Porting configuration from Win to Linux
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Porting configuration from Win to Linux
Hi all gurus,
I have to premise that I'm absolutely a newbie on the argument. However, shortly: I use OpenVPN (on a Windows 7 machine) to connect to my company's VPN.
Now... I just finished to install a fresh Mint installation on Virtualbox; I'm trying to configure OpenVPN with the same config files and ... there's something missing.
Here's the log:
matteo-VirtualBox openvpn # openvpn --config myconf.conf --script-security 2
Mon Aug 26 15:24:26 2013 OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Enter Auth Username: <myusrname>
Enter Auth Password:
Mon Aug 26 15:24:47 2013 WARNING: file 'utenza.txt' is group or others accessible
Mon Aug 26 15:24:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Aug 26 15:24:47 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Aug 26 15:24:47 2013 WARNING: file 'mykey.key' is group or others accessible
Mon Aug 26 15:24:47 2013 Control Channel Authentication: using 'mykey.key' as a OpenVPN static key file
Mon Aug 26 15:24:47 2013 LZO compression initialized
Mon Aug 26 15:24:47 2013 Attempting to establish TCP connection with [AF_INET]10.16.56.30:8080 [nonblock]
Mon Aug 26 15:24:48 2013 TCP connection established with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link local: [undef]
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link remote: [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Aug 26 15:24:51 2013 [server] Peer Connection Initiated with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:53 2013 TUN/TAP device tun0 opened
Mon Aug 26 15:24:53 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Aug 26 15:24:53 2013 /sbin/ifconfig tun0 10.254.0.146 pointopoint 10.254.0.145 mtu 1500
Mon Aug 26 15:24:55 2013 Initialization Sequence Completed
After that, the log stucks for some minutes and then end due to inactivity (timeout). During this time anyway I have no internet connection (trying to ping www.google.it).
Ifconfig tells something about the interface:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.254.0.22 P-t-P:10.254.0.21 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:134 (134.0 B) TX bytes:1113 (1.1 KB)
(that mask seems not correct, true that?).
I was expecting the same configuration could work flawlessy on both Win and Linux system, but that's not the case.
Maybe the problem relies in the fact I'm using a Virtual Machine ? Thanks for any suggestion or help.
I have to premise that I'm absolutely a newbie on the argument. However, shortly: I use OpenVPN (on a Windows 7 machine) to connect to my company's VPN.
Now... I just finished to install a fresh Mint installation on Virtualbox; I'm trying to configure OpenVPN with the same config files and ... there's something missing.
Here's the log:
matteo-VirtualBox openvpn # openvpn --config myconf.conf --script-security 2
Mon Aug 26 15:24:26 2013 OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Enter Auth Username: <myusrname>
Enter Auth Password:
Mon Aug 26 15:24:47 2013 WARNING: file 'utenza.txt' is group or others accessible
Mon Aug 26 15:24:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Aug 26 15:24:47 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Aug 26 15:24:47 2013 WARNING: file 'mykey.key' is group or others accessible
Mon Aug 26 15:24:47 2013 Control Channel Authentication: using 'mykey.key' as a OpenVPN static key file
Mon Aug 26 15:24:47 2013 LZO compression initialized
Mon Aug 26 15:24:47 2013 Attempting to establish TCP connection with [AF_INET]10.16.56.30:8080 [nonblock]
Mon Aug 26 15:24:48 2013 TCP connection established with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link local: [undef]
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link remote: [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Aug 26 15:24:51 2013 [server] Peer Connection Initiated with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:53 2013 TUN/TAP device tun0 opened
Mon Aug 26 15:24:53 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Aug 26 15:24:53 2013 /sbin/ifconfig tun0 10.254.0.146 pointopoint 10.254.0.145 mtu 1500
Mon Aug 26 15:24:55 2013 Initialization Sequence Completed
After that, the log stucks for some minutes and then end due to inactivity (timeout). During this time anyway I have no internet connection (trying to ping www.google.it).
