I'm trying without success to get OpenVPN working with openWRT Backfire (10.03.1-rc4, r24045) as a server side and openvpn-2.2-RC2 on Windows 7 on the client side.
As of now, I have only got one signle roadwarrior client PC and I don't intend to add any more in short term, so I wanted to keep it simple by using just a shared secret key, no PKI/CA/cert setup.
Configs and logs below.
On the Windows 7 host, when I try to ping the other end on the tunnel (open-WRT tun0 interface) it fails.
Though, when performing a tcpdump on the tun0 interface of the open-WRT router, I can see ICMP recho-requests comming in from the client and ICMP echo-replie going out the to client.
But when taking a capture with wireshark on the client, I can only see the request going out but no response comming back.
Any idea why on the client the process restars regularly and why on the server I have got 'write to TUN/TAP : Invalid argument (code=22)' error message ? I've been checking comp-lzo parameters several times and it looks correct to me.
Any suggestion is welcome!
Many thanks in advance,
fcxpress
Open-WRTServer config:
Code: Select all
local my.dyndns.org
ifconfig 172.17.34.1 172.17.34.2
proto udp
port 18233
dev tun
secret /etc/openvpn/static.key
keepalive 10 60
ping-timer-rem
persist-key
persist-tun
verb 3
comp-lzo no
script-security 3 system
Code: Select all
remote my.dyndns.org 18233
ifconfig 172.17.34.2 172.17.34.1
proto udp
dev tun
secret 'C:\Program Files\OpenVPN\config\openvpn-egate.key'
keepalive 10 60
ping-timer-rem
persist-key
persist-tun
comp-lzo no
script-security 3 system
verb 3
Code: Select all
root@egate:~# openvpn /etc/openvpn/server.cfg
Thu Apr 14 09:00:06 2011 OpenVPN 2.1.3 mips-openwrt-linux [SSL] [LZO2] built on Oct 28 2010
Thu Apr 14 09:00:06 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Apr 14 09:00:06 2011 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:00:06 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 14 09:00:06 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 14 09:00:06 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 14 09:00:06 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 14 09:00:06 2011 LZO compression initialized
Thu Apr 14 09:00:06 2011 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Apr 14 09:00:06 2011 TUN/TAP device tun0 opened
Thu Apr 14 09:00:06 2011 TUN/TAP TX queue length set to 100
Thu Apr 14 09:00:06 2011 /sbin/ifconfig tun0 172.17.34.1 pointopoint 172.17.34.2 mtu 1500
Thu Apr 14 09:00:06 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr 14 09:00:06 2011 UDPv4 link local (bound): xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:00:06 2011 UDPv4 link remote: [undef]
Thu Apr 14 09:01:54 2011 Peer Connection Initiated with yyy.yyy.yyy.yyy:59654
Thu Apr 14 09:01:54 2011 Replay-window backtrack occurred [2]
Thu Apr 14 09:01:55 2011 Initialization Sequence Completed
Thu Apr 14 09:02:03 2011 write to TUN/TAP : Invalid argument (code=22)
Thu Apr 14 09:02:12 2011 write to TUN/TAP : Invalid argument (code=22)
Thu Apr 14 09:02:23 2011 write to TUN/TAP : Invalid argument (code=22)
Thu Apr 14 09:02:33 2011 write to TUN/TAP : Invalid argument (code=22)
^CThu Apr 14 09:02:36 2011 event_wait : Interrupted system call (code=4)
Thu Apr 14 09:02:36 2011 TCP/UDP: Closing socket
Thu Apr 14 09:02:36 2011 Closing TUN/TAP interface
Thu Apr 14 09:02:36 2011 /sbin/ifconfig tun0 0.0.0.0
Thu Apr 14 09:02:37 2011 SIGINT[hard,] received, process exiting
Code: Select all
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>openvpn "c:\program files\openvpn\config\openvpn-egate.ovpn"
Thu Apr 14 09:01:55 2011 OpenVPN 2.2-RC2 Win32-MSVC++ [SSL] [LZO2] built on Mar
25 2011
Thu Apr 14 09:01:55 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:01:55 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:01:55 2011 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bi
t key
Thu Apr 14 09:01:55 2011 Static Encrypt: Using 160 bit message hash 'SHA1' for H
MAC authentication
Thu Apr 14 09:01:55 2011 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bi
t key
Thu Apr 14 09:01:55 2011 Static Decrypt: Using 160 bit message hash 'SHA1' for H
MAC authentication
Thu Apr 14 09:01:55 2011 LZO compression initialized
Thu Apr 14 09:01:55 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:01:55 2011 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{70EF6051
-2443-41B1-9C3E-3C06037A6024}.tap
Thu Apr 14 09:01:55 2011 TAP-Win32 Driver Version 9.8
Thu Apr 14 09:01:55 2011 TAP-Win32 MTU=1500
Thu Apr 14 09:01:55 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
72.17.34.2/255.255.255.252 on interface {70EF6051-2443-41B1-9C3E-3C06037A6024} [
DHCP-serv: 172.17.34.1, lease-time: 31536000]
Thu Apr 14 09:01:55 2011 Successful ARP Flush on interface [15] {70EF6051-2443-4
1B1-9C3E-3C06037A6024}
Thu Apr 14 09:01:55 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:01:55 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:01:55 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:01:55 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:01:55 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:02:55 2011 Inactivity timeout (--ping-restart), restarting
Thu Apr 14 09:02:55 2011 TCP/UDP: Closing socket
Thu Apr 14 09:02:55 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Apr 14 09:02:55 2011 Restart pause, 2 second(s)
