ifconfig_defined = DISABLED
Mon Dec 11 15:20:29 2006 us=774802   push_ifconfig_local = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=777171   push_ifconfig_remote_netmask = 0.0.0.0
Mon Dec 11 15:20:29 2006 us=779538   enable_c2c = DISABLED
Mon Dec 11 15:20:29 2006 us=781597   duplicate_cn = DISABLED
Mon Dec 11 15:20:29 2006 us=783999   cf_max = 0
Mon Dec 11 15:20:29 2006 us=786324   cf_per = 0
Mon Dec 11 15:20:29 2006 us=788662   max_clients = 1024
Mon Dec 11 15:20:29 2006 us=790871   max_routes_per_client = 256
Mon Dec 11 15:20:29 2006 us=793248   client_cert_not_required = DISABLED
Mon Dec 11 15:20:29 2006 us=795730   username_as_common_name = DISABLED
Mon Dec 11 15:20:29 2006 us=797795   auth_user_pass_verify_script = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=801256   auth_user_pass_verify_script_via_file = DISABLED
Mon Dec 11 15:20:29 2006 us=805861   client = DISABLED
Mon Dec 11 15:20:29 2006 us=808154   pull = ENABLED
Mon Dec 11 15:20:29 2006 us=810525   auth_user_pass_file = 'stdin'
Mon Dec 11 15:20:29 2006 us=812885   show_net_up = DISABLED
Mon Dec 11 15:20:29 2006 us=814954   route_method = 0
Mon Dec 11 15:20:29 2006 us=817418   ip_win32_defined = DISABLED
Mon Dec 11 15:20:29 2006 us=819765   ip_win32_type = 3
Mon Dec 11 15:20:29 2006 us=822126   dhcp_masq_offset = 0
Mon Dec 11 15:20:29 2006 us=824303   dhcp_lease_time = 31536000
Mon Dec 11 15:20:29 2006 us=826667   tap_sleep = 0
Mon Dec 11 15:20:29 2006 us=829021   dhcp_options = DISABLED
Mon Dec 11 15:20:29 2006 us=831103   dhcp_renew = DISABLED
Mon Dec 11 15:20:29 2006 us=833436   dhcp_pre_release = DISABLED
Mon Dec 11 15:20:29 2006 us=835800   dhcp_release = DISABLED
Mon Dec 11 15:20:29 2006 us=838163   domain = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=841011   netbios_scope = '[UNDEF]'
Mon Dec 11 15:20:29 2006 us=843362   netbios_node_type = 0
Mon Dec 11 15:20:29 2006 us=845721   disable_nbt = DISABLED
Mon Dec 11 15:20:29 2006 us=848855 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Enter Auth Username:kevin
Enter Auth Password:
Mon Dec 11 15:20:36 2006 us=307997 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Dec 11 15:20:36 2006 us=312694 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 11 15:20:36 2006 us=317617 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 11 15:20:36 2006 us=322372 LZO compression initialized
Mon Dec 11 15:20:36 2006 us=325101 Control Channel MTU parms [ L:1578 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Dec 11 15:20:36 2006 us=518555 Data Channel MTU parms [ L:1578 D:1450 EF:46EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 11 15:20:36 2006 us=523441 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Mon Dec 11 15:20:36 2006 us=528118 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Dec 11 15:20:36 2006 us=535421 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Dec 11 15:20:36 2006 us=542598 Local Options hash (VER=V4): 'a257ef04'
Mon Dec 11 15:20:36 2006 us=544877 Expected Remote Options hash (VER=V4): '8f3da10b'
Mon Dec 11 15:20:36 2006 us=549798 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 11 15:20:36 2006 us=557953 UDPv4 link local: [undef]
Mon Dec 11 15:20:36 2006 us=560427 UDPv4 link remote: 58.28.144.144:1194
Mon Dec 11 15:20:36 2006 us=627887 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:38 2006 us=683518 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:40 2006 us=739173 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:42 2006 us=801852 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:44 2006 us=869476 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:46 2006 us=918894 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:49 2006 us=154990 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:50 2006 us=310630 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:52 2006 us=559165 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:54 2006 us=811819 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:56 2006 us=280684 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:20:58 2006 us=411166 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:21:01 2006 us=156582 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:21:02 2006 us=721709 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Dec 11 15:21:04 2006 us=264479 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

[Daniel B.]

