OpenVPN routing issues?

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

OpenVPN routing issues?

Post by bmmcwhirt » Thu Jan 06, 2011 3:35 pm

I am having a problem with routing I think. I am able to estabilsh an openVPN connection from my mac using tunelblick to my FBSD server running openVPN but I am unable to access my subnets or the internet after the connection is made. The goal is to have all my traffic tunneled over the openVPN connection. Currently the connection is established just fine but once it is all traffic stops. The FreeBSD box is set up to be a gateway so it should be routing packets to the internet just fine, but neither internet traffic nor traffic to my 10.2.2.0/24 subnet are getting routed.

I happily admit this is my first time configuring openVPN and though I have read through the documentation I do not fully understand everything and any help would be greatly appreciated.

server.conf

Code: Select all

local {public IP to use as this machine has multiple and I only want it on this one}
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key  # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 9
FreeBSD rc.conf

Code: Select all

defaultrouter="{cisco router}"
hostname="my.com"
ifconfig_em0="inet {public ip #1}  netmask 255.255.255.192"
ifconfig_em1="inet 10.2.2.51 netmask 255.255.255.0"
ipv6_enable="YES"
moused_enable="YES"
nfs_client_enable="YES"
sshd_enable="YES"

# OpenVPN Config
gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
openvpn_if="tun"
mac client.conf for tunelblick

Code: Select all

client
dev tun
proto udp
remote {public ip #1} 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca {points to my ca.crt}
cert {points to client.crt}
key {points to client.key}
comp-lzo
verb 3
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: OpenVPN routing issues?

Post by gladiatr72 » Thu Jan 06, 2011 4:39 pm

Hello,

What changes did you make to your firewall to include the VPN network and/or your tunnel device?

-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

Re: OpenVPN routing issues?

Post by bmmcwhirt » Thu Jan 06, 2011 5:05 pm

Currently there is no firewall configured on either side. I already disabled the firewall on the mac to ensure it didn't get in the way during install/configuration and none has been configured on the FreeBSD server.
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: OpenVPN routing issues?

Post by gladiatr72 » Thu Jan 06, 2011 7:29 pm

Code: Select all

push "redirect-gateway def1 bypass-dhcp"
Take this line out of your server.conf then. If you don't have NAT configured for your vpn client network(either through PF or ipfw), the packets from your vpn clients will dead-end at your vpn server.

-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

Re: OpenVPN routing issues?

Post by bmmcwhirt » Thu Jan 06, 2011 7:38 pm

No that needs to be there so that all traffic is routed over the vpn.

gateway_enable="YES"

That tells FBSD to act as an internet gateway so that is not the problem.

Even w/o that line I still can not access 10.2.2.0 subnet.

I definitely want ALL traffic going over the VPN.

The server is set at verb 9 I will scale it back to 6 and the client to 6 and let you know if I see anything there.
Top
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

Re: OpenVPN routing issues?

Post by bmmcwhirt » Thu Jan 06, 2011 7:47 pm

ok, the line

push "redirect-gateway def1 bypass-dhcp"

tells the client to direct all traffic to 10.8.0.49 but there is not a virtual interface created for that ip, the openvpn server runs at 10.8.0.1 and the client is give the address 10.8.0.50.

I am not sure what it is doing there as that is never going to work as it never creates anything at 10.8.0.49 for the client to communicate with.

Also with the line commented out I can ping 10.2.2.5 but I can not access the webserver on it or do a tracerotue to it. 10.2.2.5 has a route set for 10.8.0.0/24 to 10.8.0.1
Last edited by bmmcwhirt on Thu Jan 06, 2011 7:52 pm, edited 1 time in total.
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: OpenVPN routing issues?

Post by gladiatr72 » Thu Jan 06, 2011 7:49 pm

gateway_enable=YES
This tells FreeBSD to forward packets between network interfaces. That's it.

Beyond that, you're saying two things:
neither internet traffic nor traffic to my 10.2.2.0/24 subnet are getting routed
and
Even w/o that line I still can not access 10.2.2.0 subnet.
Please post your server's NAT configuration and the server's routing table after OpenVPN is running. Also, please bump the log level on your client to '4' and post the output of your client's log file.
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

Re: OpenVPN routing issues?

