[HOST_NOT_FOUND] The specified host is unknown.

[robi87]

Hi,

I would like that the relationship between the OpenVPN server SME8 but i am also starting. My problem is in the connection:

...
Mon Mar 11 12:27:03 2013 RESOLVE: Cannot resolve host address: mycompany.local: [HOST_NOT_FOUND] The specified host is unknown.
Mon Mar 11 12:27:05 2013 RESOLVE: Cannot resolve host address: mycompany.local: [HOST_NOT_FOUND] The specified host is unknown.
Mon Mar 11 12:27:12 2013 RESOLVE: Cannot resolve host address: mycompany.local: [HOST_NOT_FOUND] The specified host is unknown.
Mon Mar 11 12:27:19 2013 RESOLVE: Cannot resolve host address: mycompany.local: [HOST_NOT_FOUND] The specified host is unknown.
...

Could you help in this?
Thanks in advance

[maikcat]

hi there,

the error speaks for itself...

hostname mycompany.local is not resolvable to ip address....

please talk with the tech that setup your openvpn.

Michael.

[robi87]

hi there,

the error speaks for itself...

hostname mycompany.local is not resolvable to ip address....

please talk with the tech that setup your openvpn.

Michael.

Ok, i overwrite mycompany.local with the server ip and the error is disappear. But another error:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

The network connectivity is good, there is a connection.
The full log:

Tue Mar 12 08:34:13 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Mar 12 08:34:27 2013 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Tue Mar 12 08:34:27 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 08:34:28 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Mar 12 08:34:28 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 12 08:34:28 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 12 08:34:28 2013 LZO compression initialized
Tue Mar 12 08:34:28 2013 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Mar 12 08:34:28 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Mar 12 08:34:28 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Mar 12 08:34:28 2013 Local Options hash (VER=V4): '13a273ba'
Tue Mar 12 08:34:28 2013 Expected Remote Options hash (VER=V4): '360696c5'
Tue Mar 12 08:34:28 2013 UDPv4 link local: [undef]
Tue Mar 12 08:34:28 2013 UDPv4 link remote: 192.168.69.209:1194
Tue Mar 12 08:35:28 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Mar 12 08:35:28 2013 TLS Error: TLS handshake failed
Tue Mar 12 08:35:28 2013 TCP/UDP: Closing socket
Tue Mar 12 08:35:28 2013 SIGUSR1[soft,tls-error] received, process restarting
Tue Mar 12 08:35:28 2013 Restart pause, 2 second(s)
Tue Mar 12 08:35:30 2013 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Tue Mar 12 08:35:30 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 08:35:30 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Mar 12 08:35:30 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 12 08:35:30 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 12 08:35:30 2013 LZO compression initialized
Tue Mar 12 08:35:30 2013 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Mar 12 08:35:30 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Mar 12 08:35:30 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Mar 12 08:35:30 2013 Local Options hash (VER=V4): '13a273ba'
Tue Mar 12 08:35:30 2013 Expected Remote Options hash (VER=V4): '360696c5'
Tue Mar 12 08:35:30 2013 UDPv4 link local: [undef]
Tue Mar 12 08:35:30 2013 UDPv4 link remote: 192.168.69.209:1194
Tue Mar 12 08:35:30 2013 TCP/UDP: Closing socket
Tue Mar 12 08:35:30 2013 SIGTERM[hard,] received, process exiting

What are you think by tech? Client and server conf file?

[maikcat]

UDPv4 link remote: 192.168.69.209:1194

are you trying to connect locally?

post configs and tell us more about your setup (ip's used etc)

Michael.

[robi87]

UDPv4 link remote: 192.168.69.209:1194

are you trying to connect locally?

post configs and tell us more about your setup (ip's used etc)

Michael.

Yes, because the server is test server and i trying the openvpn. So i disable the windows firewall in the clinet so the client log file this occurs:

Tue Mar 12 12:08:42 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Mar 12 12:08:50 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 12:08:50 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Mar 12 12:08:50 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 12 12:08:50 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 12 12:08:50 2013 LZO compression initialized
Tue Mar 12 12:08:50 2013 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Mar 12 12:08:50 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Mar 12 12:08:50 2013 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Mar 12 12:08:50 2013 Local Options hash (VER=V4): '13a273ba'
Tue Mar 12 12:08:50 2013 Expected Remote Options hash (VER=V4): '360696c5'
Tue Mar 12 12:08:50 2013 UDPv4 link local: [undef]
Tue Mar 12 12:08:50 2013 UDPv4 link remote: 192.168.69.209:1194
Tue Mar 12 12:08:50 2013 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Mar 12 12:08:53 2013 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Mar 12 12:08:53 2013 TCP/UDP: Closing socket
Tue Mar 12 12:08:53 2013 SIGTERM[hard,] received, process exiting