Well, it looks like several people are having problems with this contrib. It's quite strange because for me it's working. Can you post the last lines of your server's log just after trying to connect your client.

[AndrewR]

VIP

I'm having the same problem as well.. damned

read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

errors on the client side, and on the server, well.. I finally got it working, after 2 reboots. Didn't change anything... but I would advise people do the follwing:

1) Reboot your server.
2) In Server Manager, verify that the Panel item shows that the daemon is running.

In my case, I think it was the Daemon not running that caused the problem. but now it is, and it is working. The service didn't appear to re-enable after applying on the OVPN Panel page.. and it took a reboot to make it work. But VIP, you're right, it is stable!

Thanks for making the contrib VIP, it's great!

[del]

Hi All,

I have installed this on a test server that is in server-only mode and behind my SME server that is in Server-Gateway mode. I have forwared port 1194 but the daemon is still not starting, I suspect that this is something to do with the IP range. My question is if my server-gateway is the DHCP server for the network do I choose a range on this server or do I need to make the test server the DHCP server (turning it off in the server-gateway machine first ). Or should I just forget the test server and install it on my server-gateway? Thanks.

Regards,
Del

[imcintyre]

I got really busy and this is the first time I got back to this. As before, I am still okay with beta 4, couldn't make beta 5 work, and am now having problems with rpms.

I had tried beta5 again and failed. I ran sh uninstall, deleted that directory and deleted /etc/openvpn directory and try a "fresh install"

I downloaded lzo-1.08-4.2.el4.rf.i386.rpm, openvpn-2.0.7-1.el4.rf.i386.rpm,  smeserver-openvpn-bridge-fws-1.0-1.noarch.rpm. I then saw the chat about an upgrade so I downloaded  smeserver-openvpn-bridge-fws-1.0-2.noarch.rpm.

This is what I got when I installed this file

[root@mcserver1 home]# yum localinstall smeserver-openvpn-bridge-fws-1.0-2.noarch.rpm
==============================================================
WARNING: Additional commands may be required after running yum
==============================================================
Setting up Local Package Process
Examining smeserver-openvpn-bridge-fws-1.0-2.noarch.rpm: smeserver-openvpn-bridge-fws - 1.0-2.noarch
Marking smeserver-openvpn-bridge-fws-1.0-2.noarch.rpm as an update to smeserver-openvpn-bridge-fws - 1.0-1.noarch
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package smeserver-openvpn-bridge-fws.noarch 0:1.0-2 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 smeserver-openvpn-bridge-fws  noarch     1.0-2            smeserver-openvpn-bridge-fws-1.0-2.noarch.rpm   96 k

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       1 Package(s)
Remove       0 Package(s)
Total download size: 96 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Shutting down openvpn: Sat Dec  9 08:12:57 2006 TUN/TAP device tap0 opened
Sat Dec  9 08:12:57 2006 Persist state set to: OFF
Stopping dhcpd:[  OK  ]

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: done
Starting dhcpd:[  OK  ]
[  OK  ]
  Updating  : smeserver-openvpn-bridge-fws ######################### [1/2]
Shutting down openvpn: /etc/rc.d/init.d/openvpn-bridge: line 175: /etc/openvpn/server-bridge-shutdown: Permission denied
[  OK  ]
  Cleanup   : smeserver-openvpn-bridge-fws ######################### [2/2]

Updated: smeserver-openvpn-bridge-fws.noarch 0:1.0-2
Complete!
==============================================================
WARNING: You now need to run BOTH of the following commands
to ensure consistent system state:

signal-event post-upgrade; signal-event reboot

You should run these commands unless you are certain that
yum made no changes to your system.
==============================================================
[root@mcserver1 home]# signal-event post-upgrade
[root@mcserver1 home]# sh signal-event post-upgrade
/sbin/e-smith/signal-event: line 9: use: command not found
/sbin/e-smith/signal-event: line 10: use: command not found
/sbin/e-smith/signal-event: line 11: use: command not found
/sbin/e-smith/signal-event: line 13: my: command not found
/sbin/e-smith/signal-event: signal-event: line 17: syntax error near unexpected token `$event,'
/sbin/e-smith/signal-event: signal-event: line 17: `my ($event, @args) = @ARGV;'
[root@mcserver1 home]#

When I ran the signal-event post-upgrade command, as you can see there "funny" statements near the end. Is this expected?

