I appear to be able to connect from a Windows XP client, but after connecting, I am not passing any data.
My server is running Linux 2.6.32-220.13.1.el6.i686
Here is my server.conf:
Code: Select all
port 1194
proto tcp
dev tap
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20
Code: Select all
client
dev tap
proto tcp
remote xx.xx.xx.162 1194 (network hidden)
resolv-retry infinite
nobind
persist-key
persist-tun
ca anegada.crt
cert walker.crt
key walker.key
ns-cert-type server
comp-lzo
verb 3
Code: Select all
iptables -L -t nat -v
Chain PREROUTING (policy ACCEPT 261 packets, 16042 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 315 packets, 22092 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth1 192.168.0.0/24 anywhere
0 0 MASQUERADE all -- any eth1 10.8.0.0/24 anywhere
0 0 MASQUERADE all -- any bond1 192.168.0.0/24 anywhere
0 0 MASQUERADE all -- any bond1 10.8.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT 315 packets, 22092 bytes)
pkts bytes target prot opt in out source destination
Code: Select all
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
xx.xx.xx.160 0.0.0.0 255.255.255.248 U 0 0 0 bond1
10.51.47.128 0.0.0.0 255.255.255.192 U 0 0 0 bond0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bond0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bond1
10.0.0.0 10.51.47.129 255.0.0.0 UG 0 0 0 bond0
0.0.0.0 xx.xx.xx.161 0.0.0.0 UG 0 0 0 bond1
Code: Select all
C:\Documents and Settings\Walker Mangum>netstat -nr
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f e1 56 30 9b ...... Dell Wireless 1490 Dual Band WLAN Mini-Card - Packet Scheduler Miniport
0x80003 ...00 ff 35 ba 9f 70 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport
0x1a0006 ...00 ff 0b bb f0 b4 ...... TAP-Win32 Adapter OAS - Packet Scheduler Miniport
0x1e0005 ...00 1c 23 3a 69 30 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x1e0007 ...02 0e 01 02 35 64 ...... SAMSUNG Mobile USB Remote NDIS Network Device - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 128.0.0.0 10.8.0.4 10.8.0.50 1
0.0.0.0 0.0.0.0 192.168.42.129 192.168.42.214 25
10.8.0.0 255.255.255.0 10.8.0.50 10.8.0.50 30
10.8.0.50 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.8.0.50 10.8.0.50 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.0.0.0 128.0.0.0 10.8.0.4 10.8.0.50 1
169.254.0.0 255.255.0.0 192.168.42.214 192.168.42.214 20
xx.xx.xx.162 255.255.255.255 192.168.42.129 192.168.42.214 1
192.168.0.0 255.255.255.0 10.8.0.4 10.8.0.50 1
192.168.42.0 255.255.255.0 192.168.42.214 192.168.42.214 25
192.168.42.214 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.42.255 255.255.255.255 192.168.42.214 192.168.42.214 25
224.0.0.0 240.0.0.0 10.8.0.50 10.8.0.50 30
224.0.0.0 240.0.0.0 192.168.42.214 192.168.42.214 25
255.255.255.255 255.255.255.255 10.8.0.50 10.8.0.50 1
255.255.255.255 255.255.255.255 192.168.42.214 1e0005 1
255.255.255.255 255.255.255.255 192.168.42.214 80003 1
255.255.255.255 255.255.255.255 192.168.42.214 192.168.42.214 1
255.255.255.255 255.255.255.255 192.168.42.214 2 1
Default Gateway: 10.8.0.4
===========================================================================
Persistent Routes:
None
Code: Select all
Mon Apr 8 13:15:44 2013 OpenVPN 2.0 i686-pc-linux [SSL] [LZO] [EPOLL] built on Nov 14 2012
Mon Apr 8 13:15:44 2013 Diffie-Hellman initialized with 1024 bit key
Mon Apr 8 13:15:44 2013 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Apr 8 13:15:44 2013 TUN/TAP device tap1 opened
Mon Apr 8 13:15:44 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:23 ET:32 EL:0 AF:3/1 ]
Mon Apr 8 13:15:44 2013 GID set to nobody
