complex integration

[BenGonGon]

Hello,
I have problems integrating openvpn into my network.
I cannot connect my shares.
Here is what I have tried. What are my errors?
Thank you for helping me understand.


Server config

Code: Select all

port 1194
proto tcp
dev tap
dev-node BGGVPN001
ca ca_2048.crt
cert BGGServer_2048.crt
key BGGServer_2048.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.230.77.151 255.255.255.0 10.230.77.152 10.230.77.200
server-bridge
push "route 10.230.77.0 255.255.255.0"
client-to-client
keepalive 10 120
cipher DES-EDE3-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Client config

Code: Select all

client
dev tap
dev-node BGGVPN001
proto tcp
remote labiteanico.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca_2048.crt
cert BGGClient001_2048.crt
key BGGClient001_2048.key
ns-cert-type server
;tls-auth ta.key 1
cipher DES-EDE3-CBC # Triple DES
comp-lzo
verb 4
script-security 2 system

It is my network

réseau.png

[maikcat]

hi there,

because bridging mode is a little tricky,

can you ping the other nodes when you connect?

also this

Code: Select all

push "route 10.230.77.0 255.255.255.0"

can be removed...

i think your config needs some changes...

Michael.

[BenGonGon]

Dear Michael,
For starting, thank you to help me.
Sorry, I was made your test as soon as possible.

I desactivate the line <push "route 10.230.77.0 255.255.255.0">, like you have suggest me.
I was think this was needed for good routing.

I do your test :

The tap "BGGVPN001" on computer named "XP" have not take automaticaly IP 10.230.77.151, I put it in "FIX" in tap.
I wish the ip config can be set by openvpn:

On the computer named "PC3 XP", The Ip was receive automaticaly(ip : 10.230.77.152, mask : 255.255.255.0, dhcp server : 10.230.77.0).

ping from 10.230.77.152(Fix IP) to 10.230.77.77(Fix IP) : no
ping from 10.230.77.152(Fix IP) to 10.230.77.151(Fix IP) : no
ping from 10.230.77.152(Fix IP) to 10.230.77.152(Fix IP) : ok

ping from 10.230.77.151(Fix IP) to 10.230.77.152(Fix IP) : no
ping from 10.230.77.151(Fix IP) to 10.230.77.151(Fix IP) : ok

now, I give you log from logs.
I think that can useful.

Server Log :