[Daniel B.]

Hi All,

I have installed this on a test server that is in server-only mode and behind my SME server that is in Server-Gateway mode. I have forwared port 1194 but the daemon is still not starting, I suspect that this is something to do with the IP range. My question is if my server-gateway is the DHCP server for the network do I choose a range on this server or do I need to make the test server the DHCP server (turning it off in the server-gateway machine first ). Or should I just forget the test server and install it on my server-gateway? Thanks.

Regards,
Del

You can let openvpn running on the server-only and the DHCP on the server and gateway. You just have to set correctly the address range. For example, your network has the address 192.168.45.0 with netmask 255.255.255.0. Your server & gateway has address 192.168.45.1, standard DHCP range is from 192.168.45.65 to 192.168.45.250, and your server only has address 192.168.45.2. You can choose the range 192.168.45.10 to 192.168.45.50 for openvpn because these address will never be given to a real local machine on the network.

errors on the client side, and on the server, well.. I finally got it working, after 2 reboots. Didn't change anything... but I would advise people do the follwing:

1) Reboot your server.
2) In Server Manager, verify that the Panel item shows that the daemon is running.

Rebboting shouldn't be needed, you just have to wait a few seconds (or minutes if your server is slow) and if everything is configurered correctly, when you reload the panel, you can see that the service is enabled.

[root@mcserver1 home]# signal-event post-upgrade
[root@mcserver1 home]# sh signal-event post-upgrade
/sbin/e-smith/signal-event: line 9: use: command not found
/sbin/e-smith/signal-event: line 10: use: command not found
/sbin/e-smith/signal-event: line 11: use: command not found
/sbin/e-smith/signal-event: line 13: my: command not found
/sbin/e-smith/signal-event: signal-event: line 17: syntax error near unexpected token `$event,'
/sbin/e-smith/signal-event: signal-event: line 17: `my ($event, @args) = @ARGV;'

Well, I don't really understand the problem, you ran a first time the command signal-event post-upgrade which seems to be ok, then you ran sh signal-event post-upgrade, I don't know why you ran this but it's 'normal' to have error message, signal-event don't have to be interpreted with sh (it's a perl script, and anyway, it wasn't in the current directory). Anyway, signal-event post-upgrade and reboot are not usefull with this contrib has every needed config files are expanded by the panel when you click on apply. Ian, for beta5 and 1.0-2, is the daemon running or not?

[Daniel B.]

VIP
1) Reboot your server.
2) In Server Manager, verify that the Panel item shows that the daemon is running.

In my case, I think it was the Daemon not running that caused the problem. but now it is, and it is working. The service didn't appear to re-enable after applying on the OVPN Panel page.. and it took a reboot to make it work. But VIP, you're right, it is stable!

Thanks for making the contrib VIP, it's great!

Ok, I understand the problem now, you're right, a reboot were needed because of a permission problem on the startup and shutdown script, I dont quite understand why because the rpm scriplet should have set it correctly. Anyway, I've just corrected it and uploaded 1.0-3, please upgrade everyone, it should be ok this time. Sorry for the problem, I'm not a rpm guru yet :/

Code: [Select]

rpm -Uvh http://sme.firewall-services.com/downloads/smeserver-openvpn/rpms/smeserver-openvpn-bridge-fws-1.0-3.noarch.rpm

[imcintyre]

Vip-ire wrote

Ian, for beta5 and 1.0-2, is the daemon running or not?

Yes, unless there is something I am missing, the daemon is running.

When I open up server manager, this is the first thing I see:

Do you wan't to enable the service ?
Status:    Enabled

When I open up "Users", I see this:

Account     User name         VPN Client Access       Action
admin       Local Administrator               No               Modify  Reset Password
ian    Ian McIntyre                            Yes            Modify  Reset Password

If I missed something let me know.