Ifconfig tells something about the interface:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.254.0.22 P-t-P:10.254.0.21 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:134 (134.0 B) TX bytes:1113 (1.1 KB)
(that mask seems not correct, true that?).
I was expecting the same configuration could work flawlessy on both Win and Linux system, but that's not the case.
Maybe the problem relies in the fact I'm using a Virtual Machine ? Thanks for any suggestion or help.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
first post your configs used,
assuming you are running openvpn as root,
can you post the output of
netstat -nr
on your client AFTER vpn is up,
also can you post the output of
traceroute 8.8.8.8
on your client AFTER vpn is up,
also your network settings on your VM are bridge or NAT?
Michael.
assuming you are running openvpn as root,
can you post the output of
netstat -nr
on your client AFTER vpn is up,
also can you post the output of
traceroute 8.8.8.8
on your client AFTER vpn is up,
also your network settings on your VM are bridge or NAT?
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
Hi maikcat,
thanks for your support. I can see from VirtualBox that the network setting is NAT.
Regarding the outputs you requested:
matteo@matteo-VirtualBox / $ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.201.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.2.5.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.25.8.0 10.254.0.93 255.255.252.0 UG 0 0 0 tun0
10.41.48.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.42.200.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.48.79.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.124.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.125.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.131.195.128 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
10.148.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.206.80.0 10.254.0.93 255.255.248.0 UG 0 0 0 tun0
10.239.240.0 10.254.0.93 255.255.254.0 UG 0 0 0 tun0
10.254.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.254.0.93 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.153.7.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
151.10.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.21.6.96 10.254.0.93 255.255.255.255 UGH 0 0 0 tun0
172.21.72.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
172.22.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
172.24.10.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
172.26.54.128 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
172.26.255.0 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
172.31.164.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.125.168.19 10.254.0.93 255.255.255.255 UGH 0 0 0 tun0
192.168.10.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.168.201.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.168.224.0 10.254.0.93 255.255.240.0 UG 0 0 0 tun0
192.168.248.0 10.254.0.93 255.255.248.0 UG 0 0 0 tun0
193.42.239.112 10.254.0.93 255.255.255.248 UG 0 0 0 tun0
while traceroute has the following output (sic!):
matteo@matteo-VirtualBox ~ $ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
And here's the config file, which I did not changed porting it from Win to Linux... you can notice there's a proxy authentication in it, but it seems to work well:
##############################################
# Client-side OpenVPN 2.0 config file #
##############################################
client
dev tun
proto tcp
remote <myCompanyUrl> 443 //obviously, <myCompanyUrl is an alias for the real address
resolv-retry infinite
nobind
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
http-proxy 10.16.56.30 8080 utenza.txt
ca "comp_cert.crt"
tls-auth "comp_cert.key" 1
cipher AES-128-CBC
auth-user-pass
comp-lzo
verb 1
route-method exe
route-delay 2
reneg-sec 0
I execute, as Root, openvpn in the following way:
openvpn --config myconf.conf
and the system prompts me for username and password of my company's VPN. Inserting them right leads to "Initialization Sequence Completed" message, with the stack reported in the first thread.
Last but not least... I have to clarify; I would like to work simultaneously on the Company's VPN (under linux) and under another customer's proxy (under Windows).
That's why I'm trying to configure that Virtualbox image in order to connect to my Company's VPN.
Thanks for your help
thanks for your support. I can see from VirtualBox that the network setting is NAT.