Code: Select all

Sat Jul 21 13:40:54 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built
on Dec 15 2011
Sat Jul 21 13:40:54 2012 NOTE: when bridging your LAN adapter with the TAP adapt
er, note that the new bridge adapter will often take on its own IP address that
is different from what the LAN adapter was previously set to
Sat Jul 21 13:40:54 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Sat Jul 21 13:40:54 2012 Diffie-Hellman initialized with 2048 bit key
Sat Jul 21 13:40:54 2012 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0
]
Sat Jul 21 13:40:54 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jul 21 13:40:54 2012 TAP-WIN32 device [BGGVPN001] opened: \\.\Global\{2D8828
7A-F06C-4E17-92F1-DD4B7F198393}.tap
Sat Jul 21 13:40:54 2012 TAP-Win32 Driver Version 9.9
Sat Jul 21 13:40:54 2012 TAP-Win32 MTU=1500
Sat Jul 21 13:40:54 2012 Sleeping for 10 seconds...
Sat Jul 21 13:41:04 2012 Successful ARP Flush on interface [6] {2D88287A-F06C-4E
17-92F1-DD4B7F198393}
Sat Jul 21 13:41:04 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:
32 EL:0 AF:3/1 ]
Sat Jul 21 13:41:04 2012 Listening for incoming TCP connection on [undef]:1194
Sat Jul 21 13:41:04 2012 TCPv4_SERVER link local (bound): [undef]:1194
Sat Jul 21 13:41:04 2012 TCPv4_SERVER link remote: [undef]
Sat Jul 21 13:41:04 2012 MULTI: multi_init called, r=256 v=256
Sat Jul 21 13:41:04 2012 IFCONFIG POOL: base=10.230.77.152 size=49
Sat Jul 21 13:41:04 2012 IFCONFIG POOL LIST
Sat Jul 21 13:41:04 2012 BGGClient001,10.230.77.152
Sat Jul 21 13:41:04 2012 MULTI: TCP INIT maxclients=60 maxevents=64
Sat Jul 21 13:41:04 2012 Initialization Sequence Completed
Sat Jul 21 13:41:43 2012 MULTI: multi_create_instance called
Sat Jul 21 13:41:43 2012 Re-using SSL/TLS context
Sat Jul 21 13:41:43 2012 LZO compression initialized
Sat Jul 21 13:41:43 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:
0 EL:0 ]
Sat Jul 21 13:41:43 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:
32 EL:0 AF:3/1 ]
Sat Jul 21 13:41:43 2012 Local Options hash (VER=V4): 'd8e6e8ce'
Sat Jul 21 13:41:43 2012 Expected Remote Options hash (VER=V4): '1a40e822'
Sat Jul 21 13:41:43 2012 TCP connection established with 213.55.176.208:51472
Sat Jul 21 13:41:43 2012 TCPv4_SERVER link local: [undef]
Sat Jul 21 13:41:43 2012 TCPv4_SERVER link remote: 213.55.176.208:51472
Sat Jul 21 13:41:43 2012 213.55.176.208:51472 TLS: Initial packet from 213.55.17
6.208:51472, sid=27e6da6f f85844eb
Sat Jul 21 13:41:47 2012 213.55.176.208:51472 VERIFY OK: depth=1, /C=CH/ST=Neuch
atel/L=ChauxdeFonds/O=BGGVPN/OU=BGGVPN0001/CN=BGGLand/name=BenGonGon/emailAddres
s=christian_go@hotmail.com
Sat Jul 21 13:41:47 2012 213.55.176.208:51472 VERIFY OK: depth=0, /C=CH/ST=Neuch
atel/L=ChauxdeFonds/O=BGGVPN/OU=BGGVPN0001/CN=BGGClient001/name=BenGonGon/emailA
ddress=christian_go@hotmail.com
Sat Jul 21 13:41:48 2012 213.55.176.208:51472 Data Channel Encrypt: Cipher 'DES-
EDE3-CBC' initialized with 192 bit key
Sat Jul 21 13:41:48 2012 213.55.176.208:51472 Data Channel Encrypt: Using 160 bi
t message hash 'SHA1' for HMAC authentication
Sat Jul 21 13:41:48 2012 213.55.176.208:51472 Data Channel Decrypt: Cipher 'DES-
EDE3-CBC' initialized with 192 bit key
Sat Jul 21 13:41:48 2012 213.55.176.208:51472 Data Channel Decrypt: Using 160 bi
t message hash 'SHA1' for HMAC authentication
Sat Jul 21 13:41:49 2012 213.55.176.208:51472 Control Channel: TLSv1, cipher TLS
v1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Jul 21 13:41:49 2012 213.55.176.208:51472 [BGGClient001] Peer Connection Ini
tiated with 213.55.176.208:51472
Sat Jul 21 13:41:51 2012 BGGClient001/213.55.176.208:51472 PUSH: Received contro
l message: 'PUSH_REQUEST'
Sat Jul 21 13:41:51 2012 BGGClient001/213.55.176.208:51472 SENT CONTROL [BGGClie
nt001]: 'PUSH_REPLY,route-gateway 10.230.77.151,ping 10,ping-restart 120,ifconfi
g 10.230.77.152 255.255.255.0' (status=1)
Sat Jul 21 13:41:52 2012 BGGClient001/213.55.176.208:51472 MULTI: Learn: 00:ff:b
1:de:b1:e6 -> BGGClient001/213.55.176.208:51472