Post by bmmcwhirt » Thu Jan 06, 2011 8:06 pm

client log

Code: Select all

2011-01-06 15:15:37 *Tunnelblick: OS X 10.6.6; Tunnelblick 3.1.2 (build 2190.2258); OpenVPN 2.1.4
2011-01-06 15:16:19 *Tunnelblick: Attempting connection with config; Set nameserver = 1; monitoring connection
2011-01-06 15:16:19 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start config.ovpn 1337 1 0 0 0 49
2011-01-06 15:16:19 us=839969 Current Parameter Settings:
2011-01-06 15:16:19 us=840158   config = '/Users/iceberg/Library/Application Support/Tunnelblick/Configurations/config.ovpn'
2011-01-06 15:16:19 us=840170   mode = 0
2011-01-06 15:16:19 us=840180   show_ciphers = DISABLED
2011-01-06 15:16:19 us=840189   show_digests = DISABLED
2011-01-06 15:16:19 us=840198   show_engines = DISABLED
2011-01-06 15:16:19 us=840207   genkey = DISABLED
2011-01-06 15:16:19 us=840216   key_pass_file = '[UNDEF]'
2011-01-06 15:16:19 us=840226   show_tls_ciphers = DISABLED
2011-01-06 15:16:19 us=840235 Connection profiles [default]:
2011-01-06 15:16:19 us=840244   proto = udp
2011-01-06 15:16:19 us=840258   local = '[UNDEF]'
2011-01-06 15:16:19 us=840268   local_port = 0
2011-01-06 15:16:19 us=840277   remote = '64.141.147.212'
2011-01-06 15:16:19 us=840286   remote_port = 1194
2011-01-06 15:16:19 us=840295   remote_float = DISABLED
2011-01-06 15:16:19 us=840304   bind_defined = DISABLED
2011-01-06 15:16:19 us=840313   bind_local = DISABLED
2011-01-06 15:16:19 us=840323   connect_retry_seconds = 5
2011-01-06 15:16:19 us=840332   connect_timeout = 10
2011-01-06 15:16:19 us=840341   connect_retry_max = 0
2011-01-06 15:16:19 us=840350   socks_proxy_server = '[UNDEF]'
2011-01-06 15:16:19 us=840360   socks_proxy_port = 0
2011-01-06 15:16:19 us=840369   socks_proxy_retry = DISABLED
2011-01-06 15:16:19 us=840378 Connection profiles END
2011-01-06 15:16:19 us=840387   remote_random = DISABLED
2011-01-06 15:16:19 us=840397   ipchange = '[UNDEF]'
2011-01-06 15:16:19 us=840406   dev = 'tun'
2011-01-06 15:16:19 us=840415   dev_type = '[UNDEF]'
2011-01-06 15:16:19 us=840424   dev_node = '[UNDEF]'
2011-01-06 15:16:19 us=840434   lladdr = '[UNDEF]'
2011-01-06 15:16:19 us=840443   topology = 1
2011-01-06 15:16:19 us=840452   tun_ipv6 = DISABLED
2011-01-06 15:16:19 us=840461   ifconfig_local = '[UNDEF]'
2011-01-06 15:16:19 us=840471   ifconfig_remote_netmask = '[UNDEF]'
2011-01-06 15:16:19 us=840480   ifconfig_noexec = DISABLED
2011-01-06 15:16:19 us=840489   ifconfig_nowarn = DISABLED
2011-01-06 15:16:19 us=840498   shaper = 0
2011-01-06 15:16:19 us=840508   tun_mtu = 1500
2011-01-06 15:16:19 us=840517   tun_mtu_defined = ENABLED
2011-01-06 15:16:19 us=840526   link_mtu = 1500
2011-01-06 15:16:19 us=840535   link_mtu_defined = DISABLED
2011-01-06 15:16:19 us=840545   tun_mtu_extra = 0
2011-01-06 15:16:19 us=840554   tun_mtu_extra_defined = DISABLED
2011-01-06 15:16:19 us=840563   fragment = 0
2011-01-06 15:16:19 us=840573   mtu_discover_type = -1
2011-01-06 15:16:19 us=840582   mtu_test = 0
2011-01-06 15:16:19 us=840591   mlock = DISABLED
2011-01-06 15:16:19 us=840600   keepalive_ping = 0
2011-01-06 15:16:19 us=840609   keepalive_timeout = 0
2011-01-06 15:16:19 us=840619   inactivity_timeout = 0
2011-01-06 15:16:19 us=840628   ping_send_timeout = 0
2011-01-06 15:16:19 us=840637   ping_rec_timeout = 0
2011-01-06 15:16:19 us=840646   ping_rec_timeout_action = 0
2011-01-06 15:16:19 us=840656   ping_timer_remote = DISABLED
2011-01-06 15:16:19 us=840665   remap_sigusr1 = 0
2011-01-06 15:16:19 us=840674   explicit_exit_notification = 0
2011-01-06 15:16:19 us=840684   persist_tun = ENABLED
2011-01-06 15:16:19 us=840693   persist_local_ip = DISABLED
2011-01-06 15:16:19 us=840702   persist_remote_ip = DISABLED
2011-01-06 15:16:19 us=840711   persist_key = ENABLED
2011-01-06 15:16:19 us=840721   mssfix = 1450
2011-01-06 15:16:19 us=840730   passtos = DISABLED
2011-01-06 15:16:19 us=840739   resolve_retry_seconds = 1000000000
2011-01-06 15:16:19 us=840749   username = '[UNDEF]'
2011-01-06 15:16:19 us=840761   groupname = '[UNDEF]'
2011-01-06 15:16:19 us=840770   chroot_dir = '[UNDEF]'
2011-01-06 15:16:19 us=840780   cd_dir = '/Users/iceberg/Library/Application Support/Tunnelblick/Configurations'
2011-01-06 15:16:19 us=840799   writepid = '[UNDEF]'
2011-01-06 15:16:19 us=840809   up_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d'
2011-01-06 15:16:19 us=840819   down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d'
2011-01-06 15:16:19 us=840828   down_pre = DISABLED
2011-01-06 15:16:19 us=840837   up_restart = ENABLED
2011-01-06 15:16:19 us=840846   up_delay = DISABLED
2011-01-06 15:16:19 us=840856   daemon = ENABLED
2011-01-06 15:16:19 us=840865   inetd = 0
2011-01-06 15:16:19 us=840874   log = ENABLED
2011-01-06 15:16:19 us=840883   suppress_timestamps = DISABLED
2011-01-06 15:16:19 us=840893   nice = 0
2011-01-06 15:16:19 us=840902   verbosity = 4
2011-01-06 15:16:19 us=840911   mute = 0
2011-01-06 15:16:19 us=840920   gremlin = 0
2011-01-06 15:16:19 us=840929   status_file = '[UNDEF]'
2011-01-06 15:16:19 us=840938   status_file_version = 1
2011-01-06 15:16:19 us=840948   status_file_update_freq = 60
2011-01-06 15:16:19 us=840957   occ = ENABLED
2011-01-06 15:16:19 us=840966   rcvbuf = 65536
2011-01-06 15:16:19 us=840975   sndbuf = 65536
2011-01-06 15:16:19 us=840985   sockflags = 0
2011-01-06 15:16:19 us=840994   fast_io = DISABLED
2011-01-06 15:16:19 us=841003   lzo = 7
2011-01-06 15:16:19 us=841012   route_script = '[UNDEF]'
2011-01-06 15:16:19 us=841021   route_default_gateway = '[UNDEF]'
2011-01-06 15:16:19 us=841031   route_default_metric = 0
2011-01-06 15:16:19 us=841040   route_noexec = DISABLED
2011-01-06 15:16:19 us=841049   route_delay = 0
2011-01-06 15:16:19 us=841058   route_delay_window = 30
2011-01-06 15:16:19 us=841067   route_delay_defined = DISABLED
2011-01-06 15:16:19 us=841077   route_nopull = DISABLED
2011-01-06 15:16:19 us=841086   route_gateway_via_dhcp = DISABLED
2011-01-06 15:16:19 us=841096   max_routes = 100
2011-01-06 15:16:19 us=841105   allow_pull_fqdn = DISABLED
2011-01-06 15:16:19 us=841115   management_addr = '127.0.0.1'
2011-01-06 15:16:19 us=841125   management_port = 1337
2011-01-06 15:16:19 us=841134   management_user_pass = '[UNDEF]'
2011-01-06 15:16:19 us=841144   management_log_history_cache = 250
2011-01-06 15:16:19 us=841154   management_echo_buffer_size = 100
2011-01-06 15:16:19 us=841164   management_write_peer_info_file = '[UNDEF]'
2011-01-06 15:16:19 us=841174   management_client_user = '[UNDEF]'
2011-01-06 15:16:19 us=841184   management_client_group = '[UNDEF]'
2011-01-06 15:16:19 us=841193   management_flags = 6
2011-01-06 15:16:19 us=841203   shared_secret_file = '[UNDEF]'
2011-01-06 15:16:19 us=841213   key_direction = 0
2011-01-06 15:16:19 us=841223   ciphername_defined = ENABLED
2011-01-06 15:16:19 us=841232   ciphername = 'BF-CBC'
2011-01-06 15:16:19 us=841242   authname_defined = ENABLED
2011-01-06 15:16:19 us=841251   authname = 'SHA1'
2011-01-06 15:16:19 us=841264   prng_hash = 'SHA1'
2011-01-06 15:16:19 us=841274   prng_nonce_secret_len = 16
2011-01-06 15:16:19 us=841286   keysize = 0
2011-01-06 15:16:19 us=841296   engine = DISABLED
2011-01-06 15:16:19 us=841305   replay = ENABLED
2011-01-06 15:16:19 us=841315   mute_replay_warnings = DISABLED
2011-01-06 15:16:19 us=841325   replay_window = 64
2011-01-06 15:16:19 us=841334   replay_time = 15
2011-01-06 15:16:19 us=841344   packet_id_file = '[UNDEF]'
2011-01-06 15:16:19 us=841353   use_iv = ENABLED
2011-01-06 15:16:19 us=841363   test_crypto = DISABLED
2011-01-06 15:16:19 us=841373   tls_server = DISABLED
2011-01-06 15:16:19 us=841382   tls_client = ENABLED
2011-01-06 15:16:19 us=841392   key_method = 2
2011-01-06 15:16:19 us=841401   ca_file = '/Users/iceberg/.keys/ca.crt'
2011-01-06 15:16:19 us=841411   ca_path = '[UNDEF]'
2011-01-06 15:16:19 us=841420   dh_file = '[UNDEF]'
2011-01-06 15:16:19 us=841440   cert_file = '/Users/iceberg/.keys/client.crt'
2011-01-06 15:16:19 us=841450   priv_key_file = '/Users/iceberg/.keys/client.key'
2011-01-06 15:16:19 us=841460   pkcs12_file = '[UNDEF]'
2011-01-06 15:16:19 us=841470   cipher_list = '[UNDEF]'
2011-01-06 15:16:19 us=841479   tls_verify = '[UNDEF]'
2011-01-06 15:16:19 us=841489   tls_remote = '[UNDEF]'
2011-01-06 15:16:19 us=841498   crl_file = '[UNDEF]'
2011-01-06 15:16:19 us=841508   ns_cert_type = 0
2011-01-06 15:16:19 us=841517   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841527   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841536   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841546   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841555   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841565   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841574   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841583   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841593   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841602   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841611   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841621   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841630   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841640   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841649   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841659   remote_cert_ku[i] = 0
2011-01-06 15:16:19 us=841668   remote_cert_eku = '[UNDEF]'
2011-01-06 15:16:19 us=841678   tls_timeout = 2
2011-01-06 15:16:19 us=841688   renegotiate_bytes = 0
2011-01-06 15:16:19 us=841697   renegotiate_packets = 0
2011-01-06 15:16:19 us=841707   renegotiate_seconds = 3600
2011-01-06 15:16:19 us=841717   handshake_window = 60
2011-01-06 15:16:19 us=841726   transition_window = 3600
2011-01-06 15:16:19 us=841736   single_session = DISABLED
2011-01-06 15:16:19 us=841745   push_peer_info = DISABLED
2011-01-06 15:16:19 us=841755   tls_exit = DISABLED
2011-01-06 15:16:19 us=841764   tls_auth_file = '[UNDEF]'
