Please help me on vpn server setup on RHEL5 workstation

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Thu Mar 31, 2011 6:38 pm

I am setting up a vpn server at my RHEL5 workstation. I want to redirect all my client traffic through this vpn.

This workstation has a direct access to the internet, I mean, no router between it and the internet. and I have installed the openvpn package. the problem is that when I tried to start the service, it reported failed, as shown below:

[root@host openvpn]# sudo /sbin/service openvpn start
Starting openvpn: [FAILED]
[root@host openvpn]# more openvpn.log
Thu Mar 31 13:31:01 2011 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011
Thu Mar 31 13:31:01 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 31 13:31:01 2011 Diffie-Hellman initialized with 1024 bit key
Thu Mar 31 13:31:01 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 13:31:01 2011 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu Mar 31 13:31:01 2011 ROUTE default_gateway=X.X.X.1 (I hide the detail)
Thu Mar 31 13:31:01 2011 TUN/TAP device tun0 opened
Thu Mar 31 13:31:01 2011 TUN/TAP TX queue length set to 100
Thu Mar 31 13:31:01 2011 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 31 13:31:01 2011 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Mar 31 13:31:01 2011 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Mar 31 13:31:01 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 13:31:01 2011 GID set to nobody
Thu Mar 31 13:31:01 2011 UID set to nobody
Thu Mar 31 13:31:01 2011 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 13:31:01 2011 UDPv4 link remote: [undef]
Thu Mar 31 13:31:01 2011 MULTI: multi_init called, r=256 v=256
Thu Mar 31 13:31:01 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar 31 13:31:01 2011 IFCONFIG POOL LIST
Thu Mar 31 13:31:01 2011 Initialization Sequence Completed
[root@host openvpn]#

I am attaching my server.conf here:
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
cipher BF-CBC # Blowfish (default)
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Please help me on vpn server setup on RHEL5 workstation

Post by gladiatr72 » Thu Mar 31, 2011 7:11 pm

Please set "verb 4" in your server configuration and repost your log files. From what is shown, openvpn is initializing without error; the key line being:
Thu Mar 31 13:31:01 2011 Initialization Sequence Completed
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Re: Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Thu Mar 31, 2011 7:19 pm

This is verb 4 level log:

Thu Mar 31 14:15:55 2011 us=471405 Current Parameter Settings:
Thu Mar 31 14:15:55 2011 us=471531 config = 'server.conf'
Thu Mar 31 14:15:55 2011 us=471555 mode = 1
Thu Mar 31 14:15:55 2011 us=471576 persist_config = DISABLED
Thu Mar 31 14:15:55 2011 us=471597 persist_mode = 1
Thu Mar 31 14:15:55 2011 us=471617 show_ciphers = DISABLED
Thu Mar 31 14:15:55 2011 us=471637 show_digests = DISABLED
Thu Mar 31 14:15:55 2011 us=471657 show_engines = DISABLED
Thu Mar 31 14:15:55 2011 us=471676 genkey = DISABLED
Thu Mar 31 14:15:55 2011 us=471697 key_pass_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471717 show_tls_ciphers = DISABLED
Thu Mar 31 14:15:55 2011 us=471738 Connection profiles [default]:
Thu Mar 31 14:15:55 2011 us=471759 proto = udp
Thu Mar 31 14:15:55 2011 us=471779 local = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471800 local_port = 1194
Thu Mar 31 14:15:55 2011 us=471820 remote = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=471840 remote_port = 1194
Thu Mar 31 14:15:55 2011 us=471863 remote_float = DISABLED
Thu Mar 31 14:15:55 2011 us=471883 bind_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=471904 bind_local = ENABLED
Thu Mar 31 14:15:55 2011 us=471924 connect_retry_seconds = 5
Thu Mar 31 14:15:55 2011 us=471944 connect_timeout = 10
Thu Mar 31 14:15:55 2011 us=471964 connect_retry_max = 0
Thu Mar 31 14:15:55 2011 us=471990 socks_proxy_server = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472012 socks_proxy_port = 0
Thu Mar 31 14:15:55 2011 us=472032 socks_proxy_retry = DISABLED
Thu Mar 31 14:15:55 2011 us=472057 Connection profiles END
Thu Mar 31 14:15:55 2011 us=472078 remote_random = DISABLED
Thu Mar 31 14:15:55 2011 us=472099 ipchange = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472119 dev = 'tun'
Thu Mar 31 14:15:55 2011 us=472139 dev_type = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472159 dev_node = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472178 lladdr = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472198 topology = 1
Thu Mar 31 14:15:55 2011 us=472218 tun_ipv6 = DISABLED
Thu Mar 31 14:15:55 2011 us=472239 ifconfig_local = '10.8.0.1'
Thu Mar 31 14:15:55 2011 us=472259 ifconfig_remote_netmask = '10.8.0.2'
Thu Mar 31 14:15:55 2011 us=472289 ifconfig_noexec = DISABLED
Thu Mar 31 14:15:55 2011 us=472311 ifconfig_nowarn = DISABLED
Thu Mar 31 14:15:55 2011 us=472332 shaper = 0
Thu Mar 31 14:15:55 2011 us=472352 tun_mtu = 1500
Thu Mar 31 14:15:55 2011 us=472372 tun_mtu_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=472392 link_mtu = 1500
Thu Mar 31 14:15:55 2011 us=472411 link_mtu_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=472432 tun_mtu_extra = 0
Thu Mar 31 14:15:55 2011 us=472452 tun_mtu_extra_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=472472 fragment = 0
Thu Mar 31 14:15:55 2011 us=472492 mtu_discover_type = -1
Thu Mar 31 14:15:55 2011 us=472512 mtu_test = 0
Thu Mar 31 14:15:55 2011 us=472532 mlock = DISABLED
Thu Mar 31 14:15:55 2011 us=472552 keepalive_ping = 10
Thu Mar 31 14:15:55 2011 us=472572 keepalive_timeout = 120
Thu Mar 31 14:15:55 2011 us=472592 inactivity_timeout = 0
Thu Mar 31 14:15:55 2011 us=472612 ping_send_timeout = 10
Thu Mar 31 14:15:55 2011 us=472632 ping_rec_timeout = 240
Thu Mar 31 14:15:55 2011 us=472651 ping_rec_timeout_action = 2
Thu Mar 31 14:15:55 2011 us=472672 ping_timer_remote = DISABLED
Thu Mar 31 14:15:55 2011 us=472692 remap_sigusr1 = 0
Thu Mar 31 14:15:55 2011 us=472712 explicit_exit_notification = 0
Thu Mar 31 14:15:55 2011 us=472732 persist_tun = ENABLED
Thu Mar 31 14:15:55 2011 us=472752 persist_local_ip = DISABLED
Thu Mar 31 14:15:55 2011 us=472777 persist_remote_ip = DISABLED
Thu Mar 31 14:15:55 2011 us=472798 persist_key = ENABLED
Thu Mar 31 14:15:55 2011 us=472819 mssfix = 1450
Thu Mar 31 14:15:55 2011 us=472839 passtos = DISABLED
Thu Mar 31 14:15:55 2011 us=472859 resolve_retry_seconds = 1000000000
Thu Mar 31 14:15:55 2011 us=472880 username = 'nobody'
Thu Mar 31 14:15:55 2011 us=472900 groupname = 'nobody'
Thu Mar 31 14:15:55 2011 us=472920 chroot_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=472940 cd_dir = '/etc/openvpn'
Thu Mar 31 14:15:55 2011 us=472986 selinux_context = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473007 writepid = '/var/run/openvpn/server.pid'
Thu Mar 31 14:15:55 2011 us=473028 up_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473048 down_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473074 down_pre = DISABLED
Thu Mar 31 14:15:55 2011 us=473107 up_restart = DISABLED
Thu Mar 31 14:15:55 2011 us=473135 up_delay = DISABLED
Thu Mar 31 14:15:55 2011 us=473164 daemon = ENABLED
Thu Mar 31 14:15:55 2011 us=473190 inetd = 0
Thu Mar 31 14:15:55 2011 us=473210 log = ENABLED
Thu Mar 31 14:15:55 2011 us=473230 suppress_timestamps = DISABLED
Thu Mar 31 14:15:55 2011 us=473251 nice = 0
Thu Mar 31 14:15:55 2011 us=473271 verbosity = 4
Thu Mar 31 14:15:55 2011 us=473291 mute = 0
Thu Mar 31 14:15:55 2011 us=473311 gremlin = 0
Thu Mar 31 14:15:55 2011 us=473331 status_file = 'openvpn-status.log'
Thu Mar 31 14:15:55 2011 us=473352 status_file_version = 1
Thu Mar 31 14:15:55 2011 us=473372 status_file_update_freq = 60
Thu Mar 31 14:15:55 2011 us=473392 occ = ENABLED
Thu Mar 31 14:15:55 2011 us=473412 rcvbuf = 65536
Thu Mar 31 14:15:55 2011 us=473432 sndbuf = 65536
Thu Mar 31 14:15:55 2011 us=473452 sockflags = 0
Thu Mar 31 14:15:55 2011 us=473472 fast_io = DISABLED
Thu Mar 31 14:15:55 2011 us=473493 lzo = 7
Thu Mar 31 14:15:55 2011 us=473513 route_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473533 route_default_gateway = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473554 route_default_metric = 0
Thu Mar 31 14:15:55 2011 us=473574 route_noexec = DISABLED
Thu Mar 31 14:15:55 2011 us=473594 route_delay = 0
Thu Mar 31 14:15:55 2011 us=473614 route_delay_window = 30
Thu Mar 31 14:15:55 2011 us=473634 route_delay_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=473655 route_nopull = DISABLED
Thu Mar 31 14:15:55 2011 us=473676 route_gateway_via_dhcp = DISABLED