Client Log :

Code: Select all

Sat Jul 21 13:41:40 2012 us=132000   keepalive_timeout = 0
Sat Jul 21 13:41:40 2012 us=132000   inactivity_timeout = 0
Sat Jul 21 13:41:40 2012 us=132000   ping_send_timeout = 0
Sat Jul 21 13:41:40 2012 us=132000   ping_rec_timeout = 0
Sat Jul 21 13:41:40 2012 us=132000   ping_rec_timeout_action = 0
Sat Jul 21 13:41:40 2012 us=132000   ping_timer_remote = DISABLED
Sat Jul 21 13:41:40 2012 us=132000   remap_sigusr1 = 0
Sat Jul 21 13:41:40 2012 us=132000   explicit_exit_notification = 0
Sat Jul 21 13:41:40 2012 us=132000   persist_tun = ENABLED
Sat Jul 21 13:41:40 2012 us=132000   persist_local_ip = DISABLED
Sat Jul 21 13:41:40 2012 us=132000   persist_remote_ip = DISABLED
Sat Jul 21 13:41:40 2012 us=148000   persist_key = ENABLED
Sat Jul 21 13:41:40 2012 us=148000   mssfix = 1450
Sat Jul 21 13:41:40 2012 us=148000   resolve_retry_seconds = 1000000000
Sat Jul 21 13:41:40 2012 us=148000   username = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   groupname = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   chroot_dir = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   cd_dir = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   writepid = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   up_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   down_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   down_pre = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   up_restart = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   up_delay = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   daemon = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   inetd = 0
Sat Jul 21 13:41:40 2012 us=163000   log = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   suppress_timestamps = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   nice = 0
Sat Jul 21 13:41:40 2012 us=163000   verbosity = 4
Sat Jul 21 13:41:40 2012 us=163000   mute = 0
Sat Jul 21 13:41:40 2012 us=163000   gremlin = 0
Sat Jul 21 13:41:40 2012 us=163000   status_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   status_file_version = 1
Sat Jul 21 13:41:40 2012 us=163000   status_file_update_freq = 60
Sat Jul 21 13:41:40 2012 us=163000   occ = ENABLED
Sat Jul 21 13:41:40 2012 us=163000   rcvbuf = 0
Sat Jul 21 13:41:40 2012 us=163000   sndbuf = 0
Sat Jul 21 13:41:40 2012 us=163000   sockflags = 0
Sat Jul 21 13:41:40 2012 us=163000   fast_io = DISABLED
Sat Jul 21 13:41:40 2012 us=163000   lzo = 7
Sat Jul 21 13:41:40 2012 us=163000   route_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   route_default_gateway = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=163000   route_default_metric = 0
Sat Jul 21 13:41:40 2012 us=179000   route_noexec = DISABLED
Sat Jul 21 13:41:40 2012 us=179000   route_delay = 5
Sat Jul 21 13:41:40 2012 us=179000   route_delay_window = 30
Sat Jul 21 13:41:40 2012 us=179000   route_delay_defined = ENABLED
Sat Jul 21 13:41:40 2012 us=179000   route_nopull = DISABLED
Sat Jul 21 13:41:40 2012 us=179000   route_gateway_via_dhcp = DISABLED
Sat Jul 21 13:41:40 2012 us=179000   max_routes = 100
Sat Jul 21 13:41:40 2012 us=179000   allow_pull_fqdn = DISABLED
Sat Jul 21 13:41:40 2012 us=179000   management_addr = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=179000   management_port = 0
Sat Jul 21 13:41:40 2012 us=195000   management_user_pass = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=195000   management_log_history_cache = 250
Sat Jul 21 13:41:40 2012 us=195000   management_echo_buffer_size = 100
Sat Jul 21 13:41:40 2012 us=195000   management_write_peer_info_file = '[UNDEF]'