2011-01-06 15:16:19 us=841774   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841784   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841794   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841803   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841813   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841823   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841833   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841843   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841852   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841862   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841872   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841882   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841891   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841901   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841911   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841920   pkcs11_protected_authentication = DISABLED
2011-01-06 15:16:19 us=841931   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841941   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841950   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841960   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841970   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841980   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841990   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=841999   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842009   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842019   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842038   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842048   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842058   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842067   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842077   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842087   pkcs11_private_mode = 00000000
2011-01-06 15:16:19 us=842096   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842106   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842116   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842125   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842135   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842144   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842154   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842163   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842173   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842182   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842192   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842201   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842211   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842221   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842230   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842240   pkcs11_cert_private = DISABLED
2011-01-06 15:16:19 us=842250   pkcs11_pin_cache_period = -1
2011-01-06 15:16:19 us=842259   pkcs11_id = '[UNDEF]'
2011-01-06 15:16:19 us=842269   pkcs11_id_management = DISABLED
2011-01-06 15:16:19 us=842285   server_network = 0.0.0.0
2011-01-06 15:16:19 us=842296   server_netmask = 0.0.0.0
2011-01-06 15:16:19 us=842311   server_bridge_ip = 0.0.0.0
2011-01-06 15:16:19 us=842322   server_bridge_netmask = 0.0.0.0
2011-01-06 15:16:19 us=842332   server_bridge_pool_start = 0.0.0.0
2011-01-06 15:16:19 us=842343   server_bridge_pool_end = 0.0.0.0
2011-01-06 15:16:19 us=842352   ifconfig_pool_defined = DISABLED
2011-01-06 15:16:19 us=842363   ifconfig_pool_start = 0.0.0.0
2011-01-06 15:16:19 us=842373   ifconfig_pool_end = 0.0.0.0
2011-01-06 15:16:19 us=842384   ifconfig_pool_netmask = 0.0.0.0
2011-01-06 15:16:19 us=842393   ifconfig_pool_persist_filename = '[UNDEF]'
2011-01-06 15:16:19 us=842403   ifconfig_pool_persist_refresh_freq = 600
2011-01-06 15:16:19 us=842413   n_bcast_buf = 256
2011-01-06 15:16:19 us=842422   tcp_queue_limit = 64
2011-01-06 15:16:19 us=842432   real_hash_size = 256
2011-01-06 15:16:19 us=842441   virtual_hash_size = 256
2011-01-06 15:16:19 us=842451   client_connect_script = '[UNDEF]'
2011-01-06 15:16:19 us=842460   learn_address_script = '[UNDEF]'
2011-01-06 15:16:19 us=842470   client_disconnect_script = '[UNDEF]'
2011-01-06 15:16:19 us=842480   client_config_dir = '[UNDEF]'
2011-01-06 15:16:19 us=842489   ccd_exclusive = DISABLED
2011-01-06 15:16:19 us=842499   tmp_dir = '[UNDEF]'
2011-01-06 15:16:19 us=842508   push_ifconfig_defined = DISABLED
2011-01-06 15:16:19 us=842519   push_ifconfig_local = 0.0.0.0
2011-01-06 15:16:19 us=842529   push_ifconfig_remote_netmask = 0.0.0.0
2011-01-06 15:16:19 us=842539   enable_c2c = DISABLED
2011-01-06 15:16:19 us=842548   duplicate_cn = DISABLED
2011-01-06 15:16:19 us=842558   cf_max = 0
2011-01-06 15:16:19 us=842567   cf_per = 0
2011-01-06 15:16:19 us=842577   max_clients = 1024
2011-01-06 15:16:19 us=842586   max_routes_per_client = 256
2011-01-06 15:16:19 us=842596   auth_user_pass_verify_script = '[UNDEF]'
2011-01-06 15:16:19 us=842606   auth_user_pass_verify_script_via_file = DISABLED
2011-01-06 15:16:19 us=842615   ssl_flags = 0
2011-01-06 15:16:19 us=842625   port_share_host = '[UNDEF]'
2011-01-06 15:16:19 us=842634   port_share_port = 0
2011-01-06 15:16:19 us=842644   client = ENABLED
2011-01-06 15:16:19 us=842663   pull = ENABLED
2011-01-06 15:16:19 us=842673   auth_user_pass_file = '[UNDEF]'
2011-01-06 15:16:19 us=842687 OpenVPN 2.1.4 i386-apple-darwin10.5.0 [SSL] [LZO2] [PKCS11] built on Dec  9 2010
2011-01-06 15:16:19 us=842801 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2011-01-06 15:16:19 us=843331 Need hold release from management interface, waiting...
2011-01-06 15:16:19 us=974099 MANAGEMENT: Client connected from 127.0.0.1:1337
2011-01-06 15:16:19 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn --cd /Users/iceberg/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/iceberg/Library/Application Support/Tunnelblick/Configurations/config.ovpn --log /tmp/tunnelblick/logs/-SUsers-Siceberg-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sconfig.ovpn.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d --up-restart
2011-01-06 15:16:20 us=7535 MANAGEMENT: CMD 'pid'
2011-01-06 15:16:20 us=7629 MANAGEMENT: CMD 'state on'
2011-01-06 15:16:20 us=7679 MANAGEMENT: CMD 'state'
2011-01-06 15:16:20 us=7754 MANAGEMENT: CMD 'hold release'
2011-01-06 15:16:20 us=7997 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2011-01-06 15:16:20 us=8010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2011-01-06 15:16:20 us=8792 WARNING: file '/Users/iceberg/.keys/client.key' is group or others accessible
2011-01-06 15:16:20 us=9452 LZO compression initialized
2011-01-06 15:16:20 us=9737 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2011-01-06 15:16:20 us=9800 Socket Buffers: R=[42080->65536] S=[9216->65536]
2011-01-06 15:16:20 us=9819 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2011-01-06 15:16:20 us=9839 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2011-01-06 15:16:20 us=9850 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2011-01-06 15:16:20 us=9871 Local Options hash (VER=V4): '41690919'
2011-01-06 15:16:20 us=9887 Expected Remote Options hash (VER=V4): '530fdded'
2011-01-06 15:16:20 us=9907 UDPv4 link local: [undef]
2011-01-06 15:16:20 us=9926 UDPv4 link remote: 64.141.147.212:1194
2011-01-06 15:16:20 us=9966 MANAGEMENT: >STATE:1294344980,WAIT,,,
2011-01-06 15:16:20 us=78854 MANAGEMENT: >STATE:1294344980,AUTH,,,
2011-01-06 15:16:20 us=78924 TLS: Initial packet from 64.141.147.212:1194, sid=cfd7d8f6 2c97c2a6
2011-01-06 15:16:20 us=633712 VERIFY OK: depth=1, /C=US/ST=IN/L=Marion/O=vpnserver/OU=vpnserver/CN=vpnserver/name=vpnserver/emailAddress=support@onbuso.net
2011-01-06 15:16:20 us=635015 VERIFY OK: depth=0, /C=US/ST=IN/L=Marion/O=vpnserver/OU=vpnserver/CN=server/name=vpnserver/emailAddress=support@onbuso.net
2011-01-06 15:16:21 us=700547 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-01-06 15:16:21 us=700617 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-01-06 15:16:21 us=700730 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-01-06 15:16:21 us=700754 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-01-06 15:16:21 us=700859 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2011-01-06 15:16:21 us=700913 [server] Peer Connection Initiated with 64.141.147.212:1194
2011-01-06 15:16:22 us=797153 MANAGEMENT: >STATE:1294344982,GET_CONFIG,,,
2011-01-06 15:16:23 us=893160 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2011-01-06 15:16:23 us=961183 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.50 10.8.0.49'
2011-01-06 15:16:23 us=961326 OPTIONS IMPORT: timers and/or timeouts modified
2011-01-06 15:16:23 us=961349 OPTIONS IMPORT: --ifconfig/up options modified
2011-01-06 15:16:23 us=961368 OPTIONS IMPORT: route options modified
2011-01-06 15:16:23 us=961547 ROUTE default_gateway=192.168.0.1
2011-01-06 15:16:23 us=961746 TUN/TAP device /dev/tun0 opened
2011-01-06 15:16:23 us=961778 MANAGEMENT: >STATE:1294344983,ASSIGN_IP,,10.8.0.50,
2011-01-06 15:16:23 us=961852 /sbin/ifconfig tun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2011-01-06 15:16:23 us=966941 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2011-01-06 15:16:23 us=967018 /sbin/ifconfig tun0 10.8.0.50 10.8.0.49 mtu 1500 netmask 255.255.255.255 up
2011-01-06 15:16:23 us=972138 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d tun0 1500 1542 10.8.0.50 10.8.0.49 init
2011-01-06 15:16:24 us=31843 MANAGEMENT: >STATE:1294344984,ADD_ROUTES,,,
2011-01-06 15:16:24 us=31962 /sbin/route add -net 10.8.0.1 10.8.0.49 255.255.255.255
                                        add net 10.8.0.1: gateway 10.8.0.49
2011-01-06 15:16:24 us=38641 Initialization Sequence Completed
2011-01-06 15:16:24 us=38789 MANAGEMENT: >STATE:1294344984,CONNECTED,SUCCESS,10.8.0.50,64.141.147.212
2011-01-06 15:16:24 *Tunnelblick client.up.tunnelblick.sh: No network configuration changes need to be made
2011-01-06 15:16:24 *Tunnelblick client.up.tunnelblick.sh: Will NOT monitor for other network configuration changes
2011-01-06 15:16:24 *Tunnelblick: Flushed the DNS cache
server log

