Please help me on vpn server setup on RHEL5 workstation
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Please help me on vpn server setup on RHEL5 workstation
I am setting up a vpn server at my RHEL5 workstation. I want to redirect all my client traffic through this vpn.
This workstation has a direct access to the internet, I mean, no router between it and the internet. and I have installed the openvpn package. the problem is that when I tried to start the service, it reported failed, as shown below:
[root@host openvpn]# sudo /sbin/service openvpn start
Starting openvpn: [FAILED]
[root@host openvpn]# more openvpn.log
Thu Mar 31 13:31:01 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011
Thu Mar 31 13:31:01 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 31 13:31:01 2011 Diffie-Hellman initialized with 1024 bit key
Thu Mar 31 13:31:01 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 13:31:01 2011 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu Mar 31 13:31:01 2011 ROUTE default_gateway=X.X.X.1 (I hide the detail)
Thu Mar 31 13:31:01 2011 TUN/TAP device tun0 opened
Thu Mar 31 13:31:01 2011 TUN/TAP TX queue length set to 100
Thu Mar 31 13:31:01 2011 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 31 13:31:01 2011 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Mar 31 13:31:01 2011 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Mar 31 13:31:01 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 13:31:01 2011 GID set to nobody
Thu Mar 31 13:31:01 2011 UID set to nobody
Thu Mar 31 13:31:01 2011 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 13:31:01 2011 UDPv4 link remote: [undef]
Thu Mar 31 13:31:01 2011 MULTI: multi_init called, r=256 v=256
Thu Mar 31 13:31:01 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar 31 13:31:01 2011 IFCONFIG POOL LIST
Thu Mar 31 13:31:01 2011 Initialization Sequence Completed
[root@host openvpn]#
I am attaching my server.conf here:
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
cipher BF-CBC # Blowfish (default)
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
This workstation has a direct access to the internet, I mean, no router between it and the internet. and I have installed the openvpn package. the problem is that when I tried to start the service, it reported failed, as shown below:
[root@host openvpn]# sudo /sbin/service openvpn start
Starting openvpn: [FAILED]
[root@host openvpn]# more openvpn.log
Thu Mar 31 13:31:01 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011
Thu Mar 31 13:31:01 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 31 13:31:01 2011 Diffie-Hellman initialized with 1024 bit key
Thu Mar 31 13:31:01 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 13:31:01 2011 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu Mar 31 13:31:01 2011 ROUTE default_gateway=X.X.X.1 (I hide the detail)
Thu Mar 31 13:31:01 2011 TUN/TAP device tun0 opened
Thu Mar 31 13:31:01 2011 TUN/TAP TX queue length set to 100
Thu Mar 31 13:31:01 2011 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 31 13:31:01 2011 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Mar 31 13:31:01 2011 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Mar 31 13:31:01 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 13:31:01 2011 GID set to nobody
Thu Mar 31 13:31:01 2011 UID set to nobody
Thu Mar 31 13:31:01 2011 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 13:31:01 2011 UDPv4 link remote: [undef]
Thu Mar 31 13:31:01 2011 MULTI: multi_init called, r=256 v=256
Thu Mar 31 13:31:01 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar 31 13:31:01 2011 IFCONFIG POOL LIST
Thu Mar 31 13:31:01 2011 Initialization Sequence Completed
[root@host openvpn]#
I am attaching my server.conf here:
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
cipher BF-CBC # Blowfish (default)
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Please help me on vpn server setup on RHEL5 workstation
Please set "verb 4" in your server configuration and repost your log files. From what is shown, openvpn is initializing without error; the key line being:
-SThu Mar 31 13:31:01 2011 Initialization Sequence Completed
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Re: Please help me on vpn server setup on RHEL5 workstation
This is verb 4 level log:
Thu Mar 31 14:15:55 2011 us=471405 Current Parameter Settings:
Thu Mar 31 14:15:55 2011 us=471531 config = 'server.conf'
Thu Mar 31 14:15:55 2011 us=471555 mode = 1
Thu Mar 31 14:15:55 2011 us=471576 persist_config = DISABLED
Thu Mar 31 14:15:55 2011 us=471597 persist_mode = 1
Thu Mar 31 14:15:55 2011 us=471617 show_ciphers = DISABLED
Thu Mar 31 14:15:55 2011 us=471637 show_digests = DISABLED
Thu Mar 31 14:15:55 2011 us=471657 show_engines = DISABLED
Thu Mar 31 14:15:55 2011 us=471676 genkey = DISABLED
Thu Mar 31 14:15:55 2011 us=471697 key_pass_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471717 show_tls_ciphers = DISABLED
Thu Mar 31 14:15:55 2011 us=471738 Connection profiles [default]:
Thu Mar 31 14:15:55 2011 us=471759 proto = udp
Thu Mar 31 14:15:55 2011 us=471779 local = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471800 local_port = 1194
Thu Mar 31 14:15:55 2011 us=471820 remote = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471840 remote_port = 1194
Thu Mar 31 14:15:55 2011 us=471863 remote_float = DISABLED
Thu Mar 31 14:15:55 2011 us=471883 bind_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=471904 bind_local = ENABLED
Thu Mar 31 14:15:55 2011 us=471924 connect_retry_seconds = 5
Thu Mar 31 14:15:55 2011 us=471944 connect_timeout = 10
Thu Mar 31 14:15:55 2011 us=471964 connect_retry_max = 0
Thu Mar 31 14:15:55 2011 us=471990 socks_proxy_server = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472012 socks_proxy_port = 0
Thu Mar 31 14:15:55 2011 us=472032 socks_proxy_retry = DISABLED
Thu Mar 31 14:15:55 2011 us=472057 Connection profiles END
Thu Mar 31 14:15:55 2011 us=472078 remote_random = DISABLED
Thu Mar 31 14:15:55 2011 us=472099 ipchange = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472119 dev = 'tun'
Thu Mar 31 14:15:55 2011 us=472139 dev_type = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472159 dev_node = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472178 lladdr = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472198 topology = 1
Thu Mar 31 14:15:55 2011 us=472218 tun_ipv6 = DISABLED
Thu Mar 31 14:15:55 2011 us=472239 ifconfig_local = '10.8.0.1'
Thu Mar 31 14:15:55 2011 us=472259 ifconfig_remote_netmask = '10.8.0.2'
Thu Mar 31 14:15:55 2011 us=472289 ifconfig_noexec = DISABLED
Thu Mar 31 14:15:55 2011 us=472311 ifconfig_nowarn = DISABLED
Thu Mar 31 14:15:55 2011 us=472332 shaper = 0
Thu Mar 31 14:15:55 2011 us=472352 tun_mtu = 1500
Thu Mar 31 14:15:55 2011 us=472372 tun_mtu_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=472392 link_mtu = 1500
Thu Mar 31 14:15:55 2011 us=472411 link_mtu_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=472432 tun_mtu_extra = 0
Thu Mar 31 14:15:55 2011 us=472452 tun_mtu_extra_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=472472 fragment = 0
Thu Mar 31 14:15:55 2011 us=472492 mtu_discover_type = -1