Sat Jul 21 13:41:40 2012 us=195000   management_client_user = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=195000   management_client_group = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=195000   management_flags = 0
Sat Jul 21 13:41:40 2012 us=210000   shared_secret_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=210000   key_direction = 0
Sat Jul 21 13:41:40 2012 us=210000   ciphername_defined = ENABLED
Sat Jul 21 13:41:40 2012 us=210000   ciphername = 'DES-EDE3-CBC'
Sat Jul 21 13:41:40 2012 us=210000   authname_defined = ENABLED
Sat Jul 21 13:41:40 2012 us=210000   authname = 'SHA1'
Sat Jul 21 13:41:40 2012 us=210000   prng_hash = 'SHA1'
Sat Jul 21 13:41:40 2012 us=210000   prng_nonce_secret_len = 16
Sat Jul 21 13:41:40 2012 us=210000   keysize = 0
Sat Jul 21 13:41:40 2012 us=210000   engine = DISABLED
Sat Jul 21 13:41:40 2012 us=226000   replay = ENABLED
Sat Jul 21 13:41:40 2012 us=226000   mute_replay_warnings = DISABLED
Sat Jul 21 13:41:40 2012 us=226000   replay_window = 64
Sat Jul 21 13:41:40 2012 us=226000   replay_time = 15
Sat Jul 21 13:41:40 2012 us=226000   packet_id_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=226000   use_iv = ENABLED
Sat Jul 21 13:41:40 2012 us=226000   test_crypto = DISABLED
Sat Jul 21 13:41:40 2012 us=226000   tls_server = DISABLED
Sat Jul 21 13:41:40 2012 us=226000   tls_client = ENABLED
Sat Jul 21 13:41:40 2012 us=226000   key_method = 2
Sat Jul 21 13:41:40 2012 us=226000   ca_file = 'ca_2048.crt'
Sat Jul 21 13:41:40 2012 us=226000   ca_path = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=226000   dh_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   cert_file = 'BGGClient001_2048.crt'
Sat Jul 21 13:41:40 2012 us=241000   priv_key_file = 'BGGClient001_2048.key'
Sat Jul 21 13:41:40 2012 us=241000   pkcs12_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   cryptoapi_cert = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   cipher_list = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   tls_verify = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   tls_export_cert = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   tls_remote = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   crl_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=241000   ns_cert_type = 64
Sat Jul 21 13:41:40 2012 us=241000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=241000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=241000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=241000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_ku[i] = 0
Sat Jul 21 13:41:40 2012 us=257000   remote_cert_eku = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=257000   tls_timeout = 2
Sat Jul 21 13:41:40 2012 us=257000   renegotiate_bytes = 0
Sat Jul 21 13:41:40 2012 us=257000   renegotiate_packets = 0
Sat Jul 21 13:41:40 2012 us=257000   renegotiate_seconds = 3600
Sat Jul 21 13:41:40 2012 us=273000   handshake_window = 60
Sat Jul 21 13:41:40 2012 us=273000   transition_window = 3600
Sat Jul 21 13:41:40 2012 us=273000   single_session = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   push_peer_info = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   tls_exit = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   tls_auth_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=273000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=288000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=288000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=288000   pkcs11_protected_authentication = DISABLED