Regarding the outputs you requested:
matteo@matteo-VirtualBox / $ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.201.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.2.5.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.25.8.0 10.254.0.93 255.255.252.0 UG 0 0 0 tun0
10.41.48.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.42.200.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.48.79.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
10.124.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.125.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.131.195.128 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
10.148.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.206.80.0 10.254.0.93 255.255.248.0 UG 0 0 0 tun0
10.239.240.0 10.254.0.93 255.255.254.0 UG 0 0 0 tun0
10.254.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
10.254.0.93 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.153.7.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
151.10.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.21.6.96 10.254.0.93 255.255.255.255 UGH 0 0 0 tun0
172.21.72.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
172.22.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
172.24.10.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
172.26.54.128 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
172.26.255.0 10.254.0.93 255.255.255.128 UG 0 0 0 tun0
172.31.164.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.125.168.19 10.254.0.93 255.255.255.255 UGH 0 0 0 tun0
192.168.10.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.168.201.0 10.254.0.93 255.255.255.0 UG 0 0 0 tun0
192.168.224.0 10.254.0.93 255.255.240.0 UG 0 0 0 tun0
192.168.248.0 10.254.0.93 255.255.248.0 UG 0 0 0 tun0
193.42.239.112 10.254.0.93 255.255.255.248 UG 0 0 0 tun0
while traceroute has the following output (sic!):
matteo@matteo-VirtualBox ~ $ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
And here's the config file, which I did not changed porting it from Win to Linux... you can notice there's a proxy authentication in it, but it seems to work well:
##############################################
# Client-side OpenVPN 2.0 config file #
##############################################
client
dev tun
proto tcp
remote <myCompanyUrl> 443 //obviously, <myCompanyUrl is an alias for the real address
resolv-retry infinite
nobind
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
http-proxy 10.16.56.30 8080 utenza.txt
ca "comp_cert.crt"
tls-auth "comp_cert.key" 1
cipher AES-128-CBC
auth-user-pass
comp-lzo
verb 1
route-method exe
route-delay 2
reneg-sec 0
I execute, as Root, openvpn in the following way:
openvpn --config myconf.conf
and the system prompts me for username and password of my company's VPN. Inserting them right leads to "Initialization Sequence Completed" message, with the stack reported in the first thread.
Last but not least... I have to clarify; I would like to work simultaneously on the Company's VPN (under linux) and under another customer's proxy (under Windows).
That's why I'm trying to configure that Virtualbox image in order to connect to my Company's VPN.
Thanks for your help
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
in your config file:
in your logs
10.16.56.30 is your companies REAL ip
please also post server config.
Michael.
Code: Select all
proto tcp
remote <myCompanyUrl> 443 //obviously, <myCompanyUrl is an alias for the real address
resolv-retry infinite
Code: Select all
Mon Aug 26 15:24:48 2013 TCP connection established with [AF_INET]10.16.56.30:8080
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link local: [undef]
Mon Aug 26 15:24:51 2013 TCPv4_CLIENT link remote: [AF_INET]10.16.56.30:8080
please also post server config.
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
Hi Michael,
no, 10.16.56.30 is the proxy's IP, as specified in config file:
I don't have server configuration, our company admin gave us only the certificate, the key and the client config to connect.
Anyway, that configuration works flawlessly on a win machine.
no, 10.16.56.30 is the proxy's IP, as specified in config file:
Code: Select all
http-proxy 10.16.56.30 8080 utenza.txt
Anyway, that configuration works flawlessly on a win machine.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
please post the output of:
iptables -L -v
iptables -L -v -t nat
after vpn is up,
&
netstat -nr
before your start openvpn client.
also can you ping 10.254.0.1 after vpn is up?
btw i noticed this entry on your routing table:
is the same setup works with same network settings on 7?
Michael.
iptables -L -v
iptables -L -v -t nat
after vpn is up,
&
netstat -nr
before your start openvpn client.
also can you ping 10.254.0.1 after vpn is up?
btw i noticed this entry on your routing table:
and your proxy ip is 10.16.56.30...10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
is the same setup works with same network settings on 7?
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
That's the output I get:maikcat wrote:please post the output of:
iptables -L -v
iptables -L -v -t nat
after VPN is up
Code: Select all
matteo-VirtualBox matteo # iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Code: Select all
matteo-VirtualBox matteo # iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
maikcat wrote:
netstat -nr
before your start openvpn client.
Code: Select all
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
No, I can't... timeoutmaikcat wrote:
also can you ping 10.254.0.1 after vpn is up?