Client conf:

rport 1194
proto udp
dev tap
nobind
remote 192.168.69.209
tls-client
tls-auth ta.key 1
#tls-remote
ns-cert-type server
auth-user-pass
ca ca.crt
cert teszt.crt
key teszt.key
mtu-test
pull
comp-lzo
verb 3

server conf:

port 1194
proto udp
dev tap0

# Drop down privileges
user nobody
group nobody
chroot /etc/openvpn

persist-key
persist-tun

# Certificates config
dh easy-rsa/keys/bridge/dh.pem
ca easy-rsa/keys/bridge/ca.crt
cert easy-rsa/keys/bridge/.crt
key easy-rsa/keys/bridge/.key


tls-server
tls-auth easy-rsa/keys/bridge/ta.key 0

# CRL file for certificates verification
crl-verify easy-rsa/keys/bridge/crl.pem

# Auth method options

# Plugin for user-auth as replacement of the script
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login


# Server mode
server-bridge 192.168.69.209 255.255.255.0 192.168.69.210 192.168.69.211

# Options
keepalive 10 120
push "ping 10"
push "ping-restart 120"
push "dhcp-option DOMAIN mycompany.local"
push "dhcp-option DNS 192.168.69.209"
push "dhcp-option WINS 192.168.69.209"
push "redirect-gateway"
mtu-test
reneg-sec 3600
nice 0

# Clients options
client-config-dir ccd-bridge
ccd-exclusive
max-clients 20
comp-lzo


# Log
status-version 2
log-append /var/log/openvpn/server-bridge.log
status bridge-status.log
verb 1

The client is pc (win7), ip:192.168.69.210 (local network). Server is sme 8 server, ip:192.168.69.209 (local network). Authentication method: one certificate per client, username/password asked.

[maikcat]

are you trying to test your BRIDGED setup locally




anyway...

can you post the output of

iptables -L -v

on your sme server?

btw..server logs? use verb 3 or higher..

server logs are the most important..

Michael.

[robi87]

are you trying to test your BRIDGED setup locally




anyway...

can you post the output of

iptables -L -v

on your sme server?

btw..server logs? use verb 3 or higher..

server logs are the most important..

Michael.

iptables output:

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
227 21619 state_chk all -- any any anywhere anywhere
112 10070 local_chk all -- any any anywhere anywhere
0 0 PPPconn all -- any any anywhere anywhere
0 0 denylog all -- any any 224.0.0.0/4 anywhere
0 0 denylog all -- any any anywhere 224.0.0.0/4
0 0 InboundICMP icmp -- any any anywhere anywhere
0 0 denylog icmp -- any any anywhere anywhere
0 0 InboundTCP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 denylog tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 InboundUDP udp -- br0 any anywhere anywhere
0 0 denylog udp -- br0 any anywhere anywhere
0 0 gre-in gre -- any any anywhere anywhere
0 0 denylog gre -- any any anywhere anywhere
0 0 denylog all -- any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 state_chk all -- any any anywhere anywhere
0 0 SMTPProxy tcp -- any any anywhere anywhere tcp dpt:smtp
0 0 local_chk all -- any any anywhere anywhere
0 0 ForwardedTCP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 ForwardedUDP udp -- any any anywhere anywhere
0 0 denylog all -- any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
626 47732 PPPconn all -- any any anywhere anywhere
0 0 denylog all -- any any 224.0.0.0/4 anywhere
0 0 denylog all -- any any anywhere 224.0.0.0/4
626 47732 ACCEPT all -- any any anywhere anywhere

Chain ForwardedTCP (1 references)
pkts bytes target prot opt in out source destination
0 0 ForwardedTCP_3419 all -- any any anywhere anywhere
0 0 denylog tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN

Chain ForwardedTCP_3419 (1 references)
pkts bytes target prot opt in out source destination

Chain ForwardedUDP (1 references)
pkts bytes target prot opt in out source destination
0 0 ForwardedUDP_3419 all -- any any anywhere anywhere
0 0 denylog udp -- any any anywhere anywhere

Chain ForwardedUDP_3419 (1 references)
pkts bytes target prot opt in out source destination

Chain InboundICMP (1 references)
pkts bytes target prot opt in out source destination
0 0 InboundICMP_3419 all -- any any anywhere anywhere
0 0 denylog icmp -- any any anywhere anywhere