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=304000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_private_mode = 00000000
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_cert_private = DISABLED
Sat Jul 21 13:41:40 2012 us=319000   pkcs11_pin_cache_period = -1
Sat Jul 21 13:41:40 2012 us=335000   pkcs11_id = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=335000   pkcs11_id_management = DISABLED
Sat Jul 21 13:41:40 2012 us=335000   server_network = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=335000   server_netmask = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=335000   server_bridge_ip = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=335000   server_bridge_netmask = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   server_bridge_pool_start = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   server_bridge_pool_end = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   ifconfig_pool_defined = DISABLED
Sat Jul 21 13:41:40 2012 us=351000   ifconfig_pool_start = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   ifconfig_pool_end = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   ifconfig_pool_netmask = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=351000   ifconfig_pool_persist_refresh_freq = 600
Sat Jul 21 13:41:40 2012 us=351000   n_bcast_buf = 256
Sat Jul 21 13:41:40 2012 us=351000   tcp_queue_limit = 64
Sat Jul 21 13:41:40 2012 us=351000   real_hash_size = 256
Sat Jul 21 13:41:40 2012 us=351000   virtual_hash_size = 256
Sat Jul 21 13:41:40 2012 us=351000   client_connect_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=351000   learn_address_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=351000   client_disconnect_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=351000   client_config_dir = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=351000   ccd_exclusive = DISABLED
Sat Jul 21 13:41:40 2012 us=351000   tmp_dir = 'C:\Users\BGGBEC~1\AppData\Local\
Temp\'
Sat Jul 21 13:41:40 2012 us=351000   push_ifconfig_defined = DISABLED
Sat Jul 21 13:41:40 2012 us=351000   push_ifconfig_local = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jul 21 13:41:40 2012 us=351000   enable_c2c = DISABLED
Sat Jul 21 13:41:40 2012 us=351000   duplicate_cn = DISABLED
Sat Jul 21 13:41:40 2012 us=351000   cf_max = 0
Sat Jul 21 13:41:40 2012 us=351000   cf_per = 0
Sat Jul 21 13:41:40 2012 us=351000   max_clients = 1024
Sat Jul 21 13:41:40 2012 us=351000   max_routes_per_client = 256
Sat Jul 21 13:41:40 2012 us=366000   auth_user_pass_verify_script = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=366000   auth_user_pass_verify_script_via_file = DIS
ABLED
Sat Jul 21 13:41:40 2012 us=366000   ssl_flags = 0
Sat Jul 21 13:41:40 2012 us=366000   client = ENABLED
Sat Jul 21 13:41:40 2012 us=366000   pull = ENABLED
Sat Jul 21 13:41:40 2012 us=366000   auth_user_pass_file = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=366000   show_net_up = DISABLED
Sat Jul 21 13:41:40 2012 us=366000   route_method = 0
Sat Jul 21 13:41:40 2012 us=366000   ip_win32_defined = DISABLED
Sat Jul 21 13:41:40 2012 us=366000   ip_win32_type = 3
Sat Jul 21 13:41:40 2012 us=366000   dhcp_masq_offset = 0
Sat Jul 21 13:41:40 2012 us=366000   dhcp_lease_time = 31536000
Sat Jul 21 13:41:40 2012 us=366000   tap_sleep = 0
Sat Jul 21 13:41:40 2012 us=366000   dhcp_options = DISABLED
Sat Jul 21 13:41:40 2012 us=366000   dhcp_renew = DISABLED
Sat Jul 21 13:41:40 2012 us=366000   dhcp_pre_release = DISABLED
Sat Jul 21 13:41:40 2012 us=366000   dhcp_release = DISABLED