Thu Mar 31 14:15:55 2011 us=472512 mtu_test = 0
Thu Mar 31 14:15:55 2011 us=472532 mlock = DISABLED
Thu Mar 31 14:15:55 2011 us=472552 keepalive_ping = 10
Thu Mar 31 14:15:55 2011 us=472572 keepalive_timeout = 120
Thu Mar 31 14:15:55 2011 us=472592 inactivity_timeout = 0
Thu Mar 31 14:15:55 2011 us=472612 ping_send_timeout = 10
Thu Mar 31 14:15:55 2011 us=472632 ping_rec_timeout = 240
Thu Mar 31 14:15:55 2011 us=472651 ping_rec_timeout_action = 2
Thu Mar 31 14:15:55 2011 us=472672 ping_timer_remote = DISABLED
Thu Mar 31 14:15:55 2011 us=472692 remap_sigusr1 = 0
Thu Mar 31 14:15:55 2011 us=472712 explicit_exit_notification = 0
Thu Mar 31 14:15:55 2011 us=472732 persist_tun = ENABLED
Thu Mar 31 14:15:55 2011 us=472752 persist_local_ip = DISABLED
Thu Mar 31 14:15:55 2011 us=472777 persist_remote_ip = DISABLED
Thu Mar 31 14:15:55 2011 us=472798 persist_key = ENABLED
Thu Mar 31 14:15:55 2011 us=472819 mssfix = 1450
Thu Mar 31 14:15:55 2011 us=472839 passtos = DISABLED
Thu Mar 31 14:15:55 2011 us=472859 resolve_retry_seconds = 1000000000
Thu Mar 31 14:15:55 2011 us=472880 username = 'nobody'
Thu Mar 31 14:15:55 2011 us=472900 groupname = 'nobody'
Thu Mar 31 14:15:55 2011 us=472920 chroot_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472940 cd_dir = '/etc/openvpn'
Thu Mar 31 14:15:55 2011 us=472986 selinux_context = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473007 writepid = '/var/run/openvpn/server.pid'
Thu Mar 31 14:15:55 2011 us=473028 up_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473048 down_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473074 down_pre = DISABLED
Thu Mar 31 14:15:55 2011 us=473107 up_restart = DISABLED
Thu Mar 31 14:15:55 2011 us=473135 up_delay = DISABLED
Thu Mar 31 14:15:55 2011 us=473164 daemon = ENABLED
Thu Mar 31 14:15:55 2011 us=473190 inetd = 0
Thu Mar 31 14:15:55 2011 us=473210 log = ENABLED
Thu Mar 31 14:15:55 2011 us=473230 suppress_timestamps = DISABLED
Thu Mar 31 14:15:55 2011 us=473251 nice = 0
Thu Mar 31 14:15:55 2011 us=473271 verbosity = 4
Thu Mar 31 14:15:55 2011 us=473291 mute = 0
Thu Mar 31 14:15:55 2011 us=473311 gremlin = 0
Thu Mar 31 14:15:55 2011 us=473331 status_file = 'openvpn-status.log'
Thu Mar 31 14:15:55 2011 us=473352 status_file_version = 1
Thu Mar 31 14:15:55 2011 us=473372 status_file_update_freq = 60
Thu Mar 31 14:15:55 2011 us=473392 occ = ENABLED
Thu Mar 31 14:15:55 2011 us=473412 rcvbuf = 65536
Thu Mar 31 14:15:55 2011 us=473432 sndbuf = 65536
Thu Mar 31 14:15:55 2011 us=473452 sockflags = 0
Thu Mar 31 14:15:55 2011 us=473472 fast_io = DISABLED
Thu Mar 31 14:15:55 2011 us=473493 lzo = 7
Thu Mar 31 14:15:55 2011 us=473513 route_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473533 route_default_gateway = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473554 route_default_metric = 0
Thu Mar 31 14:15:55 2011 us=473574 route_noexec = DISABLED
Thu Mar 31 14:15:55 2011 us=473594 route_delay = 0
Thu Mar 31 14:15:55 2011 us=473614 route_delay_window = 30
Thu Mar 31 14:15:55 2011 us=473634 route_delay_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=473655 route_nopull = DISABLED
Thu Mar 31 14:15:55 2011 us=473676 route_gateway_via_dhcp = DISABLED
Thu Mar 31 14:15:55 2011 us=473697 max_routes = 100
Thu Mar 31 14:15:55 2011 us=473717 allow_pull_fqdn = DISABLED
Thu Mar 31 14:15:55 2011 us=473738 route 10.8.0.0/255.255.255.0/nil/nil
Thu Mar 31 14:15:55 2011 us=473759 management_addr = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473780 management_port = 0
Thu Mar 31 14:15:55 2011 us=473801 management_user_pass = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473822 management_log_history_cache = 250
Thu Mar 31 14:15:55 2011 us=473842 management_echo_buffer_size = 100
Thu Mar 31 14:15:55 2011 us=473863 management_write_peer_info_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473883 management_client_user = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473904 management_client_group = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473924 management_flags = 0
Thu Mar 31 14:15:55 2011 us=473945 shared_secret_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473966 key_direction = 0
Thu Mar 31 14:15:55 2011 us=473987 ciphername_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=474008 ciphername = 'BF-CBC'
Thu Mar 31 14:15:55 2011 us=474028 authname_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=474049 authname = 'SHA1'
Thu Mar 31 14:15:55 2011 us=474069 prng_hash = 'SHA1'
Thu Mar 31 14:15:55 2011 us=474090 prng_nonce_secret_len = 16
Thu Mar 31 14:15:55 2011 us=474110 keysize = 0
Thu Mar 31 14:15:55 2011 us=474130 engine = DISABLED
Thu Mar 31 14:15:55 2011 us=474151 replay = ENABLED
Thu Mar 31 14:15:55 2011 us=474171 mute_replay_warnings = DISABLED
Thu Mar 31 14:15:55 2011 us=474192 replay_window = 64
Thu Mar 31 14:15:55 2011 us=474212 replay_time = 15
Thu Mar 31 14:15:55 2011 us=474233 packet_id_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474253 use_iv = ENABLED
Thu Mar 31 14:15:55 2011 us=474273 test_crypto = DISABLED
Thu Mar 31 14:15:55 2011 us=474293 tls_server = ENABLED
Thu Mar 31 14:15:55 2011 us=474314 tls_client = DISABLED
Thu Mar 31 14:15:55 2011 us=474334 key_method = 2
Thu Mar 31 14:15:55 2011 us=474355 ca_file = '/etc/openvpn/ca.crt'
Thu Mar 31 14:15:55 2011 us=474375 ca_path = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474396 dh_file = '/etc/openvpn/dh1024.pem'
Thu Mar 31 14:15:55 2011 us=474437 cert_file = '/etc/openvpn/server.crt'
Thu Mar 31 14:15:55 2011 us=474460 priv_key_file = '/etc/openvpn/server.key'
Thu Mar 31 14:15:55 2011 us=474482 pkcs12_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474502 cipher_list = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474522 tls_verify = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474543 tls_remote = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474563 crl_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474584 ns_cert_type = 0
Thu Mar 31 14:15:55 2011 us=474605 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474626 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474646 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474667 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474687 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474708 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474728 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474748 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474768 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474788 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474809 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474829 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474850 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474870 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474890 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474910 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474931 remote_cert_eku = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474951 tls_timeout = 2
Thu Mar 31 14:15:55 2011 us=474971 renegotiate_bytes = 0
Thu Mar 31 14:15:55 2011 us=474992 renegotiate_packets = 0
Thu Mar 31 14:15:55 2011 us=475012 renegotiate_seconds = 3600
