Porting configuration from Win to Linux

[K4y]

Hi all gurus,
I have to premise that I'm absolutely a newbie on the argument. However, shortly: I use OpenVPN (on a Windows 7 machine) to connect to my company's VPN.
Now... I just finished to install a fresh Mint installation on Virtualbox; I'm trying to configure OpenVPN with the same config files and ... there's something missing.
Here's the log:

matteo-VirtualBox openvpn # openvpn --config myconf.conf --script-security 2
Mon Aug 26 15:24:26 2013 OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Enter Auth Username: <myusrname>
Enter Auth Password:
Mon Aug 26 15:24:47 2013 WARNING: file 'utenza.txt' is group or others accessible
Mon Aug 26 15:24:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Aug 26 15:24:47 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Aug 26 15:24:47 2013 WARNING: file 'mykey.key' is group or others accessible
Mon Aug 26 15:24:47 2013 Control Channel Authentication: using 'mykey.key' as a OpenVPN static key file
Mon Aug 26 15:24:47 2013 LZO compression initialized
Mon Aug 26 15:24:47 2013 Attempting to establish TCP connection with [AF_INET]10.16.56.30:8080 [nonblock]
Mon Aug 26 15:24:48 2013 TCP connection established with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link local: [undef]
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link remote: [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Aug 26 15:24:51 2013 [server] Peer Connection Initiated with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:53 2013 TUN/TAP device tun0 opened
Mon Aug 26 15:24:53 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Aug 26 15:24:53 2013 /sbin/ifconfig tun0 10.254.0.146 pointopoint 10.254.0.145 mtu 1500
Mon Aug 26 15:24:55 2013 Initialization Sequence Completed

After that, the log stucks for some minutes and then end due to inactivity (timeout). During this time anyway I have no internet connection (trying to ping www.google.it).

Ifconfig tells something about the interface:

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.254.0.22 P-t-P:10.254.0.21 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:134 (134.0 B) TX bytes:1113 (1.1 KB)

(that mask seems not correct, true that?).


I was expecting the same configuration could work flawlessy on both Win and Linux system, but that's not the case.
Maybe the problem relies in the fact I'm using a Virtual Machine ? Thanks for any suggestion or help.

[maikcat]

first post your configs used,

assuming you are running openvpn as root,
can you post the output of

netstat -nr

on your client AFTER vpn is up,

also can you post the output of

traceroute 8.8.8.8

on your client AFTER vpn is up,


also your network settings on your VM are bridge or NAT?

Michael.

[K4y]

Hi maikcat,
thanks for your support. I can see from VirtualBox that the network setting is NAT.
Regarding the outputs you requested:

matteo@matteo-VirtualBox / $ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.201.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.2.5.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.25.8.0 10.254.0.93 255.255.252.0 UG 0 0 0 tun0
10.41.48.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.42.200.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.48.79.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.124.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.125.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.131.195.128 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
10.148.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.206.80.0 10.254.0.93 255.255.248.0 UG 0 0 0 tun0
10.239.240.0 10.254.0.93 255.255.254.0 UG 0 0 0 tun0
10.254.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.254.0.93 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.153.7.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
151.10.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.21.6.96 10.254.0.93 255.255.255.255 UGH 0 0 0 tun0
172.21.72.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
172.22.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
172.24.10.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
172.26.54.128 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
172.26.255.0 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
172.31.164.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.125.168.19 10.254.0.93 255.255.255.255 UGH 0 0 0 tun0
192.168.10.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.168.201.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.168.224.0 10.254.0.93 255.255.240.0 UG 0 0 0 tun0
192.168.248.0 10.254.0.93 255.255.248.0 UG 0 0 0 tun0
193.42.239.112 10.254.0.93 255.255.255.248 UG 0 0 0 tun0

while traceroute has the following output (sic!):
matteo@matteo-VirtualBox ~ $ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

And here's the config file, which I did not changed porting it from Win to Linux... you can notice there's a proxy authentication in it, but it seems to work well:

##############################################
# Client-side OpenVPN 2.0 config file #
##############################################

client

dev tun

proto tcp

remote <myCompanyUrl> 443 //obviously, <myCompanyUrl is an alias for the real address

resolv-retry infinite

nobind

persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

http-proxy 10.16.56.30 8080 utenza.txt

ca "comp_cert.crt"

tls-auth "comp_cert.key" 1
cipher AES-128-CBC

auth-user-pass

comp-lzo

verb 1

route-method exe
route-delay 2
reneg-sec 0


I execute, as Root, openvpn in the following way:

openvpn --config myconf.conf

and the system prompts me for username and password of my company's VPN. Inserting them right leads to "Initialization Sequence Completed" message, with the stack reported in the first thread.