Thu Apr 14 09:02:57 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:02:57 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:02:57 2011 Re-using pre-shared static key
Thu Apr 14 09:02:57 2011 LZO compression initialized
Thu Apr 14 09:02:57 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:02:57 2011 Preserving previous TUN/TAP instance: OpenVPN
Thu Apr 14 09:02:57 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:02:57 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:02:57 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:02:57 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:02:57 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:03:57 2011 Inactivity timeout (--ping-restart), restarting
Thu Apr 14 09:03:57 2011 TCP/UDP: Closing socket
Thu Apr 14 09:03:57 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Apr 14 09:03:57 2011 Restart pause, 2 second(s)
Thu Apr 14 09:03:59 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:03:59 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:03:59 2011 Re-using pre-shared static key
Thu Apr 14 09:03:59 2011 LZO compression initialized
Thu Apr 14 09:03:59 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:03:59 2011 Preserving previous TUN/TAP instance: OpenVPN
Thu Apr 14 09:03:59 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:03:59 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:03:59 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:03:59 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:03:59 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:04:59 2011 Inactivity timeout (--ping-restart), restarting
Thu Apr 14 09:04:59 2011 TCP/UDP: Closing socket
Thu Apr 14 09:04:59 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Apr 14 09:04:59 2011 Restart pause, 2 second(s)
Thu Apr 14 09:05:01 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:05:01 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:05:01 2011 Re-using pre-shared static key
Thu Apr 14 09:05:01 2011 LZO compression initialized
Thu Apr 14 09:05:01 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:05:01 2011 Preserving previous TUN/TAP instance: OpenVPN
Thu Apr 14 09:05:01 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:05:01 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:05:01 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:05:01 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:05:01 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:06:01 2011 Inactivity timeout (--ping-restart), restarting
Thu Apr 14 09:06:01 2011 TCP/UDP: Closing socket
Thu Apr 14 09:06:01 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Apr 14 09:06:01 2011 Restart pause, 2 second(s)
Thu Apr 14 09:06:03 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:06:03 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:06:03 2011 Re-using pre-shared static key
Thu Apr 14 09:06:03 2011 LZO compression initialized
Thu Apr 14 09:06:03 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:06:03 2011 Preserving previous TUN/TAP instance: OpenVPN
Thu Apr 14 09:06:03 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:06:03 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:06:03 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:06:03 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:06:03 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:07:04 2011 Inactivity timeout (--ping-restart), restarting
Thu Apr 14 09:07:04 2011 TCP/UDP: Closing socket
Thu Apr 14 09:07:04 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Apr 14 09:07:04 2011 Restart pause, 2 second(s)
Thu Apr 14 09:07:06 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:07:06 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:07:06 2011 Re-using pre-shared static key
Thu Apr 14 09:07:06 2011 LZO compression initialized
Thu Apr 14 09:07:06 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:07:06 2011 Preserving previous TUN/TAP instance: OpenVPN
Thu Apr 14 09:07:06 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:07:06 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:07:06 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:07:06 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:07:06 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233
Thu Apr 14 09:08:06 2011 Inactivity timeout (--ping-restart), restarting
Thu Apr 14 09:08:06 2011 TCP/UDP: Closing socket
Thu Apr 14 09:08:06 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Apr 14 09:08:06 2011 Restart pause, 2 second(s)
Thu Apr 14 09:08:08 2011 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Thu Apr 14 09:08:08 2011 NOTE: --script-security method='system' is deprecated d
ue to the fact that passed parameters will be subject to shell expansion
Thu Apr 14 09:08:08 2011 Re-using pre-shared static key
Thu Apr 14 09:08:08 2011 LZO compression initialized
Thu Apr 14 09:08:08 2011 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Apr 14 09:08:08 2011 Preserving previous TUN/TAP instance: OpenVPN
Thu Apr 14 09:08:08 2011 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Apr 14 09:08:08 2011 Local Options hash (VER=V4): '10b7d053'
Thu Apr 14 09:08:08 2011 Expected Remote Options hash (VER=V4): '2b159319'
Thu Apr 14 09:08:08 2011 UDPv4 link local (bound): [undef]:1194
Thu Apr 14 09:08:08 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:18233