Thu Mar 31 14:15:55 2011 us=473697 max_routes = 100
Thu Mar 31 14:15:55 2011 us=473717 allow_pull_fqdn = DISABLED
Thu Mar 31 14:15:55 2011 us=473738 route 10.8.0.0/255.255.255.0/nil/nil
Thu Mar 31 14:15:55 2011 us=473759 management_addr = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473780 management_port = 0
Thu Mar 31 14:15:55 2011 us=473801 management_user_pass = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473822 management_log_history_cache = 250
Thu Mar 31 14:15:55 2011 us=473842 management_echo_buffer_size = 100
Thu Mar 31 14:15:55 2011 us=473863 management_write_peer_info_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473883 management_client_user = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473904 management_client_group = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473924 management_flags = 0
Thu Mar 31 14:15:55 2011 us=473945 shared_secret_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=473966 key_direction = 0
Thu Mar 31 14:15:55 2011 us=473987 ciphername_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=474008 ciphername = 'BF-CBC'
Thu Mar 31 14:15:55 2011 us=474028 authname_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=474049 authname = 'SHA1'
Thu Mar 31 14:15:55 2011 us=474069 prng_hash = 'SHA1'
Thu Mar 31 14:15:55 2011 us=474090 prng_nonce_secret_len = 16
Thu Mar 31 14:15:55 2011 us=474110 keysize = 0
Thu Mar 31 14:15:55 2011 us=474130 engine = DISABLED
Thu Mar 31 14:15:55 2011 us=474151 replay = ENABLED
Thu Mar 31 14:15:55 2011 us=474171 mute_replay_warnings = DISABLED
Thu Mar 31 14:15:55 2011 us=474192 replay_window = 64
Thu Mar 31 14:15:55 2011 us=474212 replay_time = 15
Thu Mar 31 14:15:55 2011 us=474233 packet_id_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474253 use_iv = ENABLED
Thu Mar 31 14:15:55 2011 us=474273 test_crypto = DISABLED
Thu Mar 31 14:15:55 2011 us=474293 tls_server = ENABLED
Thu Mar 31 14:15:55 2011 us=474314 tls_client = DISABLED
Thu Mar 31 14:15:55 2011 us=474334 key_method = 2
Thu Mar 31 14:15:55 2011 us=474355 ca_file = '/etc/openvpn/ca.crt'
Thu Mar 31 14:15:55 2011 us=474375 ca_path = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474396 dh_file = '/etc/openvpn/dh1024.pem'
Thu Mar 31 14:15:55 2011 us=474437 cert_file = '/etc/openvpn/server.crt'
Thu Mar 31 14:15:55 2011 us=474460 priv_key_file = '/etc/openvpn/server.key'
Thu Mar 31 14:15:55 2011 us=474482 pkcs12_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474502 cipher_list = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474522 tls_verify = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474543 tls_remote = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474563 crl_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474584 ns_cert_type = 0
Thu Mar 31 14:15:55 2011 us=474605 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474626 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474646 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474667 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474687 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474708 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474728 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474748 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474768 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474788 remote_cert_ku = 0
Thu Mar 31 14:15:55 2011 us=474809 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474829 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474850 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474870 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474890 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474910 remote_cert_ku[i] = 0
Thu Mar 31 14:15:55 2011 us=474931 remote_cert_eku = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=474951 tls_timeout = 2
Thu Mar 31 14:15:55 2011 us=474971 renegotiate_bytes = 0
Thu Mar 31 14:15:55 2011 us=474992 renegotiate_packets = 0
Thu Mar 31 14:15:55 2011 us=475012 renegotiate_seconds = 3600
Thu Mar 31 14:15:55 2011 us=475032 handshake_window = 60
Thu Mar 31 14:15:55 2011 us=475053 transition_window = 3600
Thu Mar 31 14:15:55 2011 us=475073 single_session = DISABLED
Thu Mar 31 14:15:55 2011 us=475093 push_peer_info = DISABLED
Thu Mar 31 14:15:55 2011 us=475113 tls_exit = DISABLED
Thu Mar 31 14:15:55 2011 us=475134 tls_auth_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=475154 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475175 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475196 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475216 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475237 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475258 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475278 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475299 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475319 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475340 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475361 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475381 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475402 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475423 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475444 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475464 pkcs11_protected_authentication = DISABLED
Thu Mar 31 14:15:55 2011 us=475486 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475507 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475528 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475548 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475569 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475590 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475611 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475632 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475653 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475673 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475715 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475738 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475759 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475780 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475801 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475822 pkcs11_private_mode = 00000000