Code: Select all

Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 39 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=43 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 40 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=44 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 41 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=45 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 42 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=46 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 43 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=47 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 44 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=48 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 45 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=49 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 46 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=50 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 47 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=51 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 48 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [44] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=52 DATA len=30
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 49 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 50 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 51 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [126] from 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ 52 ] pid=36 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [22] to 70.63.54.202:60680: P_ACK_V1 kid=0 [ 36 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [114] from 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=37 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [22] to 70.63.54.202:60680: P_ACK_V1 kid=0 [ 37 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [114] from 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=38 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [22] to 70.63.54.202:60680: P_ACK_V1 kid=0 [ 38 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [28] from 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=39 DATA len=14
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [126] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ 39 ] pid=53 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=54 DATA len=100
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 WRITE [80] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=55 DATA len=66
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 53 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 54 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 55 ]
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jan  6 15:38:04 vpnserver openvpn[30390]: 70.63.54.202:60680 [client1] Peer Connection Initiated with 70.63.54.202:60680
Jan  6 15:38:04 vpnserver openvpn[30390]: client1/70.63.54.202:60680 MULTI: Learn: 10.8.0.50 -> client1/70.63.54.202:60680
Jan  6 15:38:04 vpnserver openvpn[30390]: client1/70.63.54.202:60680 MULTI: primary virtual IP for client1/70.63.54.202:60680: 10.8.0.50
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [104] from 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=40 DATA len=90
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 PUSH: Received control message: 'PUSH_REQUEST'
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.50 10.8.0.49' (status=1)
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [22] to 70.63.54.202:60680: P_ACK_V1 kid=0 [ 40 ]
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [114] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=56 DATA len=100
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [84] to 70.63.54.202:60680: P_CONTROL_V1 kid=0 [ ] pid=57 DATA len=70
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 56 ]
Jan  6 15:38:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [22] from 70.63.54.202:60680: P_ACK_V1 kid=0 [ 57 ]
Jan  6 15:38:17 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:17 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:27 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:27 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:37 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:37 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:47 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:48 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:57 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:38:57 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:07 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:17 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:17 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:27 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:27 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:37 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:38 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:47 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:48 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:57 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 WRITE [53] to 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Jan  6 15:39:59 vpnserver openvpn[30390]: client1/70.63.54.202:60680 UDPv4 READ [53] from 70.63.54.202:60680: P_DATA_V1 kid=0 DATA len=52
Thats obviously not the complete log, if you need it I can publish it or put it on pastebin.ca or something. It is the complete client log after trying to open 10.2.2.5 in safari. Other than setting up the gateway there is no nat on the FBSD box, I dont seem to need it for any of the other machines connecting through it to get out.
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: OpenVPN routing issues?