Regarding:

you ran a first time the command signal-event post-upgrade which seems to be ok, then you ran sh signal-event post-upgrade, I don't know why you ran this but it's 'normal' to have error message, signal-event don't have to be interpreted with sh

This came up on the screen after I ran the yum command, so I did it. Apparently I don't know sh** from Perls (couldn't resist pun   )

Anyway, I will run upgrade and see what happens today.

Regarding your rpm knowledge, I still think it stands for revolutions per minute. Oscar Wilde said "Nothing worth learning can be taught" (rough quote).

Sincerely, thanks for help, keep up good work.

Ian

[Daniel B.]

You can easily see if the daemon is running or not (independently from the status enabled or disabled beacause, for example, if the status is enabled and the IP address range not set correctly, the daemon won't start). At the top of the panel, just under the link 'Click here to view the last 100 lines of the log', you've got the real status. It can be:
- daemon is running, pid: xxxxx
- daemon not running

[imcintyre]

I ran the upgrade and was interested in the first couple of lines where is says "br0: unknown interface". Is this a problem?

[root@mcserver1 home]# rpm -Uvh http://sme.firewall-services.com/downloads/smeserver-openvpn/rpms/smeserver-openvpn-bridge-fws-1.0-3.noarch.rpm
Retrieving http://sme.firewall-services.com/downloads/smeserver-openvpn/rpms/smeserver-openvpn-bridge-fws-1.0-3.noarch.rpm
Preparing...                ########################################### [100%]
Shutting down openvpn: br0: unknown interface: No such device
bridge br0 doesn't exist; can't delete it
Tue Dec 12 06:38:59 2006 TUN/TAP device tap0 opened
Tue Dec 12 06:38:59 2006 Persist state set to: OFF
Stopping dhcpd:[  OK  ]

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: done
Starting dhcpd:[  OK  ]
[  OK  ]
   1:smeserver-openvpn-bridg########################################### [100%]
Shutting down openvpn: br0: unknown interface: No such device
bridge br0 doesn't exist; can't delete it
Tue Dec 12 06:39:07 2006 TUN/TAP device tap0 opened
Tue Dec 12 06:39:08 2006 Persist state set to: OFF
Stopping dhcpd:[  OK  ]

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: done
Starting dhcpd:[  OK  ]
[  OK  ]

[Daniel B.]

It's a problem corrected, don't pay attention. It's because the upgrade shutdown the service two times (the new rpm shutdown before the install and the old shutdown after the uninstall). This is corrected in 1.0-3 so the next upgrade shouldn't have this little problem.

[imcintyre]

When I got to work this morning I tried to connect and got the following. After the last line of the log below, the username/password window returns. Almost as if my username/password is wrong but I am 99.73% certain that I have the correct username/password. I haven't changed it since beta 4 was working.