Thu Mar 31 14:15:55 2011 us=475032 handshake_window = 60
Thu Mar 31 14:15:55 2011 us=475053 transition_window = 3600
Thu Mar 31 14:15:55 2011 us=475073 single_session = DISABLED
Thu Mar 31 14:15:55 2011 us=475093 push_peer_info = DISABLED
Thu Mar 31 14:15:55 2011 us=475113 tls_exit = DISABLED
Thu Mar 31 14:15:55 2011 us=475134 tls_auth_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=475154 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475175 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475196 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475216 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475237 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475258 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475278 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475299 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475319 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475340 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475361 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475381 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475402 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475423 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475444 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475464 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475486 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475507 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475528 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475548 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475569 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475590 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475611 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475632 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475653 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475673 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475715 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475738 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475759 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475780 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475801 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475822 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475843 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475863 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475884 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475904 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475925 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475945 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475966 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475987 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476007 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476027 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476048 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476068 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476089 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476109 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476130 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476151 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476172 pkcs11_pin_cache_period = -1
Thu Mar 31 14:15:55 2011 us=476193 pkcs11_id = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476214 pkcs11_id_management = DISABLED
Thu Mar 31 14:15:55 2011 us=476236 server_network = 10.8.0.0
Thu Mar 31 14:15:55 2011 us=476259 server_netmask = 255.255.255.0
Thu Mar 31 14:15:55 2011 us=476282 server_bridge_ip = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476304 server_bridge_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476328 server_bridge_pool_start = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476350 server_bridge_pool_end = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476372 push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Mar 31 14:15:55 2011 us=476393 push_entry = 'route 10.8.0.1'
Thu Mar 31 14:15:55 2011 us=476414 push_entry = 'topology net30'
Thu Mar 31 14:15:55 2011 us=476435 push_entry = 'ping 10'
Thu Mar 31 14:15:55 2011 us=476456 push_entry = 'ping-restart 120'
Thu Mar 31 14:15:55 2011 us=476476 ifconfig_pool_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=476499 ifconfig_pool_start = 10.8.0.4
Thu Mar 31 14:15:55 2011 us=476521 ifconfig_pool_end = 10.8.0.251
Thu Mar 31 14:15:55 2011 us=476544 ifconfig_pool_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476565 ifconfig_pool_persist_filename = 'ipp.txt'
Thu Mar 31 14:15:55 2011 us=476587 ifconfig_pool_persist_refresh_freq = 600
Thu Mar 31 14:15:55 2011 us=476608 n_bcast_buf = 256
Thu Mar 31 14:15:55 2011 us=476628 tcp_queue_limit = 64
Thu Mar 31 14:15:55 2011 us=476648 real_hash_size = 256
Thu Mar 31 14:15:55 2011 us=476669 virtual_hash_size = 256
Thu Mar 31 14:15:55 2011 us=476689 client_connect_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476710 learn_address_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476730 client_disconnect_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476751 client_config_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476772 ccd_exclusive = DISABLED
Thu Mar 31 14:15:55 2011 us=476792 tmp_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476812 push_ifconfig_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=476834 push_ifconfig_local = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476868 push_ifconfig_remote_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476890 enable_c2c = DISABLED
Thu Mar 31 14:15:55 2011 us=476911 duplicate_cn = DISABLED
Thu Mar 31 14:15:55 2011 us=476932 cf_max = 0
Thu Mar 31 14:15:55 2011 us=476953 cf_per = 0
Thu Mar 31 14:15:55 2011 us=476973 max_clients = 1024
Thu Mar 31 14:15:55 2011 us=476993 max_routes_per_client = 256
Thu Mar 31 14:15:55 2011 us=477035 auth_user_pass_verify_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477058 auth_user_pass_verify_script_via_file = DISABLED
Thu Mar 31 14:15:55 2011 us=477129 ssl_flags = 0
Thu Mar 31 14:15:55 2011 us=477159 port_share_host = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477188 port_share_port = 0
Thu Mar 31 14:15:55 2011 us=477216 client = DISABLED
Thu Mar 31 14:15:55 2011 us=477245 pull = DISABLED
Thu Mar 31 14:15:55 2011 us=477277 auth_user_pass_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477317 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011
Thu Mar 31 14:15:55 2011 us=477592 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 31 14:15:55 2011 us=483521 Diffie-Hellman initialized with 1024 bit key
Thu Mar 31 14:15:55 2011 us=484436 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 14:15:55 2011 us=484494 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu Mar 31 14:15:55 2011 us=484714 ROUTE default_gateway=X.X.X.1
Thu Mar 31 14:15:55 2011 us=487094 TUN/TAP device tun0 opened
Thu Mar 31 14:15:55 2011 us=487186 TUN/TAP TX queue length set to 100
