Newbie Baffled - possibly "ipv4 not canonical" thing
Posted: Wed May 07, 2014 11:26 am
Hi guys
Have fought for a good week or so - could I ask anyone to take a look at my OpenVPN Connect log file for any clues? I'm fairly experienced amateur, but networking is new to me - Linux too.
I have a wireless home network in which I am trying to set up a Raspberry Pi as an OpenVPN server. The Pi is at 192.168.0.32 (static) and the network IPs are all 192.168.0.X, I am trying to connect from my iPhone 4S which is itself connected to the wireless network (switching off wifi and connecting via moble internet produces a very similar result (some minor differences in the NET reachable bit). I am able to connect to the VPN (apparently, according to the client app), but not to access the internet, nor (I think) the other devices on the network.
I have changed some personal information, and XX.XX.XX.XX is always the EXTERNAL IP of my network. Internal IPs are not disguised. (EDIT: My external IP address is strictly dynamic rather than static, but it hasn't changed for months - I even have a domain name pointing it and a functioning IMAP server. Is this a problem?)
So.... what looks fishy here? I have spotted an obvious error - it refers to 192.168.0.32 and 'not canonical', but changing all references to that IP address that I can find in the OpenVPN configuration still returns this error in the logfile. I have forwarded port 1194 to that address, and obviously the Pi knows itself to have that address.
Not expecting a detailed answer, but I suspect that the smarter amongst you will see the problem straight away.
Many thanks,
Andy
Oh,lastly, I have been broadly following this tutorial (it's the only one that gets even a connection!):
http://readwrite.com/2014/04/10/raspber ... b-browsing
This is the OpenVPN Connect app logfile:
This is my server configuration file (/etc/openvpn/server.conf)
Have fought for a good week or so - could I ask anyone to take a look at my OpenVPN Connect log file for any clues? I'm fairly experienced amateur, but networking is new to me - Linux too.
I have a wireless home network in which I am trying to set up a Raspberry Pi as an OpenVPN server. The Pi is at 192.168.0.32 (static) and the network IPs are all 192.168.0.X, I am trying to connect from my iPhone 4S which is itself connected to the wireless network (switching off wifi and connecting via moble internet produces a very similar result (some minor differences in the NET reachable bit). I am able to connect to the VPN (apparently, according to the client app), but not to access the internet, nor (I think) the other devices on the network.
I have changed some personal information, and XX.XX.XX.XX is always the EXTERNAL IP of my network. Internal IPs are not disguised. (EDIT: My external IP address is strictly dynamic rather than static, but it hasn't changed for months - I even have a domain name pointing it and a functioning IMAP server. Is this a problem?)
So.... what looks fishy here? I have spotted an obvious error - it refers to 192.168.0.32 and 'not canonical', but changing all references to that IP address that I can find in the OpenVPN configuration still returns this error in the logfile. I have forwarded port 1194 to that address, and obviously the Pi knows itself to have that address.
Not expecting a detailed answer, but I suspect that the smarter amongst you will see the problem straight away.