Yes, I gave OpenVPN for Windows a run to collect a log.maikcat wrote: btw i noticed this entry on your routing table:
and your proxy ip is 10.16.56.30...10.16.0.0 10.254.0.93 255.255.0.0 UG 0 0 0 tun0
is the same setup works with same network settings on 7?
Michael.
Here's the situation on Win7:
Code: Select all
Tue Aug 27 13:56:18 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Aug 27 13:56:34 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 27 13:56:34 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 27 13:56:35 2013 Control Channel Authentication: using 'mykey.key' as a OpenVPN static key file
Tue Aug 27 13:56:35 2013 LZO compression initialized
Tue Aug 27 13:56:35 2013 Attempting to establish TCP connection with 10.16.56.30:8080
Tue Aug 27 13:56:35 2013 TCP connection established with 10.16.56.30:8080
Tue Aug 27 13:56:40 2013 TCPv4_CLIENT link local: [undef]
Tue Aug 27 13:56:40 2013 TCPv4_CLIENT link remote: 10.16.56.30:8080
Tue Aug 27 13:56:40 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 27 13:56:40 2013 [server] Peer Connection Initiated with 10.16.56.30:8080
Tue Aug 27 13:56:43 2013 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{9EE92FC1-381D-4999-A808-6A43B6FDEFE5}.tap
Tue Aug 27 13:56:43 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.254.0.22/255.255.255.252 on interface {9EE92FC1-381D-4999-A808-6A43B6FDEFE5} [DHCP-serv: 10.254.0.21, lease-time: 31536000]
Tue Aug 27 13:56:43 2013 Successful ARP Flush on interface [15] {9EE92FC1-381D-4999-A808-6A43B6FDEFE5}
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
OK!
Tue Aug 27 13:56:47 2013 Initialization Sequence Completed
Thanks again Michael for your help!
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
can you post the output of
netstat -nr
on your win before and after vpn is up?
Michael.
netstat -nr
on your win before and after vpn is up?
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
yes, here it is.maikcat wrote:can you post the output of
netstat -nr
on your win before and after vpn is up?
Michael.
BEFORE:
C:\Users\Matteo>netstat -nr
===========================================================================
Interface List
65...xx xx xx xx xx xx ......TeamViewer VPN Adapter
15...xx xx xx xx xx xx ......TAP-Win32 Adapter V9
12...xx xx xx xx xx xx ......Intel(R) Centrino(R) Advanced-N 6205
11...xx xx xx xx xx xx ......Broadcom NetXtreme 57xx Gigabit Controller
16...xx xx xx xx xx xx ......Hamachi Network Interface
74...xx xx xx xx xx xx ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
57...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
62...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
60...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
49...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
50...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
48...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
55...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
54...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
51...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
52...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
53...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
58...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
66...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.21.255.151 9256
0.0.0.0 0.0.0.0 10.15.109.1 10.15.109.21 10
10.15.109.0 255.255.255.0 On-link 10.15.109.21 266
10.15.109.21 255.255.255.255 On-link 10.15.109.21 266
10.15.109.255 255.255.255.255 On-link 10.15.109.21 266
25.0.0.0 255.0.0.0 On-link 25.21.255.151 9256
25.21.255.151 255.255.255.255 On-link 25.21.255.151 9256
25.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 25.21.255.151 9256
224.0.0.0 240.0.0.0 On-link 10.15.109.21 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
255.255.255.255 255.255.255.255 On-link 10.15.109.21 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 9020 ::/0 2620:9b::1900:1
1 306 ::1/128 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::1915:ff97/128 On-link
74 276 fe80::/64 On-link
16 276 fe80::/64 On-link
11 266 fe80::/64 On-link
74 276 fe80::802:cef4:9f2d:6965/128
On-link
16 276 fe80::690e:3ff:ee52:586d/128
On-link
11 266 fe80::c4db:4539:efee:f5b7/128
On-link
1 306 ff00::/8 On-link
74 276 ff00::/8 On-link
16 276 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================
After VPN is up:
C:\Users\Matteo>netstat -nr
===========================================================================
Interface List
65...xx xx xx xx xx xx ......TeamViewer VPN Adapter