Thu Mar 31 14:15:55 2011 us=487279 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 31 14:15:55 2011 us=490772 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Mar 31 14:15:55 2011 us=500440 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Mar 31 14:15:55 2011 us=502591 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 14:15:55 2011 us=504182 GID set to nobody
Thu Mar 31 14:15:55 2011 us=504330 UID set to nobody
Thu Mar 31 14:15:55 2011 us=504384 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 14:15:55 2011 us=504424 UDPv4 link remote: [undef]
Thu Mar 31 14:15:55 2011 us=504459 MULTI: multi_init called, r=256 v=256
Thu Mar 31 14:15:55 2011 us=504691 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar 31 14:15:55 2011 us=504729 IFCONFIG POOL LIST
Thu Mar 31 14:15:55 2011 us=504810 Initialization Sequence Completed
Thu Mar 31 14:15:55 2011 us=471405 Current Parameter Settings:
Thu Mar 31 14:15:55 2011 us=471531 config = 'server.conf'
Thu Mar 31 14:15:55 2011 us=471555 mode = 1
Thu Mar 31 14:15:55 2011 us=471576 persist_config = DISABLED
Thu Mar 31 14:15:55 2011 us=471597 persist_mode = 1
Thu Mar 31 14:15:55 2011 us=471617 show_ciphers = DISABLED
Thu Mar 31 14:15:55 2011 us=471637 show_digests = DISABLED
Thu Mar 31 14:15:55 2011 us=471657 show_engines = DISABLED
Thu Mar 31 14:15:55 2011 us=471676 genkey = DISABLED
Thu Mar 31 14:15:55 2011 us=471697 key_pass_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471717 show_tls_ciphers = DISABLED
Thu Mar 31 14:15:55 2011 us=471738 Connection profiles [default]:
Thu Mar 31 14:15:55 2011 us=471759 proto = udp
Thu Mar 31 14:15:55 2011 us=471779 local = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471800 local_port = 1194
Thu Mar 31 14:15:55 2011 us=471820 remote = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471840 remote_port = 1194
Thu Mar 31 14:15:55 2011 us=471863 remote_float = DISABLED
Thu Mar 31 14:15:55 2011 us=471883 bind_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=471904 bind_local = ENABLED
Thu Mar 31 14:15:55 2011 us=471924 connect_retry_seconds = 5
Thu Mar 31 14:15:55 2011 us=471944 connect_timeout = 10
Thu Mar 31 14:15:55 2011 us=471964 connect_retry_max = 0
Thu Mar 31 14:15:55 2011 us=471990 socks_proxy_server = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472012 socks_proxy_port = 0
Thu Mar 31 14:15:55 2011 us=472032 socks_proxy_retry = DISABLED
Thu Mar 31 14:15:55 2011 us=472057 Connection profiles END
Thu Mar 31 14:15:55 2011 us=472078 remote_random = DISABLED
Thu Mar 31 14:15:55 2011 us=472099 ipchange = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472119 dev = 'tun'
Thu Mar 31 14:15:55 2011 us=472139 dev_type = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472159 dev_node = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472178 lladdr = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472198 topology = 1
Thu Mar 31 14:15:55 2011 us=472218 tun_ipv6 = DISABLED
Thu Mar 31 14:15:55 2011 us=472239 ifconfig_local = '10.8.0.1'
Thu Mar 31 14:15:55 2011 us=472259 ifconfig_remote_netmask = '10.8.0.2'
Thu Mar 31 14:15:55 2011 us=472289 ifconfig_noexec = DISABLED
Thu Mar 31 14:15:55 2011 us=472311 ifconfig_nowarn = DISABLED
Thu Mar 31 14:15:55 2011 us=472332 shaper = 0
Thu Mar 31 14:15:55 2011 us=472352 tun_mtu = 1500
Thu Mar 31 14:15:55 2011 us=472372 tun_mtu_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=472392 link_mtu = 1500
Thu Mar 31 14:15:55 2011 us=472411 link_mtu_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=472432 tun_mtu_extra = 0
Thu Mar 31 14:15:55 2011 us=472452 tun_mtu_extra_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=472472 fragment = 0
Thu Mar 31 14:15:55 2011 us=472492 mtu_discover_type = -1
Thu Mar 31 14:15:55 2011 us=472512 mtu_test = 0
Thu Mar 31 14:15:55 2011 us=472532 mlock = DISABLED
Thu Mar 31 14:15:55 2011 us=472552 keepalive_ping = 10
Thu Mar 31 14:15:55 2011 us=472572 keepalive_timeout = 120
Thu Mar 31 14:15:55 2011 us=472592 inactivity_timeout = 0
Thu Mar 31 14:15:55 2011 us=472612 ping_send_timeout = 10
Thu Mar 31 14:15:55 2011 us=472632 ping_rec_timeout = 240
Thu Mar 31 14:15:55 2011 us=472651 ping_rec_timeout_action = 2
Thu Mar 31 14:15:55 2011 us=472672 ping_timer_remote = DISABLED
Thu Mar 31 14:15:55 2011 us=472692 remap_sigusr1 = 0
Thu Mar 31 14:15:55 2011 us=472712 explicit_exit_notification = 0
Thu Mar 31 14:15:55 2011 us=472732 persist_tun = ENABLED
Thu Mar 31 14:15:55 2011 us=472752 persist_local_ip = DISABLED
Thu Mar 31 14:15:55 2011 us=472777 persist_remote_ip = DISABLED
Thu Mar 31 14:15:55 2011 us=472798 persist_key = ENABLED
Thu Mar 31 14:15:55 2011 us=472819 mssfix = 1450
Thu Mar 31 14:15:55 2011 us=472839 passtos = DISABLED
Thu Mar 31 14:15:55 2011 us=472859 resolve_retry_seconds = 1000000000
Thu Mar 31 14:15:55 2011 us=472880 username = 'nobody'
Thu Mar 31 14:15:55 2011 us=472900 groupname = 'nobody'
Thu Mar 31 14:15:55 2011 us=472920 chroot_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472940 cd_dir = '/etc/openvpn'
Thu Mar 31 14:15:55 2011 us=472986 selinux_context = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473007 writepid = '/var/run/openvpn/server.pid'
Thu Mar 31 14:15:55 2011 us=473028 up_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473048 down_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473074 down_pre = DISABLED
Thu Mar 31 14:15:55 2011 us=473107 up_restart = DISABLED
Thu Mar 31 14:15:55 2011 us=473135 up_delay = DISABLED
Thu Mar 31 14:15:55 2011 us=473164 daemon = ENABLED
Thu Mar 31 14:15:55 2011 us=473190 inetd = 0
Thu Mar 31 14:15:55 2011 us=473210 log = ENABLED
Thu Mar 31 14:15:55 2011 us=473230 suppress_timestamps = DISABLED
Thu Mar 31 14:15:55 2011 us=473251 nice = 0
Thu Mar 31 14:15:55 2011 us=473271 verbosity = 4
Thu Mar 31 14:15:55 2011 us=473291 mute = 0
Thu Mar 31 14:15:55 2011 us=473311 gremlin = 0
Thu Mar 31 14:15:55 2011 us=473331 status_file = 'openvpn-status.log'
Thu Mar 31 14:15:55 2011 us=473352 status_file_version = 1
Thu Mar 31 14:15:55 2011 us=473372 status_file_update_freq = 60
Thu Mar 31 14:15:55 2011 us=473392 occ = ENABLED
Thu Mar 31 14:15:55 2011 us=473412 rcvbuf = 65536
Thu Mar 31 14:15:55 2011 us=473432 sndbuf = 65536
Thu Mar 31 14:15:55 2011 us=473452 sockflags = 0
Thu Mar 31 14:15:55 2011 us=473472 fast_io = DISABLED
Thu Mar 31 14:15:55 2011 us=473493 lzo = 7
Thu Mar 31 14:15:55 2011 us=473513 route_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473533 route_default_gateway = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473554 route_default_metric = 0
Thu Mar 31 14:15:55 2011 us=473574 route_noexec = DISABLED
Thu Mar 31 14:15:55 2011 us=473594 route_delay = 0
Thu Mar 31 14:15:55 2011 us=473614 route_delay_window = 30
Thu Mar 31 14:15:55 2011 us=473634 route_delay_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=473655 route_nopull = DISABLED
Thu Mar 31 14:15:55 2011 us=473676 route_gateway_via_dhcp = DISABLED
Thu Mar 31 14:15:55 2011 us=473697 max_routes = 100
Thu Mar 31 14:15:55 2011 us=473717 allow_pull_fqdn = DISABLED
Thu Mar 31 14:15:55 2011 us=473738 route 10.8.0.0/255.255.255.0/nil/nil
Thu Mar 31 14:15:55 2011 us=473759 management_addr = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473780 management_port = 0
Thu Mar 31 14:15:55 2011 us=473801 management_user_pass = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473822 management_log_history_cache = 250