Post by gladiatr72 » Fri Jan 07, 2011 2:53 pm

Yeah. For future pastes from the server-side, you might set 'verb 4'. Beyond that, it's mostly noise. :)

When you write of "the other machines connecting through it", this refers to machines on your LAN, correct?

If you're using this FreeBSD system as an internet gateway, you've got to have a NAT configuration lying around somewhere.

Humor me and see if any of these gives you something and maybe pastebin whatever you see.

/sbin/ipfw list
/sbin/pfctl -Sa
/sbin/ipnat -l

-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

Re: OpenVPN routing issues?

Post by bmmcwhirt » Fri Jan 07, 2011 3:13 pm

Ok, as you requested here is the output.

Code: Select all

[root@vpnserver /]# /sbin/ipfw list
ipfw: getsockopt(IP_FW_GET): Protocol not available
[root@vpnserver /]# /sbin/pfctl -Sa
pfctl: illegal option -- S
usage: pfctl [-AdeghmNnOqRrvz] [-a anchor] [-D macro=value] [-F modifier]
        [-f file] [-i interface] [-K host | network] [-k host | network ]
        [-o [level]] [-p device] [-s modifier ]
        [-t table -T command [address ...]] [-x level]
[root@vpnserver /]# /sbin/ipnat -l
/dev/ipnat: open: No such file or directory
Incidentally, I have never in my life had to mess with NAT on FBSD for an internet gateway as long as rc.conf has the 'gateway_enable="YES"' line. Now if I wanted to forward specific ports to internal machines then yes I would have to go into the kernel and enable NAT and add the NAT settings in rc.conf but never just for a gateway as per 31.2.4 of the FBSD handbook ( http://www.freebsd.org/doc/handbook/net ... uting.html ). And the gateway works fine for machines connecting through this that are connected via ethernet not ovpn.

Someone on IRC suggested I may need to use tap+bridge instead of tun for what I want, but my understanding was you only needed this for things like cifs file sharing.
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: OpenVPN routing issues?

Post by gladiatr72 » Fri Jan 07, 2011 4:20 pm

Thanks for humoring me on the NAT business.

Please post the routing table from the server.

-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
bmmcwhirt
OpenVpn Newbie
Posts: 7
Joined: Thu Jan 06, 2011 3:10 pm
Location: Indiana

Re: OpenVPN routing issues?

Post by bmmcwhirt » Fri Jan 07, 2011 5:06 pm

ok, you wanted the routing table and I had made a few changes to the config and found some weirdness going on so forgive me if I divert a bit here. I changed my server config based on information found here ( http://www.secure-computing.net/wiki/in ... PN/Routing ) as suggested bot the bot on IRC. I do not know why it is crating these routes to 10.8.0.5 as that interface does not exist on the server and isn't routable. If I manually reconstruct the routes to use 10.8.0.1 as the gateway some stuff works. I can then ssh to 10.2.2.5 but I can not use safari or firefox to pull up the webserver there. 10.2.2.5 has routes to 10.8.0.0/24 via 10.2.2.50 which is the vpn server.

edited server.conf

Code: Select all

local 64.141.147.212
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key  # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 10.8.0.0 255.255.255.0
route 10.2.2.0 255.255.255.0
push "route 10.2.2.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
verb 4
ifconfig server

Code: Select all

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:0c:29:d7:77:44
	inet 64.141.147.212 netmask 0xffffff00 broadcast 64.141.147.255
	inet6 fe80::20c:29ff:fed7:7744%em0 prefixlen 64 scopeid 0x1 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:0c:29:d7:77:4e
	inet 10.2.2.51 netmask 0xffffff00 broadcast 10.2.2.255
	inet6 fe80::20c:29ff:fed7:774e%em1 prefixlen 64 scopeid 0x2 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
pflog0: flags=0<> metric 0 mtu 33200
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	inet6 fe80::20c:29ff:fed7:7744%tun0 prefixlen 64 scopeid 0x6 
	inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	Opened by PID 1117
server: netstat -nr

Code: Select all

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            64.141.147.193     UGS         1      664    em0
10.2.2.0/24        link#2             U           0       24    em1
10.2.2.51          link#2             UHS         0        0    lo0
10.8.0.0/24        10.8.0.2           UGS         0      134   tun0
10.8.0.1           link#6             UHS         0        0    lo0
10.8.0.2           link#6             UH          0        0   tun0
64.141.147.0/24    link#1             U           0        0    em0
64.141.147.212     link#1             UHS         0        0    lo0
127.0.0.1          link#4             UH          0        0    lo0
client log

