[Problem] Sometimes doesnt create interface/connection

[mac-duff]

Hi everyone,
I am having a strange problem with my dreambox and the openvpn client. Most of the times it just doesnt create the connection also when I get in the console the info back that the client was started successfully.
The worst part is that when the connection does not create and even cant reboot the box or start a ping or ifconfig, it crashes.

Here the log when the connection fails

Code: Select all

Sun Jan  6 15:40:19 2013 OpenVPN 2.2.2 mipsel-oe-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Mar  7 2012
Sun Jan  6 15:40:19 2013 WARNING: file '/etc/openvpn/authpass' is group or others accessible
Sun Jan  6 15:40:19 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan  6 15:40:19 2013 WARNING: file 'ivacy-client.key' is group or others accessible
Sun Jan  6 15:40:19 2013 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Jan  6 15:40:19 2013 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Jan  6 15:40:19 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 15:40:19 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 15:40:19 2013 LZO compression initialized
Sun Jan  6 15:40:19 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Jan  6 15:40:19 2013 Socket Buffers: R=[103424->131072] S=[103424->131072]
Sun Jan  6 15:40:19 2013 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses
Sun Jan  6 15:40:19 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan  6 15:40:19 2013 Local Options hash (VER=V4): '504e774e'
Sun Jan  6 15:40:19 2013 Expected Remote Options hash (VER=V4): '14168603'
Sun Jan  6 15:40:19 2013 UDPv4 link local: [undef]
Sun Jan  6 15:40:19 2013 UDPv4 link remote: 213.232.200.170:1194
Sun Jan  6 15:40:19 2013 TLS: Initial packet from 213.232.200.170:1194, sid=0ba3f877 9ae59387
Sun Jan  6 15:40:19 2013 WARNING: this configuration may cache passwords  in memory -- use the auth-nocache option to prevent this
Sun Jan  6 15:40:20 2013 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Jan  6 15:40:20 2013 VERIFY OK: nsCertType=SERVER
Sun Jan  6 15:40:20 2013 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Jan  6 15:40:22 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan  6 15:40:22 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 15:40:22 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan  6 15:40:22 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 15:40:22 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jan  6 15:40:22 2013 [openvpn.ivacy.com] Peer Connection Initiated with 213.232.200.170:1194
Sun Jan  6 15:40:24 2013 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Jan  6 15:40:24 2013 PUSH: Received control message:  'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS  1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN  vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping  10,ping-restart 60,ifconfig 1.2.124.110 255.255.255.0'
Sun Jan  6 15:40:24 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan  6 15:40:24 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Jan  6 15:40:24 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan  6 15:40:24 2013 OPTIONS IMPORT: route options modified
Sun Jan  6 15:40:24 2013 OPTIONS IMPORT: route-related options modified
Sun Jan  6 15:40:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan  6 15:40:24 2013 ROUTE default_gateway=192.168.33.2