Thu Mar 31 14:15:55 2011 us=473842 management_echo_buffer_size = 100
Thu Mar 31 14:15:55 2011 us=473863 management_write_peer_info_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473883 management_client_user = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473904 management_client_group = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473924 management_flags = 0
Thu Mar 31 14:15:55 2011 us=473945 shared_secret_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473966 key_direction = 0
Thu Mar 31 14:15:55 2011 us=473987 ciphername_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=474008 ciphername = 'BF-CBC'
Thu Mar 31 14:15:55 2011 us=474028 authname_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=474049 authname = 'SHA1'
Thu Mar 31 14:15:55 2011 us=474069 prng_hash = 'SHA1'
Thu Mar 31 14:15:55 2011 us=474090 prng_nonce_secret_len = 16
Thu Mar 31 14:15:55 2011 us=474110 keysize = 0
Thu Mar 31 14:15:55 2011 us=474130 engine = DISABLED
Thu Mar 31 14:15:55 2011 us=474151 replay = ENABLED
Thu Mar 31 14:15:55 2011 us=474171 mute_replay_warnings = DISABLED
Thu Mar 31 14:15:55 2011 us=474192 replay_window = 64
Thu Mar 31 14:15:55 2011 us=474212 replay_time = 15
Thu Mar 31 14:15:55 2011 us=474233 packet_id_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474253 use_iv = ENABLED
Thu Mar 31 14:15:55 2011 us=474273 test_crypto = DISABLED
Thu Mar 31 14:15:55 2011 us=474293 tls_server = ENABLED
Thu Mar 31 14:15:55 2011 us=474314 tls_client = DISABLED
Thu Mar 31 14:15:55 2011 us=474334 key_method = 2
Thu Mar 31 14:15:55 2011 us=474355 ca_file = '/etc/openvpn/ca.crt'
Thu Mar 31 14:15:55 2011 us=474375 ca_path = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474396 dh_file = '/etc/openvpn/dh1024.pem'
Thu Mar 31 14:15:55 2011 us=474437 cert_file = '/etc/openvpn/server.crt'
Thu Mar 31 14:15:55 2011 us=474460 priv_key_file = '/etc/openvpn/server.key'
Thu Mar 31 14:15:55 2011 us=474482 pkcs12_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474502 cipher_list = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474522 tls_verify = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474543 tls_remote = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474563 crl_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474584 ns_cert_type = 0
Thu Mar 31 14:15:55 2011 us=474605 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474626 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474646 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474667 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474687 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474708 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474728 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474748 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474768 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474788 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474809 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474829 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474850 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474870 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474890 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474910 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474931 remote_cert_eku = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474951 tls_timeout = 2
Thu Mar 31 14:15:55 2011 us=474971 renegotiate_bytes = 0
Thu Mar 31 14:15:55 2011 us=474992 renegotiate_packets = 0
Thu Mar 31 14:15:55 2011 us=475012 renegotiate_seconds = 3600
Thu Mar 31 14:15:55 2011 us=475032 handshake_window = 60
Thu Mar 31 14:15:55 2011 us=475053 transition_window = 3600
Thu Mar 31 14:15:55 2011 us=475073 single_session = DISABLED
Thu Mar 31 14:15:55 2011 us=475093 push_peer_info = DISABLED
Thu Mar 31 14:15:55 2011 us=475113 tls_exit = DISABLED
Thu Mar 31 14:15:55 2011 us=475134 tls_auth_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=475154 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475175 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475196 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475216 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475237 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475258 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475278 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475299 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475319 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475340 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475361 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475381 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475402 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475423 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475444 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475464 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475486 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475507 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475528 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475548 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475569 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475590 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475611 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475632 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475653 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475673 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475715 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475738 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475759 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475780 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475801 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475822 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475843 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475863 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475884 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475904 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475925 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475945 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475966 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475987 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476007 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476027 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476048 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476068 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476089 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476109 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476130 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476151 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476172 pkcs11_pin_cache_period = -1
Thu Mar 31 14:15:55 2011 us=476193 pkcs11_id = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476214 pkcs11_id_management = DISABLED
Thu Mar 31 14:15:55 2011 us=476236 server_network = 10.8.0.0
Thu Mar 31 14:15:55 2011 us=476259 server_netmask = 255.255.255.0