Tue Dec 12 09:26:32 2006 us=730627   chroot_dir = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=730650   cd_dir = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=730673   writepid = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=730696   up_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=730719   down_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=730742   down_pre = DISABLED
Tue Dec 12 09:26:32 2006 us=730765   up_restart = DISABLED
Tue Dec 12 09:26:32 2006 us=730788   up_delay = DISABLED
Tue Dec 12 09:26:32 2006 us=730810   daemon = DISABLED
Tue Dec 12 09:26:32 2006 us=730832   inetd = 0
Tue Dec 12 09:26:32 2006 us=730854   log = DISABLED
Tue Dec 12 09:26:32 2006 us=730877   suppress_timestamps = DISABLED
Tue Dec 12 09:26:32 2006 us=730900   nice = 0
Tue Dec 12 09:26:32 2006 us=730922   verbosity = 4
Tue Dec 12 09:26:32 2006 us=821314   mute = 0
Tue Dec 12 09:26:32 2006 us=821336   gremlin = 0
Tue Dec 12 09:26:32 2006 us=821348   status_file = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=821358   status_file_version = 1
Tue Dec 12 09:26:32 2006 us=821369   status_file_update_freq = 60
Tue Dec 12 09:26:32 2006 us=821380   occ = ENABLED
Tue Dec 12 09:26:32 2006 us=821389   rcvbuf = 0
Tue Dec 12 09:26:32 2006 us=821399   sndbuf = 0
Tue Dec 12 09:26:32 2006 us=821411   socks_proxy_server = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=821426   socks_proxy_port = 0
Tue Dec 12 09:26:32 2006 us=821437   socks_proxy_retry = DISABLED
Tue Dec 12 09:26:32 2006 us=821447   fast_io = DISABLED
Tue Dec 12 09:26:32 2006 us=821457   comp_lzo = ENABLED
Tue Dec 12 09:26:32 2006 us=821467   comp_lzo_adaptive = ENABLED
Tue Dec 12 09:26:32 2006 us=821478   route_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=821489   route_default_gateway = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=821499   route_noexec = DISABLED
Tue Dec 12 09:26:32 2006 us=832042   route_delay = 0
Tue Dec 12 09:26:32 2006 us=832059   route_delay_window = 30
Tue Dec 12 09:26:32 2006 us=832070   route_delay_defined = ENABLED
Tue Dec 12 09:26:32 2006 us=832081   management_addr = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=832092   management_port = 0
Tue Dec 12 09:26:32 2006 us=832102   management_user_pass = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=832114   management_log_history_cache = 250
Tue Dec 12 09:26:32 2006 us=832125   management_echo_buffer_size = 100
Tue Dec 12 09:26:32 2006 us=832136   management_query_passwords = DISABLED
Tue Dec 12 09:26:32 2006 us=832147   management_hold = DISABLED
Tue Dec 12 09:26:32 2006 us=832157   shared_secret_file = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=832168   key_direction = 2
Tue Dec 12 09:26:32 2006 us=832178   ciphername_defined = ENABLED
Tue Dec 12 09:26:32 2006 us=832189   ciphername = 'BF-CBC'
Tue Dec 12 09:26:32 2006 us=832200   authname_defined = ENABLED
Tue Dec 12 09:26:32 2006 us=832210   authname = 'SHA1'
Tue Dec 12 09:26:32 2006 us=842551   keysize = 0
Tue Dec 12 09:26:32 2006 us=842569   engine = DISABLED
Tue Dec 12 09:26:32 2006 us=842580   replay = ENABLED
Tue Dec 12 09:26:32 2006 us=842591   mute_replay_warnings = DISABLED
Tue Dec 12 09:26:32 2006 us=842602   replay_window = 64
Tue Dec 12 09:26:32 2006 us=842612   replay_time = 15
Tue Dec 12 09:26:32 2006 us=842624   packet_id_file = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=842634   use_iv = ENABLED
Tue Dec 12 09:26:32 2006 us=842645   test_crypto = DISABLED
Tue Dec 12 09:26:32 2006 us=842655   tls_server = DISABLED
Tue Dec 12 09:26:32 2006 us=842666   tls_client = ENABLED
Tue Dec 12 09:26:32 2006 us=842676   key_method = 2
Tue Dec 12 09:26:32 2006 us=842686   ca_file = 'ca.crt'
Tue Dec 12 09:26:32 2006 us=842697   dh_file = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=842707   cert_file = 'ian.crt'
Tue Dec 12 09:26:32 2006 us=842718   priv_key_file = 'ian.key'
Tue Dec 12 09:26:32 2006 us=842728   pkcs12_file = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=852215   cryptoapi_cert = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=852232   cipher_list = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=852244   tls_verify = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=852254   tls_remote = 'server'
Tue Dec 12 09:26:32 2006 us=852265   crl_file = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=852275   ns_cert_type = 64