Last but not least... I have to clarify; I would like to work simultaneously on the Company's VPN (under linux) and under another customer's proxy (under Windows).
That's why I'm trying to configure that Virtualbox image in order to connect to my Company's VPN.

Thanks for your help

[maikcat]

in your config file:

Code: Select all

proto tcp
remote <myCompanyUrl> 443 //obviously, <myCompanyUrl is an alias for the real address
resolv-retry infinite

in your logs

Code: Select all

Mon Aug 26 15:24:48 2013 TCP connection established with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link local: [undef]
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link remote: [AF_INET]10.16.56.30:8080

10.16.56.30 is your companies REAL ip

please also post server config.

Michael.

[K4y]

Hi Michael,
no, 10.16.56.30 is the proxy's IP, as specified in config file:

Code: Select all

http-proxy 10.16.56.30 8080 utenza.txt

I don't have server configuration, our company admin gave us only the certificate, the key and the client config to connect.
Anyway, that configuration works flawlessly on a win machine.

[maikcat]

please post the output of:

iptables -L -v
iptables -L -v -t nat

after vpn is up,
&

netstat -nr
before your start openvpn client.

also can you ping 10.254.0.1 after vpn is up?

btw i noticed this entry on your routing table:

10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0

and your proxy ip is 10.16.56.30...

is the same setup works with same network settings on 7?

Michael.

[K4y]

please post the output of:

iptables -L -v
iptables -L -v -t nat

after VPN is up

That's the output I get:

Code: Select all

matteo-VirtualBox matteo # iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Code: Select all

matteo-VirtualBox matteo # iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination      

netstat -nr
before your start openvpn client.

Code: Select all

netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

also can you ping 10.254.0.1 after vpn is up?

No, I can't... timeout

btw i noticed this entry on your routing table:

10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0

and your proxy ip is 10.16.56.30...

is the same setup works with same network settings on 7?

Michael.

Yes, I gave OpenVPN for Windows a run to collect a log.
Here's the situation on Win7:

Code: Select all

Tue Aug 27 13:56:18 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Aug 27 13:56:34 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 27 13:56:34 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 27 13:56:35 2013 Control Channel Authentication: using 'mykey.key' as a OpenVPN static key file
Tue Aug 27 13:56:35 2013 LZO compression initialized
Tue Aug 27 13:56:35 2013 Attempting to establish TCP connection with 10.16.56.30:8080
Tue Aug 27 13:56:35 2013 TCP connection established with 10.16.56.30:8080
Tue Aug 27 13:56:40 2013 TCPv4_CLIENT link local: [undef]
Tue Aug 27 13:56:40 2013 TCPv4_CLIENT link remote: 10.16.56.30:8080
Tue Aug 27 13:56:40 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 27 13:56:40 2013 [server] Peer Connection Initiated with 10.16.56.30:8080
Tue Aug 27 13:56:43 2013 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{9EE92FC1-381D-4999-A808-6A43B6FDEFE5}.tap
Tue Aug 27 13:56:43 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.254.0.22/255.255.255.252 on interface {9EE92FC1-381D-4999-A808-6A43B6FDEFE5} [DHCP-serv: 10.254.0.21, lease-time: 31536000]
Tue Aug 27 13:56:43 2013 Successful ARP Flush on interface [15] {9EE92FC1-381D-4999-A808-6A43B6FDEFE5}
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
 OK!
Tue Aug 27 13:56:47 2013 Initialization Sequence Completed

Thanks again Michael for your help!

[maikcat]

can you post the output of

netstat -nr

on your win before and after vpn is up?

Michael.

[K4y]

can you post the output of

netstat -nr

on your win before and after vpn is up?