Thu Mar 31 14:15:55 2011 us=475843 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475863 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475884 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475904 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475925 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475945 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475966 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=475987 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476007 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476027 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476048 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476068 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476089 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476109 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476130 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476151 pkcs11_cert_private = DISABLED
Thu Mar 31 14:15:55 2011 us=476172 pkcs11_pin_cache_period = -1
Thu Mar 31 14:15:55 2011 us=476193 pkcs11_id = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476214 pkcs11_id_management = DISABLED
Thu Mar 31 14:15:55 2011 us=476236 server_network = 10.8.0.0
Thu Mar 31 14:15:55 2011 us=476259 server_netmask = 255.255.255.0
Thu Mar 31 14:15:55 2011 us=476282 server_bridge_ip = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476304 server_bridge_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476328 server_bridge_pool_start = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476350 server_bridge_pool_end = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476372 push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Mar 31 14:15:55 2011 us=476393 push_entry = 'route 10.8.0.1'
Thu Mar 31 14:15:55 2011 us=476414 push_entry = 'topology net30'
Thu Mar 31 14:15:55 2011 us=476435 push_entry = 'ping 10'
Thu Mar 31 14:15:55 2011 us=476456 push_entry = 'ping-restart 120'
Thu Mar 31 14:15:55 2011 us=476476 ifconfig_pool_defined = ENABLED
Thu Mar 31 14:15:55 2011 us=476499 ifconfig_pool_start = 10.8.0.4
Thu Mar 31 14:15:55 2011 us=476521 ifconfig_pool_end = 10.8.0.251
Thu Mar 31 14:15:55 2011 us=476544 ifconfig_pool_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476565 ifconfig_pool_persist_filename = 'ipp.txt'
Thu Mar 31 14:15:55 2011 us=476587 ifconfig_pool_persist_refresh_freq = 600
Thu Mar 31 14:15:55 2011 us=476608 n_bcast_buf = 256
Thu Mar 31 14:15:55 2011 us=476628 tcp_queue_limit = 64
Thu Mar 31 14:15:55 2011 us=476648 real_hash_size = 256
Thu Mar 31 14:15:55 2011 us=476669 virtual_hash_size = 256
Thu Mar 31 14:15:55 2011 us=476689 client_connect_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476710 learn_address_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476730 client_disconnect_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476751 client_config_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476772 ccd_exclusive = DISABLED
Thu Mar 31 14:15:55 2011 us=476792 tmp_dir = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=476812 push_ifconfig_defined = DISABLED
Thu Mar 31 14:15:55 2011 us=476834 push_ifconfig_local = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476868 push_ifconfig_remote_netmask = 0.0.0.0
Thu Mar 31 14:15:55 2011 us=476890 enable_c2c = DISABLED
Thu Mar 31 14:15:55 2011 us=476911 duplicate_cn = DISABLED
Thu Mar 31 14:15:55 2011 us=476932 cf_max = 0
Thu Mar 31 14:15:55 2011 us=476953 cf_per = 0
Thu Mar 31 14:15:55 2011 us=476973 max_clients = 1024
Thu Mar 31 14:15:55 2011 us=476993 max_routes_per_client = 256
Thu Mar 31 14:15:55 2011 us=477035 auth_user_pass_verify_script = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477058 auth_user_pass_verify_script_via_file = DISABLED
Thu Mar 31 14:15:55 2011 us=477129 ssl_flags = 0
Thu Mar 31 14:15:55 2011 us=477159 port_share_host = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477188 port_share_port = 0
Thu Mar 31 14:15:55 2011 us=477216 client = DISABLED
Thu Mar 31 14:15:55 2011 us=477245 pull = DISABLED
Thu Mar 31 14:15:55 2011 us=477277 auth_user_pass_file = '[UNDEF]'
Thu Mar 31 14:15:55 2011 us=477317 OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 10 2011
Thu Mar 31 14:15:55 2011 us=477592 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 31 14:15:55 2011 us=483521 Diffie-Hellman initialized with 1024 bit key
Thu Mar 31 14:15:55 2011 us=484436 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 14:15:55 2011 us=484494 Socket Buffers: R=[110592->131072] S=[110592->131072]
Thu Mar 31 14:15:55 2011 us=484714 ROUTE default_gateway=X.X.X.1
Thu Mar 31 14:15:55 2011 us=487094 TUN/TAP device tun0 opened
Thu Mar 31 14:15:55 2011 us=487186 TUN/TAP TX queue length set to 100
Thu Mar 31 14:15:55 2011 us=487279 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 31 14:15:55 2011 us=490772 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Mar 31 14:15:55 2011 us=500440 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Mar 31 14:15:55 2011 us=502591 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 14:15:55 2011 us=504182 GID set to nobody
Thu Mar 31 14:15:55 2011 us=504330 UID set to nobody
Thu Mar 31 14:15:55 2011 us=504384 UDPv4 link local (bound): [undef]:1194
Thu Mar 31 14:15:55 2011 us=504424 UDPv4 link remote: [undef]
Thu Mar 31 14:15:55 2011 us=504459 MULTI: multi_init called, r=256 v=256
Thu Mar 31 14:15:55 2011 us=504691 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar 31 14:15:55 2011 us=504729 IFCONFIG POOL LIST
Thu Mar 31 14:15:55 2011 us=504810 Initialization Sequence Completed
Top
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Re: Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Fri Apr 01, 2011 3:33 pm