Many thanks,
Andy
Oh,lastly, I have been broadly following this tutorial (it's the only one that gets even a connection!):
http://readwrite.com/2014/04/10/raspber ... b-browsing
This is the OpenVPN Connect app logfile:
Code: Select all
2014-05-07 11:22:59 ----- OpenVPN Start (iOS 32-bit) -----
2014-05-07 11:22:59 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [mute-replay-warnings]
13 [verb] [1]
14 [mute] [20]
2014-05-07 11:22:59 LZO-ASYM init swap=0 asym=0
2014-05-07 11:22:59 EVENT: RESOLVE
2014-05-07 11:22:59 Contacting XX.XX.XX.XX:1194 via UDP
2014-05-07 11:22:59 EVENT: WAIT
2014-05-07 11:22:59 Connecting to XX.XX.XX.XX:1194 (XX.XX.XX.XX) via UDPv4
2014-05-07 11:22:59 EVENT: CONNECTING
2014-05-07 11:22:59 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2014-05-07 11:22:59 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2014-05-07 11:22:59 VERIFY OK: depth=1
cert. version : 3
serial number : 84:A7:95:9B:DE:ED:15:43
issuer name : C=XX, ST=Xxxxxx, L=Xxxxxxxxxx, O=XxxxxXxxxx, OU=Xxxxx, CN=XxxxxxxxXxxx, 0x29=Xxxxx Xxxxxx, emailAddress=xxxx@xxxxxxx.xxx
subject name : C=XX, ST=Xxxxxx, L=Xxxxxxxxxx, O=XxxxxXxxxx, OU=Xxxxx, CN=XxxxxxxxXxxx, 0x29=Xxxxx Xxxxxx, emailAddress=xxxx@xxxxxxx.xxx
issued on : 2014-05-04 16:38:53
expires on : 2024-05-01 16:38:53
signed using : RSA+SHA1
RSA key size : 1024 bits
2014-05-07 11:22:59 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=XX, ST=Xxxxxx, L=Xxxxxxxxxx, O=XxxxxXxxxx, OU=Xxxxx, CN=XxxxxxxxXxxx, 0x29=Xxxxx Xxxxxx, emailAddress=xxxx@xxxxxxx.xxx
subject name : C=XX, ST=Xxxxxx, L=Xxxxxxxxxx, O=XxxxxXxxxx, OU=Xxxxx, CN=XxxxxxxxXxxx, 0x29=Xxxxx Xxxxxx, emailAddress=xxxx@xxxxxxx.xxx
issued on : 2014-05-04 16:40:30
expires on : 2024-05-01 16:40:30
signed using : RSA+SHA1
RSA key size : 1024 bits
2014-05-07 11:23:00 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2014-05-07 11:23:00 Session is ACTIVE
2014-05-07 11:23:01 EVENT: GET_CONFIG
2014-05-07 11:23:01 Sending PUSH_REQUEST to server...
2014-05-07 11:23:01 OPTIONS:
0 [route] [10.8.0.1] [255.255.255.255]
1 [route] [10.8.0.0] [255.255.255.0]
2 [route] [192.168.0.32] [255.255.255.0]
3 [dhcp-option] [DNS] [192.168.0.1]
4 [redirect-gateway] [def1]
5 [route] [10.8.0.0] [255.255.255.0]
6 [topology] [net30]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [10.8.0.6] [10.8.0.5]
2014-05-07 11:23:01 LZO-ASYM init swap=0 asym=0
2014-05-07 11:23:01 EVENT: ASSIGN_IP
2014-05-07 11:23:01 Error parsing IPv4 route: [route] [192.168.0.32] [255.255.255.0] : tun_builder_error: route is not canonical
2014-05-07 11:23:01 Connected via tun
2014-05-07 11:23:01 EVENT: CONNECTED @XX.XX.XX.XX:1194 (XX.XX.XX.XX) via /UDPv4 on tun/10.8.0.6/
2014-05-07 11:23:01 NET Internet:ReachableViaWiFi/-R t----l-
2014-05-07 11:23:07 TUN teardown
2014-05-07 11:23:07 EVENT: DISCONNECTED
2014-05-07 11:23:07 Raw stats on disconnect:
BYTES_IN : 5185
BYTES_OUT : 4685
PACKETS_IN : 40
PACKETS_OUT : 48
TUN_BYTES_IN : 399
TUN_PACKETS_IN : 6
2014-05-07 11:23:07 Performance stats on disconnect:
CPU usage (microseconds): 151721
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 65053
Tunnel bytes per CPU second: 2629
2014-05-07 11:23:07 ----- OpenVPN Stop -----
2014-05-07 11:23:07 NET Internet:NotReachable/-R tc---l-
Code: Select all
local 192.168.0.32
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt
key /etc/openvpn/easy-rsa/keys/Server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.32 255.255.255.0”
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1