Chain InboundICMP_3419 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 denylog all -- any any anywhere anywhere

Chain InboundTCP (1 references)
pkts bytes target prot opt in out source destination
0 0 InboundTCP_3419 all -- any any anywhere anywhere
0 0 denylog tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN

Chain InboundTCP_3419 (1 references)
pkts bytes target prot opt in out source destination
0 0 denylog all -- any any anywhere !teszt.mycompany.local
0 0 REJECT tcp -- any any anywhere teszt.mycompany.local tcp dpt:auth reject-with tcp-reset
0 0 ACCEPT tcp -- any any anywhere teszt.mycompany.local tcp dpt:ftp
0 0 ACCEPT tcp -- any any anywhere teszt.mycompany.local tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere teszt.mycompany.local tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere teszt.mycompany.local tcp dpt:smtp
0 0 ACCEPT tcp -- any any anywhere teszt.mycompany.local tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere teszt.mycompany.local tcp dpt:smtps
0 0 ACCEPT tcp -- br0 any anywhere anywhere tcp dpt:1194
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1194

Chain InboundUDP (1 references)
pkts bytes target prot opt in out source destination
0 0 InboundUDP_3419 all -- any any anywhere anywhere
0 0 denylog udp -- any any anywhere anywhere

Chain InboundUDP_3419 (1 references)
pkts bytes target prot opt in out source destination
0 0 denylog all -- any any anywhere !teszt.mycompany.local
0 0 ACCEPT udp -- any any anywhere teszt.mycompany.local udp dpt:1194
0 0 ACCEPT udp -- br0 any anywhere anywhere udp dpt:1194
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:1194

Chain PPPconn (2 references)
pkts bytes target prot opt in out source destination
626 47732 PPPconn_1 all -- any any anywhere anywhere

Chain PPPconn_1 (1 references)
pkts bytes target prot opt in out source destination

Chain SMTPProxy (1 references)
pkts bytes target prot opt in out source destination
0 0 denylog tcp -- br0 any anywhere anywhere tcp dpt:smtp

Chain denylog (21 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- any any anywhere anywhere udp dpt:router
0 0 DROP udp -- any any anywhere anywhere udp dpts:netbios-ns:netbios-ssn
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
0 0 ULOG all -- any any anywhere anywhere ULOG copy_range 0 nlgroup 1 prefix `denylog:' queue_threshold 1
0 0 DROP all -- any any anywhere anywhere

Chain gre-in (1 references)
pkts bytes target prot opt in out source destination
0 0 denylog all -- any any anywhere !teszt.mycompany.local
0 0 denylog all -- any any anywhere anywhere

Chain local_chk (2 references)
pkts bytes target prot opt in out source destination
112 10070 local_chk_3419 all -- any any anywhere anywhere

Chain local_chk_3419 (1 references)
pkts bytes target prot opt in out source destination
83 5888 ACCEPT all -- lo any anywhere anywhere
29 4182 ACCEPT all -- any any 192.168.69.0/24 anywhere

Chain state_chk (2 references)
pkts bytes target prot opt in out source destination
115 11549 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED

and the server log:

Mon Mar 11 12:21:25 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 12:21:25 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 12:21:25 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 11 12:21:26 2013 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 11 12:21:26 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 12:21:26 2013 TUN/TAP device tap0 opened
Mon Mar 11 12:21:26 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 12:21:26 2013 GID set to nobody
Mon Mar 11 12:21:26 2013 UID set to nobody
Mon Mar 11 12:21:26 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 12:21:26 2013 UDPv4 link remote: [undef]
Mon Mar 11 12:21:26 2013 Initialization Sequence Completed
Mon Mar 11 14:26:23 2013 event_wait : Interrupted system call (code=4)
Mon Mar 11 14:26:23 2013 SIGTERM[hard,] received, process exiting
Mon Mar 11 14:26:25 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 14:26:25 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 14:26:25 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar 11 14:26:25 2013 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 11 14:26:25 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 14:26:25 2013 TUN/TAP device tap0 opened
Mon Mar 11 14:26:25 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 14:26:25 2013 GID set to nobody
Mon Mar 11 14:26:25 2013 UID set to nobody
Mon Mar 11 14:26:25 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 14:26:25 2013 UDPv4 link remote: [undef]
Mon Mar 11 14:26:25 2013 Initialization Sequence Completed
Mon Mar 11 14:28:47 2013 event_wait : Interrupted system call (code=4)
Mon Mar 11 14:28:47 2013 SIGTERM[hard,] received, process exiting
Mon Mar 11 14:28:59 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 14:28:59 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 14:28:59 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 11 14:28:59 2013 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 11 14:28:59 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 14:28:59 2013 TUN/TAP device tap0 opened
Mon Mar 11 14:28:59 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 14:28:59 2013 GID set to nobody
Mon Mar 11 14:28:59 2013 UID set to nobody
Mon Mar 11 14:28:59 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 14:28:59 2013 UDPv4 link remote: [undef]
Mon Mar 11 14:28:59 2013 Initialization Sequence Completed
Mon Mar 11 14:48:28 2013 event_wait : Interrupted system call (code=4)
Mon Mar 11 14:48:28 2013 SIGTERM[hard,] received, process exiting
Mon Mar 11 14:48:36 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 14:48:36 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 14:48:36 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 11 14:48:36 2013 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 11 14:48:36 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 14:48:36 2013 TUN/TAP device tap0 opened
Mon Mar 11 14:48:36 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 14:48:36 2013 GID set to nobody
Mon Mar 11 14:48:36 2013 UID set to nobody
Mon Mar 11 14:48:36 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 14:48:36 2013 UDPv4 link remote: [undef]
Mon Mar 11 14:48:36 2013 Initialization Sequence Completed
Mon Mar 11 15:12:01 2013 192.168.69.210:64529 Re-using SSL/TLS context
Mon Mar 11 15:12:01 2013 192.168.69.210:64529 LZO compression initialized
Mon Mar 11 15:12:01 2013 192.168.69.210:64529 Could not create temporary file '/tmp/openvpn_acf_c98e1a0b93870ffeaafa7c46def99528.tmp': No such file or directory
Mon Mar 11 15:12:01 2013 192.168.69.210:64529 Exiting
Mon Mar 11 15:48:08 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 15:48:08 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 15:48:08 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 11 15:48:08 2013 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Mon Mar 11 15:48:08 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 15:48:08 2013 TUN/TAP device tap0 opened
Mon Mar 11 15:48:08 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 15:48:08 2013 GID set to nobody
Mon Mar 11 15:48:08 2013 UID set to nobody
Mon Mar 11 15:48:08 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 15:48:08 2013 UDPv4 link remote: [undef]
Mon Mar 11 15:48:08 2013 Initialization Sequence Completed
Mon Mar 11 15:48:28 2013 192.168.69.210:65041 Re-using SSL/TLS context
Mon Mar 11 15:48:28 2013 192.168.69.210:65041 LZO compression initialized
Mon Mar 11 15:48:28 2013 192.168.69.210:65041 Could not create temporary file '/tmp/openvpn_acf_093da07314362acef7c2dd8767fc161c.tmp': No such file or directory
Mon Mar 11 15:48:28 2013 192.168.69.210:65041 Exiting
Mon Mar 11 15:59:41 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 15:59:41 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 15:59:41 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 11 15:59:41 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 15:59:41 2013 TUN/TAP device tap0 opened
Mon Mar 11 15:59:41 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 15:59:41 2013 GID set to nobody
Mon Mar 11 15:59:41 2013 UID set to nobody
Mon Mar 11 15:59:41 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 15:59:41 2013 UDPv4 link remote: [undef]
Mon Mar 11 15:59:41 2013 Initialization Sequence Completed
Mon Mar 11 16:00:58 2013 192.168.69.210:60556 Re-using SSL/TLS context
Mon Mar 11 16:00:58 2013 192.168.69.210:60556 LZO compression initialized
Mon Mar 11 16:00:58 2013 192.168.69.210:60556 Could not create temporary file '/tmp/openvpn_acf_8ec84f21c6531f9bc490125d55da6003.tmp': No such file or directory
Mon Mar 11 16:00:58 2013 192.168.69.210:60556 Exiting
Mon Mar 11 16:06:24 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Mon Mar 11 16:06:24 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Mar 11 16:06:24 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Mar 11 16:06:24 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Mar 11 16:06:24 2013 TUN/TAP device tap0 opened