bump up for more help!
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Please help me on vpn server setup on RHEL5 workstation

Post by gladiatr72 » Fri Apr 01, 2011 3:40 pm

Just try running it from the command prompt. Posting bump messages is a good way to just get your topic locked.

openvpn --config /etc/openvpn/client.conf --verb 4

This is going to spew the same log data that you're seeing in your syslog files.

Code: Select all

# ifconfig tun0

tun0 [blah blah blah]
     inet addr:[your IP]  P-t-P:[server IP]  Mask:255.255.255.255
     [ blah blah blah ]

# ping [server IP]
If you're still convinced your openvpn config is broken, post your server logs as well (also at verb 4).
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Re: Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Fri Apr 01, 2011 5:37 pm

the original problem was solved! that was because of the multiple .conf files under /etc/openvpn. removed the unwanted, the service started "ok"

then i switched to my client.ovpn. the client is on my home PC running win 7 and behind router. after some editing, i was able to start the client with "Initialization Sequence Completed" However, I cannot get access to the internet.

server is rhel 5
the 1194 port was port forwarding through router to this pc.
i tried to turn off the windows firewall completely. does not help this issue.
is it because of the firewall of server or client?

this is my client.ovpn file:
client
dev tun
dev-node my-tap
remote X.X.X.X 1194
proto udp
resolv-retry infinite
ca ca.crt
cert client2.crt
key client2.key
keepalive 10 120
nobind
persist-key
persist-tun
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 3
redirect-gateway
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Please help me on vpn server setup on RHEL5 workstation

Post by gladiatr72 » Fri Apr 01, 2011 5:43 pm

Please set "verb 4" in your client configuration and post your client's log.