Michael.

yes, here it is.
BEFORE:

C:\Users\Matteo>netstat -nr
===========================================================================
Interface List
65...xx xx xx xx xx xx ......TeamViewer VPN Adapter
15...xx xx xx xx xx xx ......TAP-Win32 Adapter V9
12...xx xx xx xx xx xx ......Intel(R) Centrino(R) Advanced-N 6205
11...xx xx xx xx xx xx ......Broadcom NetXtreme 57xx Gigabit Controller
16...xx xx xx xx xx xx ......Hamachi Network Interface
74...xx xx xx xx xx xx ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
57...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
62...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
60...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
49...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
50...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
48...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
55...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
54...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
51...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
52...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
53...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
58...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
66...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.21.255.151 9256
0.0.0.0 0.0.0.0 10.15.109.1 10.15.109.21 10
10.15.109.0 255.255.255.0 On-link 10.15.109.21 266
10.15.109.21 255.255.255.255 On-link 10.15.109.21 266
10.15.109.255 255.255.255.255 On-link 10.15.109.21 266
25.0.0.0 255.0.0.0 On-link 25.21.255.151 9256
25.21.255.151 255.255.255.255 On-link 25.21.255.151 9256
25.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 25.21.255.151 9256
224.0.0.0 240.0.0.0 On-link 10.15.109.21 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
255.255.255.255 255.255.255.255 On-link 10.15.109.21 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 9020 ::/0 2620:9b::1900:1
1 306 ::1/128 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::1915:ff97/128 On-link
74 276 fe80::/64 On-link
16 276 fe80::/64 On-link
11 266 fe80::/64 On-link
74 276 fe80::802:cef4:9f2d:6965/128
On-link
16 276 fe80::690e:3ff:ee52:586d/128
On-link
11 266 fe80::c4db:4539:efee:f5b7/128
On-link
1 306 ff00::/8 On-link
74 276 ff00::/8 On-link
16 276 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================


After VPN is up:

C:\Users\Matteo>netstat -nr
===========================================================================
Interface List
65...xx xx xx xx xx xx ......TeamViewer VPN Adapter
15...xx xx xx xx xx xx ......TAP-Win32 Adapter V9
12...xx xx xx xx xx xx ......Intel(R) Centrino(R) Advanced-N 6205
11...xx xx xx xx xx xx ......Broadcom NetXtreme 57xx Gigabit Controller
16...xx xx xx xx xx xx ......Hamachi Network Interface
74...xx xx xx xx xx xx ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
57...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
62...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
60...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
49...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
50...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
48...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
55...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
54...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
51...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
52...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
53...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
58...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
66...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.21.255.151 9256
0.0.0.0 0.0.0.0 10.15.109.1 10.15.109.21 10
10.0.1.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.0.201.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.2.5.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.15.109.0 255.255.255.0 On-link 10.15.109.21 266
10.15.109.21 255.255.255.255 On-link 10.15.109.21 266
10.15.109.255 255.255.255.255 On-link 10.15.109.21 266
10.16.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.25.8.0 255.255.252.0 10.254.0.125 10.254.0.126 31
10.41.48.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.42.200.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.48.79.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.124.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.125.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.131.195.128 255.255.255.128 10.254.0.125 10.254.0.126 31
10.148.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.206.80.0 255.255.248.0 10.254.0.125 10.254.0.126 31
10.239.240.0 255.255.254.0 10.254.0.125 10.254.0.126 31
10.254.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.254.0.124 255.255.255.252 On-link 10.254.0.126 286
10.254.0.126 255.255.255.255 On-link 10.254.0.126 286
10.254.0.127 255.255.255.255 On-link 10.254.0.126 286
25.0.0.0 255.0.0.0 On-link 25.21.255.151 9256
25.21.255.151 255.255.255.255 On-link 25.21.255.151 9256
25.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.153.7.0 255.255.255.0 10.254.0.125 10.254.0.126 31
151.10.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
172.21.6.96 255.255.255.255 10.254.0.125 10.254.0.126 31
172.21.72.0 255.255.255.0 10.254.0.125 10.254.0.126 31
172.22.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
172.24.10.0 255.255.255.0 10.254.0.125 10.254.0.126 31
172.26.54.128 255.255.255.128 10.254.0.125 10.254.0.126 31
172.26.255.0 255.255.255.128 10.254.0.125 10.254.0.126 31
172.31.164.0 255.255.255.0 10.254.0.125 10.254.0.126 31
192.125.168.19 255.255.255.255 10.254.0.125 10.254.0.126 31
192.168.10.0 255.255.255.0 10.254.0.125 10.254.0.126 31
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.201.0 255.255.255.0 10.254.0.125 10.254.0.126 31
192.168.224.0 255.255.240.0 10.254.0.125 10.254.0.126 31
192.168.248.0 255.255.248.0 10.254.0.125 10.254.0.126 31
193.42.239.112 255.255.255.248 10.254.0.125 10.254.0.126 31
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 25.21.255.151 9256
224.0.0.0 240.0.0.0 On-link 10.254.0.126 286
224.0.0.0 240.0.0.0 On-link 10.15.109.21 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
255.255.255.255 255.255.255.255 On-link 10.254.0.126 286
255.255.255.255 255.255.255.255 On-link 10.15.109.21 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 9020 ::/0 2620:9b::1900:1
1 306 ::1/128 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::1915:ff97/128 On-link
74 276 fe80::/64 On-link
16 276 fe80::/64 On-link
15 286 fe80::/64 On-link
11 266 fe80::/64 On-link
58 266 fe80::5efe:10.15.109.21/128
On-link
74 276 fe80::802:cef4:9f2d:6965/128
On-link
16 276 fe80::690e:3ff:ee52:586d/128
On-link
15 286 fe80::7054:c25a:31ee:1261/128
On-link
11 266 fe80::c4db:4539:efee:f5b7/128
On-link
1 306 ff00::/8 On-link
74 276 ff00::/8 On-link
16 276 ff00::/8 On-link
15 286 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================

