Hello there everyone,
Before I established a proxy connection from my laptop to my Smoothwall Express 3.0 SP3 Update 9 Firewall, with Advanced Proxy, URLFilter, and OpenVPN, with the ClamAV 0.97.6 installed, I get a connection from my laptop to my Smoothie Firewall. Here's the output of the successful connection:
Sat Feb 23 00:06:37 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sat Feb 23 00:06:37 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Feb 23 00:06:42 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Feb 23 00:06:42 2013 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sat Feb 23 00:06:42 2013 Control Channel MTU parms [ L:1443 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Feb 23 00:06:42 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Feb 23 00:06:42 2013 Data Channel MTU parms [ L:1443 D:1443 EF:43 EB:4 ET:0 EL:0 ]
Sat Feb 23 00:06:42 2013 Local Options hash (VER=V4): '7e8b97b9'
Sat Feb 23 00:06:42 2013 Expected Remote Options hash (VER=V4): 'f0f90397'
Sat Feb 23 00:06:42 2013 Attempting to establish TCP connection with 192.168.1.100:1194
Sat Feb 23 00:06:42 2013 TCP connection established with 192.168.1.100:1194
Sat Feb 23 00:06:42 2013 TCPv4_CLIENT link local: [undef]
Sat Feb 23 00:06:42 2013 TCPv4_CLIENT link remote: 192.168.1.100:1194
Sat Feb 23 00:06:42 2013 TLS: Initial packet from 192.168.1.100:1194, sid=8ae01749 34d85dc9
Sat Feb 23 00:06:42 2013 VERIFY OK: depth=1, /C=US/O=Home/CN=Home_CA
Sat Feb 23 00:06:42 2013 VERIFY OK: nsCertType=SERVER
Sat Feb 23 00:06:42 2013 VERIFY OK: depth=0, /C=US/O=Home/CN=192.168.1.100
Sat Feb 23 00:06:43 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 23 00:06:43 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 23 00:06:43 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 23 00:06:43 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 23 00:06:43 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Feb 23 00:06:43 2013 [192.168.1.100] Peer Connection Initiated with 192.168.1.100:1194
Sat Feb 23 00:06:45 2013 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Sat Feb 23 00:06:46 2013 PUSH: Received control message: 'PUSH_REPLY,route-gateway dhcp,route 10.0.0.0 255.255.255.248,route-gateway dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,dhcp-option DOMAIN home.local,route 10.239.32.1,topology net30,ifconfig 10.239.32.6 10.239.32.5'
Sat Feb 23 00:06:46 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 23 00:06:46 2013 OPTIONS IMPORT: route options modified
Sat Feb 23 00:06:46 2013 OPTIONS IMPORT: route-related options modified
Sat Feb 23 00:06:46 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Feb 23 00:06:46 2013 ROUTE default_gateway=192.168.1.1
Sat Feb 23 00:06:46 2013 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{4CC72EE6-98DB-4620-B95E-672E598D228D}.tap
Sat Feb 23 00:06:46 2013 TAP-Win32 Driver Version 9.9
Sat Feb 23 00:06:46 2013 TAP-Win32 MTU=1500
Sat Feb 23 00:06:46 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.239.32.6/255.255.255.252 on interface {4CC72EE6-98DB-4620-B95E-672E598D228D} [DHCP-serv: 10.239.32.5, lease-time: 31536000]
Sat Feb 23 00:06:46 2013 Successful ARP Flush on interface [25] {4CC72EE6-98DB-4620-B95E-672E598D228D}
Sat Feb 23 00:06:52 2013 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Sat Feb 23 00:06:52 2013 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [0.0.0.0/0.0.0.0]
Sat Feb 23 00:06:52 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.239.32.5 METRIC 512
Sat Feb 23 00:06:52 2013 Route addition via IPAPI succeeded [adaptive]
Sat Feb 23 00:06:52 2013 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.255.255.248 10.239.32.5 METRIC 512
Sat Feb 23 00:06:52 2013 Route addition via IPAPI succeeded [adaptive]
Sat Feb 23 00:06:52 2013 C:\WINDOWS\system32\route.exe ADD 10.239.32.1 MASK 255.255.255.255 10.239.32.5 METRIC 512
Sat Feb 23 00:06:52 2013 Route addition via IPAPI succeeded [adaptive]
Sat Feb 23 00:06:52 2013 Initialization Sequence Completed
When I input the http-proxy option in the Ben-To-SW.ovpn file with the following: http-proxy 10.0.0.1 800 (10.0.0.1 is my green NIC IP Address, port 800 is the proxy port), and save it, or select the Internet Explorer Proxy Settings (client config or Internet Explorer), it would say established TCP connection to my Internal Green IP address (10.0.0.1), and tries to do an HTTP proxy port 1194 (OpenVPN port) to my remote connection (Red NIC), which is my wireless router [192.168.1.0/24] and fails. Here's the output of the failed connection:
Sat Feb 23 00:07:41 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Feb 23 00:07:46 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Feb 23 00:07:46 2013 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sat Feb 23 00:07:46 2013 Control Channel MTU parms [ L:1443 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Feb 23 00:07:46 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Feb 23 00:07:46 2013 Data Channel MTU parms [ L:1443 D:1443 EF:43 EB:4 ET:0 EL:0 ]
Sat Feb 23 00:07:46 2013 Local Options hash (VER=V4): '7e8b97b9'
Sat Feb 23 00:07:46 2013 Expected Remote Options hash (VER=V4): 'f0f90397'
Sat Feb 23 00:07:46 2013 Attempting to establish TCP connection with 10.0.0.1:800 --> Proxy Server
Sat Feb 23 00:07:46 2013 TCP connection established with 10.0.0.1:800 --> Proxy Server
Sat Feb 23 00:07:46 2013 Send to HTTP proxy: 'CONNECT 192.168.1.100:1194 HTTP/1.0' --> Tries to connect to the proxy server with the remote IP Address and Port #
Sat Feb 23 00:07:51 2013 recv_line: TCP port read timeout expired
Sat Feb 23 00:07:51 2013 TCP/UDP: Closing socket
Sat Feb 23 00:07:51 2013 SIGTERM[soft,init_instance] received, process exiting
As a reference, here are the server's (Smoothie) and the client's configuration files:
/var/smoothall/ovpn/server.red.conf (Smoothie)
#OpenVPN red server conf
config /var/smoothwall/ovpn/server.conf
writepid /var/run/openvpn.rw.red.pid
proto tcp
port 1194
dev tun0
server 10.239.32.0 255.255.255.0
push "route 10.0.0.0 255.255.255.248"
push "route-gateway dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DOMAIN home.local"
Ben-TO-SW.ovpn (my laptop)
#OpenVPN Server conf
route-metric 512 --> necessary?
route 0.0.0.0 0.0.0.0 --> necessary?
remote 192.168.1.100 --> Smoothie IP Address (External)
port 1194 --> OpenVPN Port #
http-proxy 10.0.0.1 800 --> Proxy server on the Smoothie Firewall
http-proxy-retry
tls-client
client
dev tun
proto tcp
tun-mtu 1400
#remote 172.16.0.1 1195
pkcs12 Ben.p12
cipher BF-CBC
verb 3
ns-cert-type server
/var/smoothwall/ovpn/server.conf (Smoothie)
#OpenVPN common server conf
daemon openvpnserver
;local 192.168.1.100
tun-mtu 1400
tls-server
ca /var/smoothwall/ovpn/ca/cacert.pem
cert /var/smoothwall/ovpn/certs/servercert.pem
key /var/smoothwall/ovpn/certs/serverkey.pem
dh /var/smoothwall/ovpn/ca/dh1024.pem
status-version 1
status /var/smoothwall/ovpn/server.log 30
cipher BF-CBC
max-clients 100
tls-verify "/var/smoothwall/ovpn/verify-cn /var/smoothwall/ovpn/ovpnconfig"
crl-verify /var/smoothwall/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3
push "route-gateway dhcp"
Is it my client file that is not working right, or did I miss a few steps?
Thanks for your help.
-Ben
OpenVPN and http-proxy option in the client.ovpn won't work
-
SmoothwallUser
- OpenVpn Newbie
- Posts: 12
- Joined: Sat Feb 23, 2013 6:17 am
-
SmoothwallUser
- OpenVpn Newbie
- Posts: 12
- Joined: Sat Feb 23, 2013 6:17 am
Re: OpenVPN and http-proxy option in the client.ovpn won't w
Update #1: I inputted the following in my OpenVPN Server (Smoothie) under /etc/rc.d/rc.firewall.up:
My Android smartphone with Feat VPN connects to the proxy server without any issues, just my laptop won't still... It's in working progress.
Code: Select all
/sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 800
/sbin/iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to 10.0.0.1:800
-
SmoothwallUser
- OpenVpn Newbie
- Posts: 12
- Joined: Sat Feb 23, 2013 6:17 am
Re: OpenVPN and http-proxy option in the client.ovpn won't w
Update #2: My Ubuntu machine (on a flash drive connected to my laptop) connects to the proxy as well. Windows 7 might need tweaking...SmoothwallUser wrote:Update #1: I inputted the following in my OpenVPN Server (Smoothie) under /etc/rc.d/rc.firewall.up:My Android smartphone with Feat VPN connects to the proxy server without any issues, just my laptop won't still... It's in working progress.Code: Select all
/sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 800 /sbin/iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to 10.0.0.1:800