Thu Mar 31 14:15:55 2011 us=476282 server_bridge_ip = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476304 server_bridge_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476328 server_bridge_pool_start = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476350 server_bridge_pool_end = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476372 push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Mar 31 14:15:55 2011 us=476393 push_entry = 'route 10.8.0.1'
Thu Mar 31 14:15:55 2011 us=476414 push_entry = 'topology net30'
Thu Mar 31 14:15:55 2011 us=476435 push_entry = 'ping 10'
Thu Mar 31 14:15:55 2011 us=476456 push_entry = 'ping-restart 120'
Thu Mar 31 14:15:55 2011 us=476476 ifconfig_pool_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=476499 ifconfig_pool_start = 10.8.0.4
Thu Mar 31 14:15:55 2011 us=476521 ifconfig_pool_end = 10.8.0.251
Thu Mar 31 14:15:55 2011 us=476544 ifconfig_pool_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476565 ifconfig_pool_persist_filename = 'ipp.txt'
Thu Mar 31 14:15:55 2011 us=476587 ifconfig_pool_persist_refresh_freq = 600
Thu Mar 31 14:15:55 2011 us=476608 n_bcast_buf = 256
Thu Mar 31 14:15:55 2011 us=476628 tcp_queue_limit = 64
Thu Mar 31 14:15:55 2011 us=476648 real_hash_size = 256
Thu Mar 31 14:15:55 2011 us=476669 virtual_hash_size = 256
Thu Mar 31 14:15:55 2011 us=476689 client_connect_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476710 learn_address_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476730 client_disconnect_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476751 client_config_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476772 ccd_exclusive = DISABLED
Thu Mar 31 14:15:55 2011 us=476792 tmp_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476812 push_ifconfig_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=476834 push_ifconfig_local = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476868 push_ifconfig_remote_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476890 enable_c2c = DISABLED
Thu Mar 31 14:15:55 2011 us=476911 duplicate_cn = DISABLED
Thu Mar 31 14:15:55 2011 us=476932 cf_max = 0
Thu Mar 31 14:15:55 2011 us=476953 cf_per = 0
Thu Mar 31 14:15:55 2011 us=476973 max_clients = 1024
Thu Mar 31 14:15:55 2011 us=476993 max_routes_per_client = 256
Thu Mar 31 14:15:55 2011 us=477035 auth_user_pass_verify_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477058 auth_user_pass_verify_script_via_file = DISABLED
Thu Mar 31 14:15:55 2011 us=477129 ssl_flags = 0
Thu Mar 31 14:15:55 2011 us=477159 port_share_host = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477188 port_share_port = 0
Thu Mar 31 14:15:55 2011 us=477216 client = DISABLED
Thu Mar 31 14:15:55 2011 us=477245 pull = DISABLED
Thu Mar 31 14:15:55 2011 us=477277 auth_user_pass_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477317 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011
Thu Mar 31 14:15:55 2011 us=477592 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 31 14:15:55 2011 us=483521 Diffie-Hellman initialized with 1024 bit key
Thu Mar 31 14:15:55 2011 us=484436 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 14:15:55 2011 us=484494 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu Mar 31 14:15:55 2011 us=484714 ROUTE default_gateway=X.X.X.1
Thu Mar 31 14:15:55 2011 us=487094 TUN/TAP device tun0 opened
Thu Mar 31 14:15:55 2011 us=487186 TUN/TAP TX queue length set to 100
Thu Mar 31 14:15:55 2011 us=487279 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 31 14:15:55 2011 us=490772 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Mar 31 14:15:55 2011 us=500440 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Mar 31 14:15:55 2011 us=502591 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 14:15:55 2011 us=504182 GID set to nobody
Thu Mar 31 14:15:55 2011 us=504330 UID set to nobody
Thu Mar 31 14:15:55 2011 us=504384 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 14:15:55 2011 us=504424 UDPv4 link remote: [undef]
Thu Mar 31 14:15:55 2011 us=504459 MULTI: multi_init called, r=256 v=256
Thu Mar 31 14:15:55 2011 us=504691 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar 31 14:15:55 2011 us=504729 IFCONFIG POOL LIST
Thu Mar 31 14:15:55 2011 us=504810 Initialization Sequence Completed
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Re: Please help me on vpn server setup on RHEL5 workstation
bump up for more help!
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Please help me on vpn server setup on RHEL5 workstation
Just try running it from the command prompt. Posting bump messages is a good way to just get your topic locked.
openvpn --config /etc/openvpn/client.conf --verb 4
This is going to spew the same log data that you're seeing in your syslog files.
If you're still convinced your openvpn config is broken, post your server logs as well (also at verb 4).
openvpn --config /etc/openvpn/client.conf --verb 4
This is going to spew the same log data that you're seeing in your syslog files.
Code: Select all
# ifconfig tun0
tun0 [blah blah blah]
inet addr:[your IP] P-t-P:[server IP] Mask:255.255.255.255
[ blah blah blah ]
# ping [server IP]
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Re: Please help me on vpn server setup on RHEL5 workstation
the original problem was solved! that was because of the multiple .conf files under /etc/openvpn. removed the unwanted, the service started "ok"
then i switched to my client.ovpn. the client is on my home PC running win 7 and behind router. after some editing, i was able to start the client with "Initialization Sequence Completed" However, I cannot get access to the internet.
server is rhel 5
the 1194 port was port forwarding through router to this pc.
i tried to turn off the windows firewall completely. does not help this issue.
is it because of the firewall of server or client?
this is my client.ovpn file:
client
dev tun
dev-node my-tap
remote X.X.X.X 1194
proto udp
resolv-retry infinite
ca ca.crt
cert client2.crt
key client2.key
keepalive 10 120
nobind
persist-key
persist-tun
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 3
redirect-gateway
then i switched to my client.ovpn. the client is on my home PC running win 7 and behind router. after some editing, i was able to start the client with "Initialization Sequence Completed" However, I cannot get access to the internet.
server is rhel 5
the 1194 port was port forwarding through router to this pc.
i tried to turn off the windows firewall completely. does not help this issue.
is it because of the firewall of server or client?
this is my client.ovpn file:
client
dev tun
dev-node my-tap
remote X.X.X.X 1194
proto udp
resolv-retry infinite
ca ca.crt
cert client2.crt
key client2.key
keepalive 10 120
nobind
persist-key
persist-tun
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 3
redirect-gateway
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Please help me on vpn server setup on RHEL5 workstation
Please set "verb 4" in your client configuration and post your client's log.
-S
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Re: Please help me on vpn server setup on RHEL5 workstation
First, thank you for your quick response! This is the my log after hiding some info.