Mon Apr 8 13:15:44 2013 UID set to nobody
Mon Apr 8 13:15:44 2013 Listening for incoming TCP connection on [undef]:1194
Mon Apr 8 13:15:44 2013 TCPv4_SERVER link local (bound): [undef]:1194
Mon Apr 8 13:15:44 2013 TCPv4_SERVER link remote: [undef]
Mon Apr 8 13:15:44 2013 MULTI: multi_init called, r=256 v=256
Mon Apr 8 13:15:44 2013 IFCONFIG POOL: base=10.8.0.50 size=51
Mon Apr 8 13:15:44 2013 IFCONFIG POOL LIST
Mon Apr 8 13:15:44 2013 walker,10.8.0.50
Mon Apr 8 13:15:44 2013 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Apr 8 13:15:44 2013 Initialization Sequence Completed
Mon Apr 8 13:16:01 2013 MULTI: multi_create_instance called
Mon Apr 8 13:16:01 2013 Re-using SSL/TLS context
Mon Apr 8 13:16:01 2013 LZO compression initialized
Mon Apr 8 13:16:01 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Apr 8 13:16:01 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:23 ET:32 EL:0 AF:3/1 ]
Mon Apr 8 13:16:01 2013 Local Options hash (VER=V4): '3e6d1056'
Mon Apr 8 13:16:01 2013 Expected Remote Options hash (VER=V4): '31fdf004'
Mon Apr 8 13:16:01 2013 TCP connection established with 166.137.149.76:48592
Mon Apr 8 13:16:01 2013 TCPv4_SERVER link local: [undef]
Mon Apr 8 13:16:01 2013 TCPv4_SERVER link remote: 166.137.149.76:48592
Mon Apr 8 13:16:01 2013 166.137.149.76:48592 TLS: Initial packet from 166.137.149.76:48592, sid=5c7233f6 ec9e7d06
Mon Apr 8 13:16:03 2013 166.137.149.76:48592 VERIFY OK: depth=1, /C=US/ST=TX/L=HOUSTON/O=BVIPirate/CN=anegada/emailAddress=walker@bvipirate.com
Mon Apr 8 13:16:03 2013 166.137.149.76:48592 VERIFY OK: depth=0, /C=US/ST=TX/O=BVIPirate/CN=walker/emailAddress=walker@bvipirate.com
Mon Apr 8 13:16:04 2013 166.137.149.76:48592 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 8 13:16:04 2013 166.137.149.76:48592 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 8 13:16:04 2013 166.137.149.76:48592 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 8 13:16:04 2013 166.137.149.76:48592 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 8 13:16:04 2013 166.137.149.76:48592 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Apr 8 13:16:04 2013 166.137.149.76:48592 [walker] Peer Connection Initiated with 166.137.149.76:48592
Mon Apr 8 13:16:06 2013 walker/166.137.149.76:48592 PUSH: Received control message: 'PUSH_REQUEST'
Mon Apr 8 13:16:06 2013 walker/166.137.149.76:48592 SENT CONTROL [walker]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1,route-gateway 10.8.0.4,ping 10,ping-restart 120,ifconfig 10.8.0.50 255.255.255.0' (status=1)
Mon Apr 8 13:16:08 2013 walker/166.137.149.76:48592 MULTI: Learn: 00:ff:0b:bb:f0:b4 -> walker/166.137.149.76:48592
Code: Select all
Mon Apr 08 13:15:56 2013 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Mon Apr 08 13:15:56 2013 MANAGEMENT: Connected to management server at 127.0.0.1:55208
Mon Apr 08 13:15:56 2013 MANAGEMENT: CMD 'log on'
Mon Apr 08 13:15:56 2013 MANAGEMENT: CMD 'state on'
Mon Apr 08 13:15:56 2013 MANAGEMENT: CMD 'echo on'
Mon Apr 08 13:15:56 2013 MANAGEMENT: CMD 'bytecount 5'
Mon Apr 08 13:15:56 2013 MANAGEMENT: CMD 'hold off'
Mon Apr 08 13:15:56 2013 MANAGEMENT: CMD 'hold release'
Mon Apr 08 13:15:56 2013 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 08 13:15:56 2013 LZO compression initialized
Mon Apr 08 13:15:56 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Apr 08 13:15:56 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Apr 08 13:15:56 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Apr 08 13:15:56 2013 Local Options hash (VER=V4): '31fdf004'
Mon Apr 08 13:15:56 2013 Expected Remote Options hash (VER=V4): '3e6d1056'