-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Re: Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Fri Apr 01, 2011 5:58 pm

First, thank you for your quick response! This is the my log after hiding some info.


Current Parameter Settings:
config = 'D:\keys\Lab_keys\Lab.ovpn'
mode = 0
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
Connection profiles [default]:
proto = udp
local = '[UNDEF]'
local_port = 0
remote = 'X.X.49.196'
remote_port = 1194
remote_float = DISABLED
bind_defined = DISABLED
bind_local = DISABLED
connect_retry_seconds = 5
connect_timeout = 10
connect_retry_max = 0
socks_proxy_server = '[UNDEF]'
socks_proxy_port = 0
socks_proxy_retry = DISABLED
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun'
dev_type = '[UNDEF]'
dev_node = 'my-tap'
lladdr = '[UNDEF]'
topology = 1
tun_ipv6 = DISABLED
ifconfig_local = '[UNDEF]'
ifconfig_remote_netmask = '[UNDEF]'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
shaper = 0
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
fragment = 0
mtu_discover_type = -1
mtu_test = 0
mlock = DISABLED
keepalive_ping = 10
keepalive_timeout = 120
inactivity_timeout = 0
ping_send_timeout = 10
ping_rec_timeout = 120
ping_rec_timeout_action = 2
ping_timer_remote = DISABLED
remap_sigusr1 = 0
explicit_exit_notification = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
mssfix = 1450
resolve_retry_seconds = 1000000000
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '[UNDEF]'
down_script = '[UNDEF]'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = '[UNDEF]'
status_file_version = 1
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
sockflags = 0
fast_io = DISABLED
lzo = 7
route_script = '[UNDEF]'
route_default_gateway = '[UNDEF]'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 5
route_delay_window = 30
route_delay_defined = ENABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
max_routes = 100
allow_pull_fqdn = DISABLED
[redirect_default_gateway local=0]
management_addr = '[UNDEF]'
management_port = 0
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = 0
ciphername_defined = ENABLED
ciphername = 'BF-CBC'
authname_defined = ENABLED
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
use_iv = ENABLED
test_crypto = DISABLED
tls_server = DISABLED
tls_client = ENABLED
key_method = 2
ca_file = 'D:\keys\Lab_keys\ca.crt'
ca_path = '[UNDEF]'
dh_file = '[UNDEF]'
cert_file = 'D:\keys\Lab_keys\client2.crt'
priv_key_file = 'D:\keys\Lab_keys\client2.key'
pkcs12_file = '[UNDEF]'
cryptoapi_cert = '[UNDEF]'
cipher_list = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_remote = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 64
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
tls_timeout = 2
renegotiate_bytes = 0
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_auth_file = '[UNDEF]'
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_pin_cache_period = -1
pkcs11_id = '[UNDEF]'
pkcs11_id_management = DISABLED
server_network = 0.0.0.0
server_netmask = 0.0.0.0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
ifconfig_pool_defined = DISABLED
ifconfig_pool_start = 0.0.0.0
ifconfig_pool_end = 0.0.0.0
ifconfig_pool_netmask = 0.0.0.0
ifconfig_pool_persist_filename = '[UNDEF]'
ifconfig_pool_persist_refresh_freq = 600
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '[UNDEF]'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
ssl_flags = 0
client = ENABLED
pull = ENABLED
auth_user_pass_file = '[UNDEF]'
show_net_up = DISABLED
route_method = 0
ip_win32_defined = DISABLED
ip_win32_type = 3
dhcp_masq_offset = 0
dhcp_lease_time = 31536000
tap_sleep = 0
dhcp_options = DISABLED
dhcp_renew = DISABLED
dhcp_pre_release = DISABLED
dhcp_release = DISABLED
domain = '[UNDEF]'
netbios_scope = '[UNDEF]'
netbios_node_type = 0
disable_nbt = DISABLED
OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
LZO compression initialized
Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[8192->8192] S=[8192->8192]
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options hash (VER=V4): '41690919'
Expected Remote Options hash (VER=V4): '530fdded'
UDPv4 link local: [undef]
UDPv4 link remote: X.X.49.196:1194
TLS: Initial packet from X.X.49.196:1194, sid=5cfd84df c3d90075
VERIFY OK: depth=1, /C=US/ST=IL/L=Chicago/O=XXX/OU=XXX/CN=Lab_server/name=XXXX/emailAddress=XXX@yyy.com
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, /C=US/ST=IL/L=Chicago/O=XXX/OU=XXX/CN=server/emailAddress=XXX@yyy.com
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[server] Peer Connection Initiated with X.X.49.196:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
ROUTE default_gateway=192.168.1.1
TAP-WIN32 device [my-tap] opened: \\.\Global\{6F8F8100-0158-4768-A900-E0869C794E8A}.tap
TAP-Win32 Driver Version 9.7
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.10/255.255.255.252 on interface {6F8F8100-0158-4768-A900-E0869C794E8A} [DHCP-serv: 10.8.0.9, lease-time: 31536000]
Successful ARP Flush on interface [22] {6F8F8100-0158-4768-A900-E0869C794E8A}
TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
C:\WINDOWS\system32\route.exe ADD X.X.49.196 MASK 255.255.255.255 192.168.1.1
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.9
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Please help me on vpn server setup on RHEL5 workstation