[maikcat]

try this please,

start openvpn on your linux client,
after vpn comes up run this

Code: Select all

route add -host 10.16.56.30 gw 10.0.2.1

after that try to see if you can ping openvpn server (10.254.0.1)

Michael.

[K4y]

try this please,

start openvpn on your linux client,
after vpn comes up run this

Code: Select all

route add -host 10.16.56.30 gw 10.0.2.1

after that try to see if you can ping openvpn server (10.254.0.1)

Michael.

No, again timeout on ping.
I tried with the above instruction; after "Initialization Sequence Completed", an error is thrown with the message:
Tue Aug 27 15:08:50 2013 read TCPv4_CLIENT []: No route to host (code=113)
at intervals of few seconds.

Thanks again

[maikcat]

oops i make an error...

the right command is:

Code: Select all

route add -host 10.16.56.30 gw 10.0.2.2

instead of

Code: Select all

route add -host 10.16.56.30 gw 10.0.2.1

please try it...

Michael.

[K4y]

Hello Michael, and thanks once again for your support.

Adding that link to the route lets me ping successfully 10.254.0.1. Hurray? so and so...

Steps I did:
- launch openvpn
- route add
- ping 10.254.0.1 --> success
- open Firefox
- configure FF proxy in order to use my Company's Proxy (proxy.mycompany.corp)
- "Unable to find proxy server"

I'm going to access VPN in Windows and ping my company's proxy in order to have the internal IP, then I'll report back to you.


EDIT: my company's proxy is @ 192.168.201.3. Setting it in FF I'm able to surf the Web. Yay!

But... why in Win proxy.mycompany.corp is resolved into 192.168.201.3 and under Linux it is not?

Also... can you help me fixing the config file so that I have no more route nodes to add after VPN's set up?
Thanks again

[maikcat]

But... why in Win proxy.mycompany.corp is resolved into 192.168.201.3 and under Linux it is not?

probably your server pushes dns settings to you and win 7 accepts them but linux not...

you can manually add them to your /etc/resolv.conf though

Also... can you help me fixing the config file so that I have no more route nodes to add after VPN's set up?

try adding the route command inside a script then use up directive on your clients config
to run it after vpn is up...

Michael.

[K4y]

try adding the route command inside a script then use up directive on your clients config
to run it after vpn is up...

Michael.

Forgive the noobyness... do you have an example for that?
I'm gonna search about the use of up directive ... anyway, if you have a sketch of code it would be highly appreciated

[K4y]

Forgive the noobyness... do you have an example for that?
I'm gonna search about the use of up directive ... anyway, if you have a sketch of code it would be highly appreciated

Nevermind... I did it