Code: Select all

2011-01-07 12:01:41 *Tunnelblick: OS X 10.6.6; Tunnelblick 3.1.2 (build 2190.2258); OpenVPN 2.1.4
2011-01-07 12:01:45 *Tunnelblick: Attempting connection with config; Set nameserver = 1; monitoring connection
2011-01-07 12:01:45 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start config.ovpn 1338 1 0 0 0 49
2011-01-07 12:01:45 us=647628 Current Parameter Settings:
2011-01-07 12:01:45 us=647819   config = '/Users/iceberg/Library/Application Support/Tunnelblick/Configurations/config.ovpn'
2011-01-07 12:01:45 us=647831   mode = 0
2011-01-07 12:01:45 us=647841   show_ciphers = DISABLED
2011-01-07 12:01:45 us=647850   show_digests = DISABLED
2011-01-07 12:01:45 us=647859   show_engines = DISABLED
2011-01-07 12:01:45 us=647868   genkey = DISABLED
2011-01-07 12:01:45 us=647878   key_pass_file = '[UNDEF]'
2011-01-07 12:01:45 us=647887   show_tls_ciphers = DISABLED
2011-01-07 12:01:45 us=647896 Connection profiles [default]:
2011-01-07 12:01:45 us=647906   proto = udp
2011-01-07 12:01:45 us=647919   local = '[UNDEF]'
2011-01-07 12:01:45 us=647929   local_port = 0
2011-01-07 12:01:45 us=647939   remote = '64.141.147.212'
2011-01-07 12:01:45 us=647948   remote_port = 1194
2011-01-07 12:01:45 us=647957   remote_float = DISABLED
2011-01-07 12:01:45 us=647966   bind_defined = DISABLED
2011-01-07 12:01:45 us=647975   bind_local = DISABLED
2011-01-07 12:01:45 us=647985   connect_retry_seconds = 5
2011-01-07 12:01:45 us=647994   connect_timeout = 10
2011-01-07 12:01:45 us=648004   connect_retry_max = 0
2011-01-07 12:01:45 us=648013   socks_proxy_server = '[UNDEF]'
2011-01-07 12:01:45 us=648022   socks_proxy_port = 0
2011-01-07 12:01:45 us=648032   socks_proxy_retry = DISABLED
2011-01-07 12:01:45 us=648041 Connection profiles END
2011-01-07 12:01:45 us=648050   remote_random = DISABLED
2011-01-07 12:01:45 us=648059   ipchange = '[UNDEF]'
2011-01-07 12:01:45 us=648068   dev = 'tun'
2011-01-07 12:01:45 us=648078   dev_type = '[UNDEF]'
2011-01-07 12:01:45 us=648087   dev_node = '[UNDEF]'
2011-01-07 12:01:45 us=648096   lladdr = '[UNDEF]'
2011-01-07 12:01:45 us=648106   topology = 1
2011-01-07 12:01:45 us=648115   tun_ipv6 = DISABLED
2011-01-07 12:01:45 us=648124   ifconfig_local = '[UNDEF]'
2011-01-07 12:01:45 us=648133   ifconfig_remote_netmask = '[UNDEF]'
2011-01-07 12:01:45 us=648143   ifconfig_noexec = DISABLED
2011-01-07 12:01:45 us=648152   ifconfig_nowarn = DISABLED
2011-01-07 12:01:45 us=648161   shaper = 0
2011-01-07 12:01:45 us=648170   tun_mtu = 1500
2011-01-07 12:01:45 us=648180   tun_mtu_defined = ENABLED
2011-01-07 12:01:45 us=648189   link_mtu = 1500
2011-01-07 12:01:45 us=648198   link_mtu_defined = DISABLED
2011-01-07 12:01:45 us=648207   tun_mtu_extra = 0
2011-01-07 12:01:45 us=648217   tun_mtu_extra_defined = DISABLED
2011-01-07 12:01:45 us=648226   fragment = 0
2011-01-07 12:01:45 us=648235   mtu_discover_type = -1
2011-01-07 12:01:45 us=648244   mtu_test = 0
2011-01-07 12:01:45 us=648254   mlock = DISABLED
2011-01-07 12:01:45 us=648263   keepalive_ping = 0
2011-01-07 12:01:45 us=648272   keepalive_timeout = 0
2011-01-07 12:01:45 us=648281   inactivity_timeout = 0
2011-01-07 12:01:45 us=648291   ping_send_timeout = 0
2011-01-07 12:01:45 us=648300   ping_rec_timeout = 0
2011-01-07 12:01:45 us=648309   ping_rec_timeout_action = 0
2011-01-07 12:01:45 us=648319   ping_timer_remote = DISABLED
2011-01-07 12:01:45 us=648328   remap_sigusr1 = 0
2011-01-07 12:01:45 us=648337   explicit_exit_notification = 0
2011-01-07 12:01:45 us=648347   persist_tun = ENABLED
2011-01-07 12:01:45 us=648356   persist_local_ip = DISABLED
2011-01-07 12:01:45 us=648365   persist_remote_ip = DISABLED
2011-01-07 12:01:45 us=648374   persist_key = ENABLED
2011-01-07 12:01:45 us=648384   mssfix = 1450
2011-01-07 12:01:45 us=648393   passtos = DISABLED
2011-01-07 12:01:45 us=648402   resolve_retry_seconds = 1000000000
2011-01-07 12:01:45 us=648411   username = '[UNDEF]'
2011-01-07 12:01:45 us=648424   groupname = '[UNDEF]'
2011-01-07 12:01:45 us=648433   chroot_dir = '[UNDEF]'
2011-01-07 12:01:45 us=648442   cd_dir = '/Users/iceberg/Library/Application Support/Tunnelblick/Configurations'
2011-01-07 12:01:45 us=648463   writepid = '[UNDEF]'
2011-01-07 12:01:45 us=648473   up_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d'
2011-01-07 12:01:45 us=648482   down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d'
2011-01-07 12:01:45 us=648492   down_pre = DISABLED
2011-01-07 12:01:45 us=648501   up_restart = ENABLED
2011-01-07 12:01:45 us=648510   up_delay = DISABLED
2011-01-07 12:01:45 us=648520   daemon = ENABLED
2011-01-07 12:01:45 us=648529   inetd = 0
2011-01-07 12:01:45 us=648538   log = ENABLED
2011-01-07 12:01:45 us=648547   suppress_timestamps = DISABLED
2011-01-07 12:01:45 us=648557   nice = 0
2011-01-07 12:01:45 us=648566   verbosity = 4
2011-01-07 12:01:45 us=648575   mute = 0
2011-01-07 12:01:45 us=648584   gremlin = 0
2011-01-07 12:01:45 us=648594   status_file = '[UNDEF]'
2011-01-07 12:01:45 us=648603   status_file_version = 1
2011-01-07 12:01:45 us=648612   status_file_update_freq = 60
2011-01-07 12:01:45 us=648621   occ = ENABLED
2011-01-07 12:01:45 us=648631   rcvbuf = 65536
2011-01-07 12:01:45 us=648640   sndbuf = 65536
2011-01-07 12:01:45 us=648649   sockflags = 0
2011-01-07 12:01:45 us=648658   fast_io = DISABLED
2011-01-07 12:01:45 us=648667   lzo = 7
2011-01-07 12:01:45 us=648676   route_script = '[UNDEF]'
2011-01-07 12:01:45 us=648686   route_default_gateway = '[UNDEF]'
2011-01-07 12:01:45 us=648695   route_default_metric = 0
2011-01-07 12:01:45 us=648704   route_noexec = DISABLED
2011-01-07 12:01:45 us=648713   route_delay = 0
2011-01-07 12:01:45 us=648723   route_delay_window = 30
2011-01-07 12:01:45 us=648732   route_delay_defined = DISABLED
2011-01-07 12:01:45 us=648741   route_nopull = DISABLED
2011-01-07 12:01:45 us=648750   route_gateway_via_dhcp = DISABLED
2011-01-07 12:01:45 us=648760   max_routes = 100
2011-01-07 12:01:45 us=648769   allow_pull_fqdn = DISABLED
2011-01-07 12:01:45 us=648779   management_addr = '127.0.0.1'
2011-01-07 12:01:45 us=648789   management_port = 1338
2011-01-07 12:01:45 us=648799   management_user_pass = '[UNDEF]'
2011-01-07 12:01:45 us=648808   management_log_history_cache = 250
2011-01-07 12:01:45 us=648818   management_echo_buffer_size = 100
2011-01-07 12:01:45 us=648828   management_write_peer_info_file = '[UNDEF]'
2011-01-07 12:01:45 us=648838   management_client_user = '[UNDEF]'
2011-01-07 12:01:45 us=648848   management_client_group = '[UNDEF]'
2011-01-07 12:01:45 us=648858   management_flags = 6
2011-01-07 12:01:45 us=648868   shared_secret_file = '[UNDEF]'
2011-01-07 12:01:45 us=648878   key_direction = 0
2011-01-07 12:01:45 us=648887   ciphername_defined = ENABLED
2011-01-07 12:01:45 us=648897   ciphername = 'BF-CBC'
2011-01-07 12:01:45 us=648906   authname_defined = ENABLED
2011-01-07 12:01:45 us=648916   authname = 'SHA1'
2011-01-07 12:01:45 us=648929   prng_hash = 'SHA1'
2011-01-07 12:01:45 us=648939   prng_nonce_secret_len = 16
2011-01-07 12:01:45 us=648951   keysize = 0
2011-01-07 12:01:45 us=648961   engine = DISABLED