Current Parameter Settings:
config = 'D:\keys\Lab_keys\Lab.ovpn'
mode = 0
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
Connection profiles [default]:
proto = udp
local = '[UNDEF]'
local_port = 0
remote = 'X.X.49.196'
remote_port = 1194
remote_float = DISABLED
bind_defined = DISABLED
bind_local = DISABLED
connect_retry_seconds = 5
connect_timeout = 10
connect_retry_max = 0
socks_proxy_server = '[UNDEF]'
socks_proxy_port = 0
socks_proxy_retry = DISABLED
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun'
dev_type = '[UNDEF]'
dev_node = 'my-tap'
lladdr = '[UNDEF]'
topology = 1
tun_ipv6 = DISABLED
ifconfig_local = '[UNDEF]'
ifconfig_remote_netmask = '[UNDEF]'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
shaper = 0
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
fragment = 0
mtu_discover_type = -1
mtu_test = 0
mlock = DISABLED
keepalive_ping = 10
keepalive_timeout = 120
inactivity_timeout = 0
ping_send_timeout = 10
ping_rec_timeout = 120
ping_rec_timeout_action = 2
ping_timer_remote = DISABLED
remap_sigusr1 = 0
explicit_exit_notification = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
mssfix = 1450
resolve_retry_seconds = 1000000000
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '[UNDEF]'
down_script = '[UNDEF]'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = '[UNDEF]'
status_file_version = 1
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
sockflags = 0
fast_io = DISABLED
lzo = 7
route_script = '[UNDEF]'
route_default_gateway = '[UNDEF]'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 5
route_delay_window = 30
route_delay_defined = ENABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
max_routes = 100
allow_pull_fqdn = DISABLED
[redirect_default_gateway local=0]
management_addr = '[UNDEF]'
management_port = 0
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = 0
ciphername_defined = ENABLED
ciphername = 'BF-CBC'
authname_defined = ENABLED
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
use_iv = ENABLED
test_crypto = DISABLED
tls_server = DISABLED
tls_client = ENABLED
key_method = 2
ca_file = 'D:\keys\Lab_keys\ca.crt'
ca_path = '[UNDEF]'
dh_file = '[UNDEF]'
cert_file = 'D:\keys\Lab_keys\client2.crt'
priv_key_file = 'D:\keys\Lab_keys\client2.key'
pkcs12_file = '[UNDEF]'
cryptoapi_cert = '[UNDEF]'
cipher_list = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_remote = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 64
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
tls_timeout = 2
renegotiate_bytes = 0
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_auth_file = '[UNDEF]'
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_pin_cache_period = -1
pkcs11_id = '[UNDEF]'
pkcs11_id_management = DISABLED
server_network = 0.0.0.0
server_netmask = 0.0.0.0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
ifconfig_pool_defined = DISABLED
ifconfig_pool_start = 0.0.0.0
ifconfig_pool_end = 0.0.0.0
ifconfig_pool_netmask = 0.0.0.0
ifconfig_pool_persist_filename = '[UNDEF]'
ifconfig_pool_persist_refresh_freq = 600
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '[UNDEF]'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
ssl_flags = 0
client = ENABLED
pull = ENABLED
auth_user_pass_file = '[UNDEF]'
show_net_up = DISABLED
route_method = 0
ip_win32_defined = DISABLED
ip_win32_type = 3
dhcp_masq_offset = 0
dhcp_lease_time = 31536000
tap_sleep = 0
dhcp_options = DISABLED
dhcp_renew = DISABLED
dhcp_pre_release = DISABLED
dhcp_release = DISABLED
domain = '[UNDEF]'
netbios_scope = '[UNDEF]'
netbios_node_type = 0
disable_nbt = DISABLED
OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
LZO compression initialized
Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[8192->8192] S=[8192->8192]
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options hash (VER=V4): '41690919'
Expected Remote Options hash (VER=V4): '530fdded'
UDPv4 link local: [undef]
UDPv4 link remote: X.X.49.196:1194
TLS: Initial packet from X.X.49.196:1194, sid=5cfd84df c3d90075
VERIFY OK: depth=1, /C=US/ST=IL/L=Chicago/O=XXX/OU=XXX/CN=Lab_server/name=XXXX/emailAddress=XXX@yyy.com
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, /C=US/ST=IL/L=Chicago/O=XXX/OU=XXX/CN=server/emailAddress=XXX@yyy.com
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[server] Peer Connection Initiated with X.X.49.196:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
ROUTE default_gateway=192.168.1.1
TAP-WIN32 device [my-tap] opened: \\.\Global\{6F8F8100-0158-4768-A900-E0869C794E8A}.tap
TAP-Win32 Driver Version 9.7
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.10/255.255.255.252 on interface {6F8F8100-0158-4768-A900-E0869C794E8A} [DHCP-serv: 10.8.0.9, lease-time: 31536000]
Successful ARP Flush on interface [22] {6F8F8100-0158-4768-A900-E0869C794E8A}
TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
C:\WINDOWS\system32\route.exe ADD X.X.49.196 MASK 255.255.255.255 192.168.1.1
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed
Current Parameter Settings:
config = 'D:\keys\Lab_keys\Lab.ovpn'
mode = 0
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
Connection profiles [default]:
proto = udp
local = '[UNDEF]'
local_port = 0
remote = 'X.X.49.196'
remote_port = 1194
remote_float = DISABLED
bind_defined = DISABLED
bind_local = DISABLED
connect_retry_seconds = 5
connect_timeout = 10
connect_retry_max = 0
socks_proxy_server = '[UNDEF]'
socks_proxy_port = 0
socks_proxy_retry = DISABLED
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun'
dev_type = '[UNDEF]'
dev_node = 'my-tap'
lladdr = '[UNDEF]'
topology = 1
tun_ipv6 = DISABLED
ifconfig_local = '[UNDEF]'
ifconfig_remote_netmask = '[UNDEF]'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
shaper = 0
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
fragment = 0
mtu_discover_type = -1
mtu_test = 0
mlock = DISABLED
keepalive_ping = 10
keepalive_timeout = 120
inactivity_timeout = 0
ping_send_timeout = 10
ping_rec_timeout = 120
ping_rec_timeout_action = 2
ping_timer_remote = DISABLED
remap_sigusr1 = 0
explicit_exit_notification = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
mssfix = 1450
resolve_retry_seconds = 1000000000
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '[UNDEF]'
down_script = '[UNDEF]'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = '[UNDEF]'
status_file_version = 1
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