Mon Apr 08 13:15:56 2013 Attempting to establish TCP connection with xx.xx.xx.162:1194
Mon Apr 08 13:15:56 2013 MANAGEMENT: >STATE:1365444956,TCP_CONNECT,,,
Mon Apr 08 13:15:56 2013 TCP connection established with xx.xx.xx.162:1194
Mon Apr 08 13:15:56 2013 TCPv4_CLIENT link local: [undef]
Mon Apr 08 13:15:56 2013 TCPv4_CLIENT link remote: xx.xx.xx.162:1194
Mon Apr 08 13:15:56 2013 MANAGEMENT: >STATE:1365444956,WAIT,,,
Mon Apr 08 13:15:56 2013 MANAGEMENT: >STATE:1365444956,AUTH,,,
Mon Apr 08 13:15:56 2013 TLS: Initial packet from xx.xx.xx.162:1194, sid=9e1c6748 a619d992
Mon Apr 08 13:15:57 2013 VERIFY OK: depth=1, /C=US/ST=TX/L=HOUSTON/O=BVIPirate/CN=anegada/emailAddress=walker@bvipirate.com
Mon Apr 08 13:15:57 2013 VERIFY OK: nsCertType=SERVER
Mon Apr 08 13:15:57 2013 VERIFY OK: depth=0, /C=US/ST=TX/O=BVIPirate/CN=anegada/emailAddress=walker@bvipirate.com
Mon Apr 08 13:15:59 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 08 13:15:59 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 08 13:15:59 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 08 13:15:59 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 08 13:15:59 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Apr 08 13:15:59 2013 [anegada] Peer Connection Initiated with xx.xx.xx.162:1194
Mon Apr 08 13:16:00 2013 MANAGEMENT: >STATE:1365444960,GET_CONFIG,,,
Mon Apr 08 13:16:01 2013 SENT CONTROL [anegada]: 'PUSH_REQUEST' (status=1)
Mon Apr 08 13:16:01 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1,route-gateway 10.8.0.4,ping 10,ping-restart 120,ifconfig 10.8.0.50 255.255.255.0'
Mon Apr 08 13:16:01 2013 OPTIONS IMPORT: timers and/or timeouts modified
Mon Apr 08 13:16:01 2013 OPTIONS IMPORT: --ifconfig/up options modified
Mon Apr 08 13:16:01 2013 OPTIONS IMPORT: route options modified
Mon Apr 08 13:16:01 2013 OPTIONS IMPORT: route-related options modified
Mon Apr 08 13:16:01 2013 ROUTE default_gateway=192.168.42.129
Mon Apr 08 13:16:01 2013 MANAGEMENT: >STATE:1365444961,ASSIGN_IP,,10.8.0.50,
Mon Apr 08 13:16:01 2013 TAP-WIN32 device [Local Area Connection 11] opened: \\.\Global\{0BBBF0B4-B1E9-4AEE-A33C-6CE65E8B5ACC}.tap
Mon Apr 08 13:16:01 2013 TAP-Win32 Driver Version 9.7
Mon Apr 08 13:16:01 2013 TAP-Win32 MTU=1500
Mon Apr 08 13:16:01 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.50/255.255.255.0 on interface {0BBBF0B4-B1E9-4AEE-A33C-6CE65E8B5ACC} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Mon Apr 08 13:16:01 2013 Successful ARP Flush on interface [1703942] {0BBBF0B4-B1E9-4AEE-A33C-6CE65E8B5ACC}
Mon Apr 08 13:16:06 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Apr 08 13:16:06 2013 C:\WINDOWS\system32\route.exe ADD xx.xx.xx.162 MASK 255.255.255.255 192.168.42.129
Mon Apr 08 13:16:06 2013 Route addition via IPAPI succeeded [adaptive]
Mon Apr 08 13:16:06 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.4
Mon Apr 08 13:16:06 2013 Route addition via IPAPI succeeded [adaptive]
Mon Apr 08 13:16:06 2013 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.4
Mon Apr 08 13:16:06 2013 Route addition via IPAPI succeeded [adaptive]
Mon Apr 08 13:16:06 2013 MANAGEMENT: >STATE:1365444966,ADD_ROUTES,,,
Mon Apr 08 13:16:06 2013 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.8.0.4
Mon Apr 08 13:16:06 2013 Route addition via IPAPI succeeded [adaptive]
Mon Apr 08 13:16:06 2013 Initialization Sequence Completed
Mon Apr 08 13:16:06 2013 MANAGEMENT: >STATE:1365444966,CONNECTED,SUCCESS,10.8.0.50,xx.xx.xx.162
Code: Select all
C:\Documents and Settings\Walker Mangum>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),