2011-01-07 12:01:45 us=648971   replay = ENABLED
2011-01-07 12:01:45 us=648980   mute_replay_warnings = DISABLED
2011-01-07 12:01:45 us=648990   replay_window = 64
2011-01-07 12:01:45 us=649000   replay_time = 15
2011-01-07 12:01:45 us=649009   packet_id_file = '[UNDEF]'
2011-01-07 12:01:45 us=649019   use_iv = ENABLED
2011-01-07 12:01:45 us=649028   test_crypto = DISABLED
2011-01-07 12:01:45 us=649038   tls_server = DISABLED
2011-01-07 12:01:45 us=649048   tls_client = ENABLED
2011-01-07 12:01:45 us=649057   key_method = 2
2011-01-07 12:01:45 us=649067   ca_file = '/Users/iceberg/.keys/ca.crt'
2011-01-07 12:01:45 us=649077   ca_path = '[UNDEF]'
2011-01-07 12:01:45 us=649086   dh_file = '[UNDEF]'
2011-01-07 12:01:45 us=649107   cert_file = '/Users/iceberg/.keys/client.crt'
2011-01-07 12:01:45 us=649117   priv_key_file = '/Users/iceberg/.keys/client.key'
2011-01-07 12:01:45 us=649127   pkcs12_file = '[UNDEF]'
2011-01-07 12:01:45 us=649136   cipher_list = '[UNDEF]'
2011-01-07 12:01:45 us=649146   tls_verify = '[UNDEF]'
2011-01-07 12:01:45 us=649155   tls_remote = '[UNDEF]'
2011-01-07 12:01:45 us=649165   crl_file = '[UNDEF]'
2011-01-07 12:01:45 us=649174   ns_cert_type = 0
2011-01-07 12:01:45 us=649184   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649193   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649203   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649213   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649222   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649232   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649241   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649251   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649260   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649270   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649279   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649289   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649298   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649307   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649317   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649327   remote_cert_ku[i] = 0
2011-01-07 12:01:45 us=649336   remote_cert_eku = '[UNDEF]'
2011-01-07 12:01:45 us=649346   tls_timeout = 2
2011-01-07 12:01:45 us=649356   renegotiate_bytes = 0
2011-01-07 12:01:45 us=649365   renegotiate_packets = 0
2011-01-07 12:01:45 us=649375   renegotiate_seconds = 3600
2011-01-07 12:01:45 us=649385   handshake_window = 60
2011-01-07 12:01:45 us=649394   transition_window = 3600
2011-01-07 12:01:45 us=649404   single_session = DISABLED
2011-01-07 12:01:45 us=649413   push_peer_info = DISABLED
2011-01-07 12:01:45 us=649423   tls_exit = DISABLED
2011-01-07 12:01:45 us=649433   tls_auth_file = '[UNDEF]'
2011-01-07 12:01:45 us=649443   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649452   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649462   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649472   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649482   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649492   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649501   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649511   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649521   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649531   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649540   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649550   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649560   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649570   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649579   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649589   pkcs11_protected_authentication = DISABLED
2011-01-07 12:01:45 us=649599   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649609   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649619   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649629   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649639   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649649   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649659   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649669   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649678   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649688   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649708   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649718   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649728   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649738   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649747   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649757   pkcs11_private_mode = 00000000
2011-01-07 12:01:45 us=649767   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649777   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649786   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649796   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649806   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649815   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649825   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649834   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649844   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649853   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649863   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649873   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649883   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649897   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649907   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649917   pkcs11_cert_private = DISABLED
2011-01-07 12:01:45 us=649927   pkcs11_pin_cache_period = -1
2011-01-07 12:01:45 us=649937   pkcs11_id = '[UNDEF]'
2011-01-07 12:01:45 us=649947   pkcs11_id_management = DISABLED
2011-01-07 12:01:45 us=649963   server_network = 0.0.0.0
2011-01-07 12:01:45 us=649974   server_netmask = 0.0.0.0
2011-01-07 12:01:45 us=649989   server_bridge_ip = 0.0.0.0
2011-01-07 12:01:45 us=650000   server_bridge_netmask = 0.0.0.0
2011-01-07 12:01:45 us=650011   server_bridge_pool_start = 0.0.0.0
2011-01-07 12:01:45 us=650021   server_bridge_pool_end = 0.0.0.0
2011-01-07 12:01:45 us=650031   ifconfig_pool_defined = DISABLED
2011-01-07 12:01:45 us=650042   ifconfig_pool_start = 0.0.0.0
2011-01-07 12:01:45 us=650052   ifconfig_pool_end = 0.0.0.0
2011-01-07 12:01:45 us=650063   ifconfig_pool_netmask = 0.0.0.0
2011-01-07 12:01:45 us=650072   ifconfig_pool_persist_filename = '[UNDEF]'
2011-01-07 12:01:45 us=650082   ifconfig_pool_persist_refresh_freq = 600
2011-01-07 12:01:45 us=650092   n_bcast_buf = 256
2011-01-07 12:01:45 us=650102   tcp_queue_limit = 64
2011-01-07 12:01:45 us=650111   real_hash_size = 256
2011-01-07 12:01:45 us=650121   virtual_hash_size = 256
2011-01-07 12:01:45 us=650130   client_connect_script = '[UNDEF]'
2011-01-07 12:01:45 us=650140   learn_address_script = '[UNDEF]'