sockflags = 0
fast_io = DISABLED
lzo = 7
route_script = '[UNDEF]'
route_default_gateway = '[UNDEF]'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 5
route_delay_window = 30
route_delay_defined = ENABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
max_routes = 100
allow_pull_fqdn = DISABLED
[redirect_default_gateway local=0]
management_addr = '[UNDEF]'
management_port = 0
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = 0
ciphername_defined = ENABLED
ciphername = 'BF-CBC'
authname_defined = ENABLED
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
use_iv = ENABLED
test_crypto = DISABLED
tls_server = DISABLED
tls_client = ENABLED
key_method = 2
ca_file = 'D:\keys\Lab_keys\ca.crt'
ca_path = '[UNDEF]'
dh_file = '[UNDEF]'
cert_file = 'D:\keys\Lab_keys\client2.crt'
priv_key_file = 'D:\keys\Lab_keys\client2.key'
pkcs12_file = '[UNDEF]'
cryptoapi_cert = '[UNDEF]'
cipher_list = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_remote = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 64
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
tls_timeout = 2
renegotiate_bytes = 0
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_auth_file = '[UNDEF]'
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_pin_cache_period = -1
pkcs11_id = '[UNDEF]'
pkcs11_id_management = DISABLED
server_network = 0.0.0.0
server_netmask = 0.0.0.0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
ifconfig_pool_defined = DISABLED
ifconfig_pool_start = 0.0.0.0
ifconfig_pool_end = 0.0.0.0
ifconfig_pool_netmask = 0.0.0.0
ifconfig_pool_persist_filename = '[UNDEF]'
ifconfig_pool_persist_refresh_freq = 600
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '[UNDEF]'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
ssl_flags = 0
client = ENABLED
pull = ENABLED
auth_user_pass_file = '[UNDEF]'
show_net_up = DISABLED
route_method = 0
ip_win32_defined = DISABLED
ip_win32_type = 3
dhcp_masq_offset = 0
dhcp_lease_time = 31536000
tap_sleep = 0
dhcp_options = DISABLED
dhcp_renew = DISABLED
dhcp_pre_release = DISABLED
dhcp_release = DISABLED
domain = '[UNDEF]'
netbios_scope = '[UNDEF]'
netbios_node_type = 0
disable_nbt = DISABLED
OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
LZO compression initialized
Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[8192->8192] S=[8192->8192]
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options hash (VER=V4): '41690919'
Expected Remote Options hash (VER=V4): '530fdded'
UDPv4 link local: [undef]
UDPv4 link remote: X.X.49.196:1194
TLS: Initial packet from X.X.49.196:1194, sid=5cfd84df c3d90075
VERIFY OK: depth=1, /C=US/ST=IL/L=Chicago/O=XXX/OU=XXX/CN=Lab_server/name=XXXX/emailAddress=XXX@yyy.com
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, /C=US/ST=IL/L=Chicago/O=XXX/OU=XXX/CN=server/emailAddress=XXX@yyy.com
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[server] Peer Connection Initiated with X.X.49.196:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
ROUTE default_gateway=192.168.1.1
TAP-WIN32 device [my-tap] opened: \\.\Global\{6F8F8100-0158-4768-A900-E0869C794E8A}.tap
TAP-Win32 Driver Version 9.7
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.10/255.255.255.252 on interface {6F8F8100-0158-4768-A900-E0869C794E8A} [DHCP-serv: 10.8.0.9, lease-time: 31536000]
Successful ARP Flush on interface [22] {6F8F8100-0158-4768-A900-E0869C794E8A}
TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
C:\WINDOWS\system32\route.exe ADD X.X.49.196 MASK 255.255.255.255 192.168.1.1
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Please help me on vpn server setup on RHEL5 workstation
Now let's see the output from the following two commands (from your server)
and
Code: Select all
iptables -t nat -L POSTROUTING
Code: Select all
sysctl -a |grep net.ipv4.ip_forward
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Re: Please help me on vpn server setup on RHEL5 workstation
Please see the messages, I recently have added several iptables rules by googling around, you know...
[root@host openvpn]# /sbin/iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
SNAT all -- 10.8.0.2 anywhere to:X.X.49.196
SNAT all -- 10.8.0.3 anywhere to:X.X.49.196
SNAT all -- 10.8.0.4 anywhere to:X.X.49.196
SNAT all -- 10.8.0.5 anywhere to:X.X.49.196
SNAT all -- 10.8.0.6 anywhere to:X.X.49.196
SNAT all -- 10.8.0.7 anywhere to:X.X.49.196
SNAT all -- 10.8.0.8 anywhere to:X.X.49.196
SNAT all -- 10.8.0.9 anywhere to:X.X.49.196
MASQUERADE all -- 10.0.0.0/24 anywhere
SNAT all -- 10.8.0.2 anywhere to:X.X.49.196
SNAT all -- 10.8.0.3 anywhere to:X.X.49.196
SNAT all -- 10.8.0.4 anywhere to:X.X.49.196
SNAT all -- 10.8.0.5 anywhere to:X.X.49.196
SNAT all -- 10.8.0.6 anywhere to:X.X.49.196
SNAT all -- 10.8.0.7 anywhere to:X.X.49.196
SNAT all -- 10.8.0.8 anywhere to:X.X.49.196
SNAT all -- 10.8.0.9 anywhere to:X.X.49.196
MASQUERADE all -- 10.0.0.0/24 anywhere
[root@host openvpn]# /sbin/sysctl -a |grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@host openvpn]# /sbin/iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
SNAT all -- 10.8.0.2 anywhere to:X.X.49.196
SNAT all -- 10.8.0.3 anywhere to:X.X.49.196
SNAT all -- 10.8.0.4 anywhere to:X.X.49.196
SNAT all -- 10.8.0.5 anywhere to:X.X.49.196
SNAT all -- 10.8.0.6 anywhere to:X.X.49.196
SNAT all -- 10.8.0.7 anywhere to:X.X.49.196
SNAT all -- 10.8.0.8 anywhere to:X.X.49.196
SNAT all -- 10.8.0.9 anywhere to:X.X.49.196
MASQUERADE all -- 10.0.0.0/24 anywhere
SNAT all -- 10.8.0.2 anywhere to:X.X.49.196
SNAT all -- 10.8.0.3 anywhere to:X.X.49.196
SNAT all -- 10.8.0.4 anywhere to:X.X.49.196
SNAT all -- 10.8.0.5 anywhere to:X.X.49.196
SNAT all -- 10.8.0.6 anywhere to:X.X.49.196
SNAT all -- 10.8.0.7 anywhere to:X.X.49.196
SNAT all -- 10.8.0.8 anywhere to:X.X.49.196
SNAT all -- 10.8.0.9 anywhere to:X.X.49.196
MASQUERADE all -- 10.0.0.0/24 anywhere
[root@host openvpn]# /sbin/sysctl -a |grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
-
- Forum Team
- Posts: 285
- Joined: Wed Aug 27, 2008 2:41 am
Re: Please help me on vpn server setup on RHEL5 workstation
Why are you SNAT'ing each IP? SNAT the /24!
The masquerade and snat rules wil conflict.
The masquerade and snat rules wil conflict.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 31, 2011 6:04 pm
Re: Please help me on vpn server setup on RHEL5 workstation
just figured out yesterday night. now it works. thanks gladiatr72 and Douglas.