15...xx xx xx xx xx xx ......TAP-Win32 Adapter V9
12...xx xx xx xx xx xx ......Intel(R) Centrino(R) Advanced-N 6205
11...xx xx xx xx xx xx ......Broadcom NetXtreme 57xx Gigabit Controller
16...xx xx xx xx xx xx ......Hamachi Network Interface
74...xx xx xx xx xx xx ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
57...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
62...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
60...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
49...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
50...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13
44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
48...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
55...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
54...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
51...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
52...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
53...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
58...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
66...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.21.255.151 9256
0.0.0.0 0.0.0.0 10.15.109.1 10.15.109.21 10
10.0.1.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.0.201.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.2.5.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.15.109.0 255.255.255.0 On-link 10.15.109.21 266
10.15.109.21 255.255.255.255 On-link 10.15.109.21 266
10.15.109.255 255.255.255.255 On-link 10.15.109.21 266
10.16.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.25.8.0 255.255.252.0 10.254.0.125 10.254.0.126 31
10.41.48.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.42.200.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.48.79.0 255.255.255.0 10.254.0.125 10.254.0.126 31
10.124.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.125.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.131.195.128 255.255.255.128 10.254.0.125 10.254.0.126 31
10.148.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.206.80.0 255.255.248.0 10.254.0.125 10.254.0.126 31
10.239.240.0 255.255.254.0 10.254.0.125 10.254.0.126 31
10.254.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
10.254.0.124 255.255.255.252 On-link 10.254.0.126 286
10.254.0.126 255.255.255.255 On-link 10.254.0.126 286
10.254.0.127 255.255.255.255 On-link 10.254.0.126 286
25.0.0.0 255.0.0.0 On-link 25.21.255.151 9256
25.21.255.151 255.255.255.255 On-link 25.21.255.151 9256
25.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.153.7.0 255.255.255.0 10.254.0.125 10.254.0.126 31
151.10.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
172.21.6.96 255.255.255.255 10.254.0.125 10.254.0.126 31
172.21.72.0 255.255.255.0 10.254.0.125 10.254.0.126 31
172.22.0.0 255.255.0.0 10.254.0.125 10.254.0.126 31
172.24.10.0 255.255.255.0 10.254.0.125 10.254.0.126 31
172.26.54.128 255.255.255.128 10.254.0.125 10.254.0.126 31
172.26.255.0 255.255.255.128 10.254.0.125 10.254.0.126 31
172.31.164.0 255.255.255.0 10.254.0.125 10.254.0.126 31
192.125.168.19 255.255.255.255 10.254.0.125 10.254.0.126 31
192.168.10.0 255.255.255.0 10.254.0.125 10.254.0.126 31
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.201.0 255.255.255.0 10.254.0.125 10.254.0.126 31
192.168.224.0 255.255.240.0 10.254.0.125 10.254.0.126 31
192.168.248.0 255.255.248.0 10.254.0.125 10.254.0.126 31
193.42.239.112 255.255.255.248 10.254.0.125 10.254.0.126 31
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 25.21.255.151 9256
224.0.0.0 240.0.0.0 On-link 10.254.0.126 286
224.0.0.0 240.0.0.0 On-link 10.15.109.21 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 25.21.255.151 9256
255.255.255.255 255.255.255.255 On-link 10.254.0.126 286
255.255.255.255 255.255.255.255 On-link 10.15.109.21 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 9020 ::/0 2620:9b::1900:1
1 306 ::1/128 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::1915:ff97/128 On-link
74 276 fe80::/64 On-link
16 276 fe80::/64 On-link
15 286 fe80::/64 On-link
11 266 fe80::/64 On-link
58 266 fe80::5efe:10.15.109.21/128
On-link
74 276 fe80::802:cef4:9f2d:6965/128
On-link
16 276 fe80::690e:3ff:ee52:586d/128
On-link
15 286 fe80::7054:c25a:31ee:1261/128
On-link
11 266 fe80::c4db:4539:efee:f5b7/128
On-link
1 306 ff00::/8 On-link
74 276 ff00::/8 On-link
16 276 ff00::/8 On-link
15 286 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
try this please,
start openvpn on your linux client,
after vpn comes up run this
after that try to see if you can ping openvpn server (10.254.0.1)
Michael.
