I can connect to my Access Server from Windows and it works fine. When I try to connect from Linux it connects and gives me internett access for about 5-10 seconds. Using Debian on the server and the client.
as.conf:
Code: Select all
AS_CONNECT=true
tmp_dir=~/tmp
lic.dir=~/licenses
run_start_retry.give_up=60
run_start_retry.resample=10
sa.show_c2s_routes=true
certs_db=sqlite:///~/db/certs.db
user_prop_db=sqlite:///~/db/userprop.db
config_db=sqlite:///~/db/config.db
log_db=sqlite:///~/db/log.db
db_retry.interval=1
db_retry.n_attempts=6
boot_pam_service=openvpnas
boot_pam_users.0=openvpn
system_users_local.0=root
system_users_local.1=openvpn_as
cs.user=openvpn_as
cs.group=openvpn_as
general.sock_dir=~/sock
sa.win_exe_dir=~/exe
sa.company_name=OpenVPN Technologies, Inc.
sa.sock=~/sock/sagent
cs.auto_generate=true
cs.ca_bundle=~/web-ssl/ca.crt
cs.priv_key=~/web-ssl/server.key
cs.cert=~/web-ssl/server.crt
cs.dynamic_port_base=870
sa.initial_run_groups.0=web_group
sa.reactor=epoll
sa.unit=0
vpn.server.user=openvpn_as
vpn.server.group=openvpn_as
push "redirect-gateway def1"
Code: Select all
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote myexternalip 1194 udp
remote myexternalip 1194 udp
remote myexternalip 443 tcp
remote myexternalip 1194 udp
remote myexternalip 1194 udp
remote myexternalip 1194 udp
remote myexternalip 1194 udp
remote myexternalip 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
pull dhcp-options
<ca>
-----BEGIN CERTIFICATE-----
x
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
x
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
x
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
x
-----END OpenVPN Static key V1-----
</tls-auth>
Code: Select all
root@debian:/home/nei# openvpn --config /home/client.ovpn
Wed Sep 11 02:50:44 2013 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)]
built on Jun 19 2013
Enter Auth Username:openvpn
Enter Auth Password:
Wed Sep 11 02:50:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Sep 11 02:50:57 2013 Control Channel Authentication: tls-auth using INLINE static key file
Wed Sep 11 02:50:57 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 11 02:50:57 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 11 02:50:57 2013 LZO compression initialized
Wed Sep 11 02:50:57 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Sep 11 02:50:57 2013 Socket Buffers: R=[163840->200000] S=[163840->200000]
Wed Sep 11 02:50:57 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 11 02:50:57 2013 Local Options hash (VER=V4): '504e774e'
Wed Sep 11 02:50:57 2013 Expected Remote Options hash (VER=V4): '14168603'
Wed Sep 11 02:50:57 2013 UDPv4 link local: [undef]
Wed Sep 11 02:50:57 2013 UDPv4 link remote: [AF_INET]myexternalip:1194
Wed Sep 11 02:51:01 2013 Server poll timeout, restarting
Wed Sep 11 02:51:01 2013 TCP/UDP: Closing socket
Wed Sep 11 02:51:01 2013 SIGUSR1[soft,server_poll] received, process restarting
Wed Sep 11 02:51:01 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Sep 11 02:51:01 2013 Control Channel Authentication: tls-auth using INLINE static key file
Wed Sep 11 02:51:01 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 11 02:51:01 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 11 02:51:01 2013 LZO compression initialized
Wed Sep 11 02:51:01 2013 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Sep 11 02:51:01 2013 Socket Buffers: R=[87380->200000] S=[16384->200000]
Wed Sep 11 02:51:01 2013 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 11 02:51:01 2013 Local Options hash (VER=V4): 'ee93268d'
Wed Sep 11 02:51:01 2013 Expected Remote Options hash (VER=V4): 'bd577cd1'
Wed Sep 11 02:51:01 2013 Attempting to establish TCP connection with [AF_INET]myexternalip:443 [nonblock]
Wed Sep 11 02:51:02 2013 TCP connection established with [AF_INET]myexternalip:443
Wed Sep 11 02:51:02 2013 TCPv4_CLIENT link local: [undef]
Wed Sep 11 02:51:02 2013 TCPv4_CLIENT link remote: [AF_INET]myexternalip:443
Wed Sep 11 02:51:02 2013 TLS: Initial packet from [AF_INET]myexternalip:443, sid=9a4eac0a 2e138a52
Wed Sep 11 02:51:02 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Sep 11 02:51:02 2013 VERIFY OK: depth=1, /CN=OpenVPN_CA
Wed Sep 11 02:51:02 2013 VERIFY OK: nsCertType=SERVER
Wed Sep 11 02:51:02 2013 VERIFY OK: depth=0, /CN=OpenVPN_Server
Wed Sep 11 02:51:02 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 11 02:51:02 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 11 02:51:02 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 11 02:51:02 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 11 02:51:02 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Sep 11 02:51:02 2013 [OpenVPN_Server] Peer Connection Initiated with [AF_INET]myexternalip:443
Wed Sep 11 02:51:04 2013 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
Wed Sep 11 02:51:04 2013 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-
release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,socket-flags TCP_NODELAY,redirect-gateway def1,redirect-gateway bypass-
dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.8.8,register-dns,auth-token
SESS_ID_7nzP0wLELbznMJYBZzY3Pw==,comp-lzo no,ifconfig 5.5.0.6 255.255.248.0'
Wed Sep 11 02:51:04 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.1)
Wed Sep 11 02:51:04 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.1)
Wed Sep 11 02:51:04 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.1)
Wed Sep 11 02:51:04 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:17: register-dns (2.2.1)
Wed Sep 11 02:51:04 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: auth-token (2.2.1)
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: LZO parms modified
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: --socket-flags option modified
Wed Sep 11 02:51:04 2013 Socket flags: TCP_NODELAY=1 succeeded
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: route options modified
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: route-related options modified
Wed Sep 11 02:51:04 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Sep 11 02:51:04 2013 ROUTE default_gateway=10.0.2.2
Wed Sep 11 02:51:04 2013 TUN/TAP device tun0 opened
Wed Sep 11 02:51:04 2013 TUN/TAP TX queue length set to 100
Wed Sep 11 02:51:04 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Sep 11 02:51:04 2013 /sbin/ifconfig tun0 5.5.0.6 netmask 255.255.248.0 mtu 1500 broadcast 5.5.7.255
Wed Sep 11 02:51:09 2013 /sbin/route add -net myexternalip netmask 255.255.255.255 gw 10.0.2.2
Wed Sep 11 02:51:09 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.5.0.1
Wed Sep 11 02:51:09 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.5.0.1
Wed Sep 11 02:51:09 2013 Initialization Sequence Completed