Mon Mar 11 16:06:24 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Mar 11 16:06:24 2013 GID set to nobody
Mon Mar 11 16:06:24 2013 UID set to nobody
Mon Mar 11 16:06:24 2013 UDPv4 link local (bound): [undef]:1194
Mon Mar 11 16:06:24 2013 UDPv4 link remote: [undef]
Mon Mar 11 16:06:24 2013 Initialization Sequence Completed
Mon Mar 11 16:06:50 2013 192.168.69.210:50232 Re-using SSL/TLS context
Mon Mar 11 16:06:50 2013 192.168.69.210:50232 LZO compression initialized
Mon Mar 11 16:06:51 2013 192.168.69.210:50232 Could not create temporary file '/tmp/openvpn_acf_cae5d90830f873e36c60190b02b7ccea.tmp': No such file or directory
Mon Mar 11 16:06:51 2013 192.168.69.210:50232 Exiting
Tue Mar 12 08:18:33 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 08:18:33 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 08:18:33 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 08:18:33 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Tue Mar 12 08:18:33 2013 TUN/TAP device tap0 opened
Tue Mar 12 08:18:33 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Tue Mar 12 08:18:33 2013 GID set to nobody
Tue Mar 12 08:18:33 2013 UID set to nobody
Tue Mar 12 08:18:33 2013 UDPv4 link local (bound): [undef]:1194
Tue Mar 12 08:18:33 2013 UDPv4 link remote: [undef]
Tue Mar 12 08:18:33 2013 Initialization Sequence Completed
Tue Mar 12 08:22:38 2013 192.168.69.210:65193 Re-using SSL/TLS context
Tue Mar 12 08:22:38 2013 192.168.69.210:65193 LZO compression initialized
Tue Mar 12 08:22:38 2013 192.168.69.210:65193 Could not create temporary file '/tmp/openvpn_acf_79f2e77179572d856269c3cf1bbd2674.tmp': No such file or directory
Tue Mar 12 08:22:38 2013 192.168.69.210:65193 Exiting
Tue Mar 12 09:20:41 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 09:20:41 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 09:20:41 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 09:20:41 2013 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Tue Mar 12 09:20:41 2013 TUN/TAP device tap0 opened
Tue Mar 12 09:20:41 2013 chroot to '/etc/openvpn' and cd to '/' succeeded
Tue Mar 12 09:20:41 2013 GID set to nobody
Tue Mar 12 09:20:41 2013 UID set to nobody
Tue Mar 12 09:20:41 2013 UDPv4 link local (bound): [undef]:1194
Tue Mar 12 09:20:41 2013 UDPv4 link remote: [undef]
Tue Mar 12 09:20:41 2013 Initialization Sequence Completed
Tue Mar 12 09:20:59 2013 192.168.69.210:53778 Re-using SSL/TLS context
Tue Mar 12 09:20:59 2013 192.168.69.210:53778 LZO compression initialized
Tue Mar 12 09:21:00 2013 192.168.69.210:53778 Could not create temporary file '/tmp/openvpn_acf_75a97097087b3fd6044d5b4aa2772d41.tmp': No such file or directory
Tue Mar 12 09:21:00 2013 192.168.69.210:53778 Exiting
Tue Mar 12 09:21:52 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 09:21:52 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 09:21:52 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 09:21:52 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Tue Mar 12 09:21:52 2013 Exiting
Tue Mar 12 10:48:06 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 10:48:06 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 10:48:06 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 10:48:06 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Tue Mar 12 10:48:06 2013 Exiting
Tue Mar 12 10:53:01 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 10:53:01 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 10:53:01 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 10:53:01 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Tue Mar 12 10:53:01 2013 Exiting
Tue Mar 12 10:59:26 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 10:59:26 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 10:59:26 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 10:59:27 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Tue Mar 12 10:59:27 2013 Exiting
Tue Mar 12 10:59:51 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 10:59:51 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 10:59:51 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 10:59:51 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Tue Mar 12 10:59:51 2013 Exiting
Tue Mar 12 11:00:27 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Tue Mar 12 11:00:27 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Mar 12 11:00:27 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 12 11:00:27 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Tue Mar 12 11:00:27 2013 Exiting
Wed Mar 13 12:31:14 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Wed Mar 13 12:31:14 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Mar 13 12:31:14 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 13 12:31:14 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Wed Mar 13 12:31:14 2013 Exiting
Wed Mar 13 12:33:50 2013 OpenVPN 2.2.0 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Wed Mar 13 12:33:50 2013 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Mar 13 12:33:50 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 13 12:33:50 2013 Cannot load certificate file easy-rsa/keys/bridge/.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Wed Mar 13 12:33:50 2013 Exiting

Yes, i use sme 8 linux server.

[maikcat]

please post output of sestatus on your openvpn server.

a few comments...

DONT test bridge setup in local lan

disable firewall rules on server during setup

Michael.

[robi87]

please post output of sestatus on your openvpn server.

a few comments...

DONT test bridge setup in local lan

disable firewall rules on server during setup

Michael.

What are you think than sestatus? Server status? Server configuration?

[maikcat]

sme is centos/redhat based...

centos/redhat have SELinux , sestatus is a command...

please post the output here (enforcing/permissive/disabled)

Michael.