Post by gladiatr72 » Fri Apr 01, 2011 6:01 pm

Now let's see the output from the following two commands (from your server)

Code: Select all

iptables -t nat -L POSTROUTING
and

Code: Select all

sysctl -a |grep net.ipv4.ip_forward
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Re: Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Fri Apr 01, 2011 6:28 pm

Please see the messages, I recently have added several iptables rules by googling around, you know...


[root@host openvpn]# /sbin/iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
SNAT all -- 10.8.0.2 anywhere to:X.X.49.196
SNAT all -- 10.8.0.3 anywhere to:X.X.49.196
SNAT all -- 10.8.0.4 anywhere to:X.X.49.196
SNAT all -- 10.8.0.5 anywhere to:X.X.49.196
SNAT all -- 10.8.0.6 anywhere to:X.X.49.196
SNAT all -- 10.8.0.7 anywhere to:X.X.49.196
SNAT all -- 10.8.0.8 anywhere to:X.X.49.196
SNAT all -- 10.8.0.9 anywhere to:X.X.49.196
MASQUERADE all -- 10.0.0.0/24 anywhere
SNAT all -- 10.8.0.2 anywhere to:X.X.49.196
SNAT all -- 10.8.0.3 anywhere to:X.X.49.196
SNAT all -- 10.8.0.4 anywhere to:X.X.49.196
SNAT all -- 10.8.0.5 anywhere to:X.X.49.196
SNAT all -- 10.8.0.6 anywhere to:X.X.49.196
SNAT all -- 10.8.0.7 anywhere to:X.X.49.196
SNAT all -- 10.8.0.8 anywhere to:X.X.49.196
SNAT all -- 10.8.0.9 anywhere to:X.X.49.196
MASQUERADE all -- 10.0.0.0/24 anywhere
[root@host openvpn]# /sbin/sysctl -a |grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
Top
Douglas
Forum Team
Posts: 285
Joined: Wed Aug 27, 2008 2:41 am

Re: Please help me on vpn server setup on RHEL5 workstation

Post by Douglas » Fri Apr 08, 2011 12:34 pm

Why are you SNAT'ing each IP? SNAT the /24!

The masquerade and snat rules wil conflict.
Top
lyrebird
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 31, 2011 6:04 pm

Re: Please help me on vpn server setup on RHEL5 workstation

Post by lyrebird » Fri Apr 08, 2011 1:32 pm

just figured out yesterday night. now it works. thanks gladiatr72 and Douglas.
Top
Post Reply

Return to “Server Administration”