Sat Jul 21 13:41:40 2012 us=366000   domain = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=366000   netbios_scope = '[UNDEF]'
Sat Jul 21 13:41:40 2012 us=366000   netbios_node_type = 0
Sat Jul 21 13:41:40 2012 us=382000   disable_nbt = DISABLED
Sat Jul 21 13:41:40 2012 us=382000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS
11] built on Dec 15 2011
Sat Jul 21 13:41:40 2012 us=382000 NOTE: the current --script-security setting m
ay allow this configuration to call user-defined scripts
Sat Jul 21 13:41:40 2012 us=382000 NOTE: --script-security method='system' is de
precated due to the fact that passed parameters will be subject to shell expansi
on
Sat Jul 21 13:41:41 2012 us=37000 LZO compression initialized
Sat Jul 21 13:41:41 2012 us=37000 Control Channel MTU parms [ L:1576 D:140 EF:40
 EB:0 ET:0 EL:0 ]
Sat Jul 21 13:41:41 2012 us=53000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jul 21 13:41:41 2012 us=131000 Data Channel MTU parms [ L:1576 D:1450 EF:44
EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jul 21 13:41:41 2012 us=131000 Local Options String: 'V4,dev-type tap,link-m
tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher DES-EDE3-CBC,auth SHA1,k
eysize 192,key-method 2,tls-client'
Sat Jul 21 13:41:41 2012 us=131000 Expected Remote Options String: 'V4,dev-type
tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher DES-EDE3-CBC,a
uth SHA1,keysize 192,key-method 2,tls-server'
Sat Jul 21 13:41:41 2012 us=146000 Local Options hash (VER=V4): '1a40e822'
Sat Jul 21 13:41:41 2012 us=146000 Expected Remote Options hash (VER=V4): 'd8e6e
8ce'
Sat Jul 21 13:41:41 2012 us=146000 Attempting to establish TCP connection with 8
4.72.18.24:1194
Sat Jul 21 13:41:41 2012 us=193000 TCP connection established with 84.72.18.24:1
194
Sat Jul 21 13:41:41 2012 us=193000 TCPv4_CLIENT link local: [undef]
Sat Jul 21 13:41:41 2012 us=209000 TCPv4_CLIENT link remote: 84.72.18.24:1194
Sat Jul 21 13:41:41 2012 us=287000 TLS: Initial packet from 84.72.18.24:1194, si
d=54e6f6b6 e371bbf2
Sat Jul 21 13:41:43 2012 us=127000 VERIFY OK: depth=1, /C=CH/ST=Neuchatel/L=Chau
xdeFonds/O=BGGVPN/OU=BGGVPN0001/CN=BGGLand/name=BenGonGon/emailAddress=christian
_go@hotmail.com
Sat Jul 21 13:41:43 2012 us=127000 VERIFY OK: nsCertType=SERVER
Sat Jul 21 13:41:43 2012 us=127000 VERIFY OK: depth=0, /C=CH/ST=Neuchatel/L=Chau
xdeFonds/O=BGGVPN/OU=BGGVPN0001/CN=BGGServer/name=BenGonGon/emailAddress=christi
an_go@hotmail.com
Sat Jul 21 13:41:47 2012 us=417000 Data Channel Encrypt: Cipher 'DES-EDE3-CBC' i
nitialized with 192 bit key
Sat Jul 21 13:41:47 2012 us=417000 Data Channel Encrypt: Using 160 bit message h
ash 'SHA1' for HMAC authentication
Sat Jul 21 13:41:47 2012 us=417000 Data Channel Decrypt: Cipher 'DES-EDE3-CBC' i
nitialized with 192 bit key
Sat Jul 21 13:41:47 2012 us=417000 Data Channel Decrypt: Using 160 bit message h
ash 'SHA1' for HMAC authentication
Sat Jul 21 13:41:47 2012 us=417000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DH
E-RSA-AES256-SHA, 2048 bit RSA
Sat Jul 21 13:41:47 2012 us=417000 [BGGServer] Peer Connection Initiated with 84
.72.18.24:1194
Sat Jul 21 13:41:49 2012 us=664000 SENT CONTROL [BGGServer]: 'PUSH_REQUEST' (sta
tus=1)
Sat Jul 21 13:41:50 2012 us=23000 PUSH: Received control message: 'PUSH_REPLY,ro
ute-gateway 10.230.77.151,ping 10,ping-restart 120,ifconfig 10.230.77.152 255.25
5.255.0'
Sat Jul 21 13:41:50 2012 us=23000 OPTIONS IMPORT: timers and/or timeouts modifie
d
Sat Jul 21 13:41:50 2012 us=23000 OPTIONS IMPORT: --ifconfig/up options modified