2011-01-07 12:01:45 us=650150   client_disconnect_script = '[UNDEF]'
2011-01-07 12:01:45 us=650159   client_config_dir = '[UNDEF]'
2011-01-07 12:01:45 us=650169   ccd_exclusive = DISABLED
2011-01-07 12:01:45 us=650178   tmp_dir = '[UNDEF]'
2011-01-07 12:01:45 us=650188   push_ifconfig_defined = DISABLED
2011-01-07 12:01:45 us=650199   push_ifconfig_local = 0.0.0.0
2011-01-07 12:01:45 us=650209   push_ifconfig_remote_netmask = 0.0.0.0
2011-01-07 12:01:45 us=650219   enable_c2c = DISABLED
2011-01-07 12:01:45 us=650228   duplicate_cn = DISABLED
2011-01-07 12:01:45 us=650238   cf_max = 0
2011-01-07 12:01:45 us=650248   cf_per = 0
2011-01-07 12:01:45 us=650258   max_clients = 1024
2011-01-07 12:01:45 us=650267   max_routes_per_client = 256
2011-01-07 12:01:45 us=650277   auth_user_pass_verify_script = '[UNDEF]'
2011-01-07 12:01:45 us=650287   auth_user_pass_verify_script_via_file = DISABLED
2011-01-07 12:01:45 us=650297   ssl_flags = 0
2011-01-07 12:01:45 us=650306   port_share_host = '[UNDEF]'
2011-01-07 12:01:45 us=650316   port_share_port = 0
2011-01-07 12:01:45 us=650325   client = ENABLED
2011-01-07 12:01:45 us=650345   pull = ENABLED
2011-01-07 12:01:45 us=650355   auth_user_pass_file = '[UNDEF]'
2011-01-07 12:01:45 us=650370 OpenVPN 2.1.4 i386-apple-darwin10.5.0 [SSL] [LZO2] [PKCS11] built on Dec  9 2010
2011-01-07 12:01:45 us=650486 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338
2011-01-07 12:01:45 us=651020 Need hold release from management interface, waiting...
2011-01-07 12:01:45 us=781977 MANAGEMENT: Client connected from 127.0.0.1:1338
2011-01-07 12:01:45 us=816175 MANAGEMENT: CMD 'pid'
2011-01-07 12:01:45 us=816410 MANAGEMENT: CMD 'state on'
2011-01-07 12:01:45 us=816456 MANAGEMENT: CMD 'state'
2011-01-07 12:01:45 us=816540 MANAGEMENT: CMD 'hold release'
2011-01-07 12:01:45 us=816790 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2011-01-07 12:01:45 us=816804 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2011-01-07 12:01:45 us=817642 WARNING: file '/Users/iceberg/.keys/client.key' is group or others accessible
2011-01-07 12:01:45 us=818289 LZO compression initialized
2011-01-07 12:01:45 us=818498 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2011-01-07 12:01:45 us=818563 Socket Buffers: R=[42080->65536] S=[9216->65536]
2011-01-07 12:01:45 us=818582 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2011-01-07 12:01:45 us=818602 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2011-01-07 12:01:45 us=818613 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2011-01-07 12:01:45 us=818634 Local Options hash (VER=V4): '41690919'
2011-01-07 12:01:45 us=818650 Expected Remote Options hash (VER=V4): '530fdded'
2011-01-07 12:01:45 us=818670 UDPv4 link local: [undef]
2011-01-07 12:01:45 us=818688 UDPv4 link remote: 64.141.147.212:1194
2011-01-07 12:01:45 us=818730 MANAGEMENT: >STATE:1294419705,WAIT,,,
2011-01-07 12:01:45 us=887123 MANAGEMENT: >STATE:1294419705,AUTH,,,
2011-01-07 12:01:45 us=887193 TLS: Initial packet from 64.141.147.212:1194, sid=385c481e 56f1200e
2011-01-07 12:01:45 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn --cd /Users/iceberg/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1338 --config /Users/iceberg/Library/Application Support/Tunnelblick/Configurations/config.ovpn --log /tmp/tunnelblick/logs/-SUsers-Siceberg-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sconfig.ovpn.1_0_0_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d --up-restart
2011-01-07 12:01:46 us=428839 VERIFY OK: depth=1, /C=US/ST=IN/L=Marion/O=vpnserver/OU=vpnserver/CN=vpnserver/name=vpnserver/emailAddress=support@onbuso.net
2011-01-07 12:01:46 us=429813 VERIFY OK: depth=0, /C=US/ST=IN/L=Marion/O=vpnserver/OU=vpnserver/CN=server/name=vpnserver/emailAddress=support@onbuso.net
2011-01-07 12:01:47 us=516610 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-01-07 12:01:47 us=517022 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-01-07 12:01:47 us=517108 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2011-01-07 12:01:47 us=517131 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2011-01-07 12:01:47 us=517187 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2011-01-07 12:01:47 us=517233 [server] Peer Connection Initiated with 64.141.147.212:1194
2011-01-07 12:01:48 us=574089 MANAGEMENT: >STATE:1294419708,GET_CONFIG,,,
2011-01-07 12:01:49 us=631117 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2011-01-07 12:01:49 us=702525 PUSH: Received control message: 'PUSH_REPLY,route 10.2.2.0 255.255.255.0,route 10.8.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2011-01-07 12:01:49 us=702661 OPTIONS IMPORT: timers and/or timeouts modified
2011-01-07 12:01:49 us=702682 OPTIONS IMPORT: --ifconfig/up options modified
2011-01-07 12:01:49 us=702697 OPTIONS IMPORT: route options modified
2011-01-07 12:01:49 us=702853 ROUTE default_gateway=192.168.0.1
2011-01-07 12:01:49 us=703083 TUN/TAP device /dev/tun0 opened
2011-01-07 12:01:49 us=703118 MANAGEMENT: >STATE:1294419709,ASSIGN_IP,,10.8.0.6,
2011-01-07 12:01:49 us=703150 /sbin/ifconfig tun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2011-01-07 12:01:49 us=707389 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2011-01-07 12:01:49 us=707461 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2011-01-07 12:01:49 us=710334 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d tun0 1500 1542 10.8.0.6 10.8.0.5 init
2011-01-07 12:01:49 us=770716 MANAGEMENT: >STATE:1294419709,ADD_ROUTES,,,
2011-01-07 12:01:49 us=770822 /sbin/route add -net 10.2.2.0 10.8.0.5 255.255.255.0
                                        add net 10.2.2.0: gateway 10.8.0.5
2011-01-07 12:01:49 us=778994 /sbin/route add -net 10.8.0.0 10.8.0.5 255.255.255.0
                                        add net 10.8.0.0: gateway 10.8.0.5
2011-01-07 12:01:49 us=787225 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
                                        add net 10.8.0.1: gateway 10.8.0.5
2011-01-07 12:01:49 us=802545 Initialization Sequence Completed
2011-01-07 12:01:49 us=802721 MANAGEMENT: >STATE:1294419709,CONNECTED,SUCCESS,10.8.0.6,64.141.147.212
2011-01-07 12:01:49 *Tunnelblick client.up.tunnelblick.sh: No network configuration changes need to be made
2011-01-07 12:01:49 *Tunnelblick client.up.tunnelblick.sh: Will NOT monitor for other network configuration changes
2011-01-07 12:01:49 *Tunnelblick: Flushed the DNS cache
Top
User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: OpenVPN routing issues?

Post by krzee » Thu Jan 13, 2011 10:07 am

[06:07] <vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-sourc ... ml#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior by reading !topology, or (#3) so by default, first client is .6, then .10 .14 .18 etc etc

that is why it makes routes to .5
if you care, put

Code: Select all

topology subnet
in the server config
you can remove

Code: Select all

route 10.8.0.0 255.255.255.0
from the server config

did you say you are trying to browse the web over the vpn?
would this be a site on the server, or the internet?
Top
Post Reply

Return to “Configuration”