and here when it starts successfully

Code: Select all

Sun Jan  6 16:23:32 2013 OpenVPN 2.2.2 mipsel-oe-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Mar  7 2012
Sun Jan  6 16:23:32 2013 WARNING: file '/etc/openvpn/authpass' is group or others accessible
Sun Jan  6 16:23:32 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan  6 16:23:32 2013 WARNING: file 'ivacy-client.key' is group or others accessible
Sun Jan  6 16:23:32 2013 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Jan  6 16:23:32 2013 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Jan  6 16:23:32 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 16:23:32 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 16:23:32 2013 LZO compression initialized
Sun Jan  6 16:23:32 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Jan  6 16:23:32 2013 Socket Buffers: R=[103424->131072] S=[103424->131072]
Sun Jan  6 16:23:32 2013 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses
Sun Jan  6 16:23:32 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan  6 16:23:32 2013 Local Options hash (VER=V4): '504e774e'
Sun Jan  6 16:23:32 2013 Expected Remote Options hash (VER=V4): '14168603'
Sun Jan  6 16:23:32 2013 UDPv4 link local: [undef]
Sun Jan  6 16:23:32 2013 UDPv4 link remote: 213.232.200.172:1194
Sun Jan  6 16:23:32 2013 TLS: Initial packet from 213.232.200.172:1194, sid=695cef27 21c0c54d
Sun Jan  6 16:23:32 2013 WARNING: this configuration may cache passwords  in memory -- use the auth-nocache option to prevent this
Sun Jan  6 16:23:33 2013 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Jan  6 16:23:33 2013 VERIFY OK: nsCertType=SERVER
Sun Jan  6 16:23:33 2013 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Jan  6 16:23:35 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan  6 16:23:35 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 16:23:35 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan  6 16:23:35 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan  6 16:23:35 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jan  6 16:23:35 2013 [openvpn.ivacy.com] Peer Connection Initiated with 213.232.200.172:1194
Sun Jan  6 16:23:37 2013 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Jan  6 16:23:37 2013 PUSH: Received control message:  'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS  1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN  vpn,explicit-exit-notify 2,route-gateway 1.2.112.1,topology subnet,ping  10,ping-restart 60,ifconfig 1.2.112.101 255.255.252.0'
Sun Jan  6 16:23:37 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan  6 16:23:37 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Jan  6 16:23:37 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan  6 16:23:37 2013 OPTIONS IMPORT: route options modified
Sun Jan  6 16:23:37 2013 OPTIONS IMPORT: route-related options modified
Sun Jan  6 16:23:37 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan  6 16:23:37 2013 ROUTE default_gateway=192.168.33.2
Sun Jan  6 16:23:37 2013 TUN/TAP device tun0 opened
Sun Jan  6 16:23:37 2013 TUN/TAP TX queue length set to 100
Sun Jan  6 16:23:37 2013 /sbin/ifconfig tun0 1.2.112.101 netmask 255.255.252.0 mtu 1500 broadcast 1.2.115.255
Sun Jan  6 16:23:37 2013 /sbin/route add -net 213.232.200.172 netmask 255.255.255.255 gw 192.168.33.2
Sun Jan  6 16:23:37 2013 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sun Jan  6 16:23:37 2013 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 1.2.112.1
Sun Jan  6 16:23:37 2013 WARNING: potential route subnet conflict  between local LAN [1.2.112.0/255.255.255.0] and remote VPN  [1.0.0.0/255.0.0.0]
Sun Jan  6 16:23:37 2013 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.112.1
Sun Jan  6 16:23:37 2013 Initialization Sequence Completed

Any idea what it could be?

Thanks
md

Edit:
Also when I say
openvpn --rmtun --dev tun0
it crashes and I cant call ifconfig anymore and have to make a hard reset

[maikcat]

what dm are you using? 500? 800?

which image?

Michael.

[mac-duff]

Hi,
having the 800SE HD with the el blindo imagine based on newnigma2

[maikcat]

is your dm a clone?

what sim you have?

Michael.

[mac-duff]

Yes, its a clone with Sim 2.1

The strange thing is when I for example change something in the config like activating a push route it works again...

[maikcat]

Sun Jan 6 16:23:37 2013 WARNING: potential route subnet conflict between local LAN [1.2.112.0/255.255.255.0] and remote VPN [1.0.0.0/255.0.0.0]

can you post your configs,ip settings etc?

Michael.

[mac-duff]

Sure, my config is

client
dev tun
proto udp
remote openvpn.ivacy.com 1194
push "route 192.168.33.0 255.255.255.0"
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-ca.crt
cert ivacy-client.crt
key ivacy-client.key
tls-auth ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass /etc/openvpn/authpass
redirect-gateway
reneg-sec 0
#status openvpn-status.log
log openvpn.log

and my IP config

Code: Select all

IP: 192.168.33.22
Sub: 24
GW: 192.168.33.2

[maikcat]

your config has some issues...

remove this:

push "route 192.168.33.0 255.255.255.0"

server pushes routes to clients not the other way around...

also change this:

redirect-gateway

to this

Code: Select all

redirect-gateway def1

btw why need to change default gateway through vpn?
can you also post server config?

Michael.

[mac-duff]

Well, I added the push route because I tested it before under XP and when I didnt add it I couldnt access my local LAN.
The server config I cant post because I dont have it, its a paid VPN server.

But thanks for the tip, next time I ll have this issue I will try it with the redirect-gateway

[mac-duff]

Hi again,
so I changed it to def1 but the result is the same.
It hangs after the default GW is created

Code: Select all

Mon Jan 21 19:21:21 2013 ROUTE default_gateway=192.168.33.2

[hamborambo]

Hi, I have exactly the same fault with a dm800 non se clone currently on the GP3 image occasionally it works but most of the time fails as above. I think its an issue opening the tun device rather than route add but I've not found a fix. I've tried various vpn provides and had the configfs working under Windows, Linux and openwrt devices.

Any help would be gratefully appreciated

[mac-duff]

The only way I got it working is with a org sim and one of the latest images...
Anyway, it is really a strange behavior...

[hamborambo]

It really is a strange one and it's got the better of me. I've tried various images and also manually installing openvpn and the tun interface. Did you say you've managed to get it working properly with a dm800se with an original sim card? What image are you running and does it work every time now?

Sounds like I need to invest in an 800se and original sim.