Sat Jul 21 13:41:50 2012 us=23000 OPTIONS IMPORT: route-related options modified

Sat Jul 21 13:41:50 2012 us=23000 TAP-WIN32 device [BGGVPN001] opened: \\.\Globa
l\{B1DEB1E6-B7DE-4D42-9A8E-B42DFEDE66DD}.tap
Sat Jul 21 13:41:50 2012 us=23000 TAP-Win32 Driver Version 9.9
Sat Jul 21 13:41:50 2012 us=23000 TAP-Win32 MTU=1500
Sat Jul 21 13:41:50 2012 us=38000 Notified TAP-Win32 driver to set a DHCP IP/net
mask of 10.230.77.152/255.255.255.0 on interface {B1DEB1E6-B7DE-4D42-9A8E-B42DFE
DE66DD} [DHCP-serv: 10.230.77.0, lease-time: 31536000]
Sat Jul 21 13:41:50 2012 us=38000 Successful ARP Flush on interface [18] {B1DEB1
E6-B7DE-4D42-9A8E-B42DFEDE66DD}
Sat Jul 21 13:41:55 2012 us=155000 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u
/d=up
Sat Jul 21 13:41:55 2012 us=155000 Initialization Sequence Completed

I hope that can help to understand my mistakes..
Best regards.

BenGonGon

[maikcat]

for bridging scenario to work you must bridge ethernet & vpn interface...

did you bridge them together before starting openvpn up?

noticed that you are using ICS...this will complicate things a bit..

btw,why do you want to use bridging?

Michael.

[BenGonGon]

A1) If I bridge the card on "XP" computer, i'll lose internet connexion in my network.

A2) I prefer to use the bridge mode to be transparent (for other protocols).

[maikcat]

hi there,

A1) If I bridge the card on "XP" computer, i'll lose internet connexion in my network.

bridging the lan with tap adapter is not optional,is mandatory..

otherwise your bridge setup will not work..

maybe placing openvpn service on another pc?

Michael.

[BenGonGon]

Ok, I did like you told.
I used another computer and I needed to change the IP of the bridge to keep others services.
old IP vpn server : 10.230.77.151
new IP vpn server : 10.230.77.124

new topology :

réseau2.png

It is strange: when I bridge in "XP Cacti" computer, between LAN card and BGGVPN001 tap, I lose connection with the network.

Do you know why?
Best regards.

BenGonGon

[maikcat]

can you please first read this:

http://openvpn.net/index.php/open-sourc ... dging.html

Michael.

[BenGonGon]

I am back and I have read your weblink.

But...

for do test, I was use MY ICS computer.
You cannot use ICS and Bridge in same time on WINXP.

I have use a virtual machine use for monitoring(Virtual PC).
And I have broke my monitoring system.
Now It is repaired.

After I wish create a new virtual machine(Virtual PC) but I have not enough ram for that.
I have download an hypervisor ESXi and convert all my virtual machine(Virtual PC) in vmware virtual machine.

I have test too the openvpn vmware appliance.
Disguted by the 2 users limitation.

I am back on on my new dedicated XP virtual machine but the same problem with the bridging mode of XP.

after big search I have see that :
when you go in bridge mode, normally windows set your network interface card in promiscuous mode.
But sometime he forgot to do thathttp://support.microsoft.com/default.as ... -us;302348.
I have set the promiscuous mode with this manip :

At a command prompt, type netsh bridge show adapter.
Locate the identification number of the NIC that is not responding.
If the NIC is not in Compatibility mode, you can change it manually if you type the following command, where 1 is the number of the NIC that is displayed in the first step:
netsh bridge set adapter 1 forcecompatmode=enable
Run the netsh bridge show adapter command again to verify that the ForceCompatabilityMode field for the NIC is displayed as Enabled.

After I start connection openvpn test.
And now it work good.

now, I continue to test it.

Thanks to openvpn team for it.
Thank you very much for your help maikcat.

BenGonGon

[maikcat]

hi there,

wanted to thank you for sharing out the solution to promisc mode under windows.

glad to hear your problem is solved.

closing topic.

Regards

Michael.