Tue Dec 12 09:26:32 2006 us=852285   tls_timeout = 2
Tue Dec 12 09:26:32 2006 us=852296   renegotiate_bytes = 0
Tue Dec 12 09:26:32 2006 us=852306   renegotiate_packets = 0
Tue Dec 12 09:26:32 2006 us=852317   renegotiate_seconds = 3600
Tue Dec 12 09:26:32 2006 us=852327   handshake_window = 60
Tue Dec 12 09:26:32 2006 us=852338   transition_window = 3600
Tue Dec 12 09:26:32 2006 us=852348   single_session = DISABLED
Tue Dec 12 09:26:32 2006 us=852358   tls_exit = DISABLED
Tue Dec 12 09:26:32 2006 us=852369   tls_auth_file = 'ta.key'
Tue Dec 12 09:26:32 2006 us=852392   server_network = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862820   server_netmask = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862841   server_bridge_ip = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862854   server_bridge_netmask = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862866   server_bridge_pool_start = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862879   server_bridge_pool_end = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862890   ifconfig_pool_defined = DISABLED
Tue Dec 12 09:26:32 2006 us=862902   ifconfig_pool_start = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862914   ifconfig_pool_end = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862926   ifconfig_pool_netmask = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=862939   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=862951   ifconfig_pool_persist_refresh_freq = 600
Tue Dec 12 09:26:32 2006 us=862962   ifconfig_pool_linear = DISABLED
Tue Dec 12 09:26:32 2006 us=862973   n_bcast_buf = 256
Tue Dec 12 09:26:32 2006 us=862983   tcp_queue_limit = 64
Tue Dec 12 09:26:32 2006 us=862994   real_hash_size = 256
Tue Dec 12 09:26:32 2006 us=873239   virtual_hash_size = 256
Tue Dec 12 09:26:32 2006 us=873256   client_connect_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=873269   learn_address_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=873281   client_disconnect_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=873292   client_config_dir = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=873303   ccd_exclusive = DISABLED
Tue Dec 12 09:26:32 2006 us=873313   tmp_dir = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=873324   push_ifconfig_defined = DISABLED
Tue Dec 12 09:26:32 2006 us=873336   push_ifconfig_local = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=873349   push_ifconfig_remote_netmask = 0.0.0.0
Tue Dec 12 09:26:32 2006 us=873360   enable_c2c = DISABLED
Tue Dec 12 09:26:32 2006 us=873370   duplicate_cn = DISABLED
Tue Dec 12 09:26:32 2006 us=873380   cf_max = 0
Tue Dec 12 09:26:32 2006 us=873390   cf_per = 0
Tue Dec 12 09:26:32 2006 us=873400   max_clients = 1024
Tue Dec 12 09:26:32 2006 us=882357   max_routes_per_client = 256
Tue Dec 12 09:26:32 2006 us=882374   client_cert_not_required = DISABLED
Tue Dec 12 09:26:32 2006 us=882387   username_as_common_name = DISABLED
Tue Dec 12 09:26:32 2006 us=882399   auth_user_pass_verify_script = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=882411   auth_user_pass_verify_script_via_file = DISABLED
Tue Dec 12 09:26:32 2006 us=882422   client = DISABLED
Tue Dec 12 09:26:32 2006 us=882432   pull = ENABLED
Tue Dec 12 09:26:32 2006 us=882443   auth_user_pass_file = 'stdin'
Tue Dec 12 09:26:32 2006 us=882457   show_net_up = DISABLED
Tue Dec 12 09:26:32 2006 us=882467   route_method = 0
Tue Dec 12 09:26:32 2006 us=882478   ip_win32_defined = DISABLED
Tue Dec 12 09:26:32 2006 us=882489   ip_win32_type = 3
Tue Dec 12 09:26:32 2006 us=882499   dhcp_masq_offset = 0
Tue Dec 12 09:26:32 2006 us=882510   dhcp_lease_time = 31536000
Tue Dec 12 09:26:32 2006 us=882520   tap_sleep = 0
Tue Dec 12 09:26:32 2006 us=882530   dhcp_options = DISABLED
Tue Dec 12 09:26:32 2006 us=892645   dhcp_renew = DISABLED
Tue Dec 12 09:26:32 2006 us=892663   dhcp_pre_release = DISABLED
Tue Dec 12 09:26:32 2006 us=892673   dhcp_release = DISABLED
Tue Dec 12 09:26:32 2006 us=892683   domain = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=892694   netbios_scope = '[UNDEF]'
Tue Dec 12 09:26:32 2006 us=892704   netbios_node_type = 0
Tue Dec 12 09:26:32 2006 us=892715   disable_nbt = DISABLED
Tue Dec 12 09:26:32 2006 us=892736 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006

Is this helpful