start openvpn on your linux client,
after vpn comes up run this
Code: Select all
route add -host 10.16.56.30 gw 10.0.2.1
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
No, again timeout on ping.maikcat wrote:try this please,
start openvpn on your linux client,
after vpn comes up run this
after that try to see if you can ping openvpn server (10.254.0.1)Code: Select all
route add -host 10.16.56.30 gw 10.0.2.1
Michael.
I tried with the above instruction; after "Initialization Sequence Completed", an error is thrown with the message:
Tue Aug 27 15:08:50 2013 read TCPv4_CLIENT []: No route to host (code=113)
at intervals of few seconds.
Thanks again
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
oops i make an error...
the right command is:
instead of
please try it...
Michael.
the right command is:
Code: Select all
route add -host 10.16.56.30 gw 10.0.2.2
Code: Select all
route add -host 10.16.56.30 gw 10.0.2.1
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
Hello Michael, and thanks once again for your support.
Adding that link to the route lets me ping successfully 10.254.0.1. Hurray? so and so...
Steps I did:
- launch openvpn
- route add
- ping 10.254.0.1 --> success
- open Firefox
- configure FF proxy in order to use my Company's Proxy (proxy.mycompany.corp)
- "Unable to find proxy server"
I'm going to access VPN in Windows and ping my company's proxy in order to have the internal IP, then I'll report back to you.
EDIT: my company's proxy is @ 192.168.201.3. Setting it in FF I'm able to surf the Web. Yay!
But... why in Win proxy.mycompany.corp is resolved into 192.168.201.3 and under Linux it is not?
Also... can you help me fixing the config file so that I have no more route nodes to add after VPN's set up?
Thanks again
Adding that link to the route lets me ping successfully 10.254.0.1. Hurray? so and so...
Steps I did:
- launch openvpn
- route add
- ping 10.254.0.1 --> success
- open Firefox
- configure FF proxy in order to use my Company's Proxy (proxy.mycompany.corp)
- "Unable to find proxy server"
I'm going to access VPN in Windows and ping my company's proxy in order to have the internal IP, then I'll report back to you.
EDIT: my company's proxy is @ 192.168.201.3. Setting it in FF I'm able to surf the Web. Yay!
But... why in Win proxy.mycompany.corp is resolved into 192.168.201.3 and under Linux it is not?
Also... can you help me fixing the config file so that I have no more route nodes to add after VPN's set up?
Thanks again
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Porting configuration from Win to Linux
probably your server pushes dns settings to you and win 7 accepts them but linux not...But... why in Win proxy.mycompany.corp is resolved into 192.168.201.3 and under Linux it is not?
you can manually add them to your /etc/resolv.conf though
try adding the route command inside a script then use up directive on your clients configAlso... can you help me fixing the config file so that I have no more route nodes to add after VPN's set up?
to run it after vpn is up...
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
Forgive the noobyness... do you have an example for that?maikcat wrote: try adding the route command inside a script then use up directive on your clients config
to run it after vpn is up...
Michael.
I'm gonna search about the use of up directive ... anyway, if you have a sketch of code it would be highly appreciated
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 26, 2013 1:25 pm
Re: Porting configuration from Win to Linux
Nevermind... I did itK4y wrote: Forgive the noobyness... do you have an example for that?
I'm gonna search about the use of up directive ... anyway, if you have a sketch of code it would be highly appreciated