I have a dedicated server on Debian with openvpn but I have a problem : the client keeps the same ip.
I followed this tutorial (in French): http://blog.nicolargo.com/2010/10/insta ... buntu.html
Here is the client log:
And the server log:2014-06-11 10:49:27 *Tunnelblick: OS X 10.9.3; Tunnelblick 3.4beta26 (build 3828); prior version 3.4beta24 (build 3806)
2014-06-11 10:49:27 *Tunnelblick: Attempting connection with macbookpro using shadow copy; Set nameserver = 1; monitoring connection
2014-06-11 10:49:27 *Tunnelblick: openvpnstart start macbookpro.tblk 1337 1 0 1 0 16689 -ptADGNWradsgnw 2.2.1
2014-06-11 10:49:27 *Tunnelblick: openvpnstart log:
Tunnelblick: Loading tun-signed.kext
Tunnelblick:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Saurelien-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smacbookpro.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16689.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/aurelien/macbookpro.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/aurelien/macbookpro.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/aurelien/macbookpro.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
2014-06-11 10:49:27 *Tunnelblick: Established communication with OpenVPN
2014-06-11 10:49:27 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on May 2 2014
2014-06-11 10:49:27 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2014-06-11 10:49:27 Need hold release from management interface, waiting...
2014-06-11 10:49:27 MANAGEMENT: Client connected from 127.0.0.1:1337
2014-06-11 10:49:27 MANAGEMENT: CMD 'pid'
2014-06-11 10:49:27 MANAGEMENT: CMD 'state on'
2014-06-11 10:49:27 MANAGEMENT: CMD 'state'
2014-06-11 10:49:27 MANAGEMENT: CMD 'bytecount 1'
2014-06-11 10:49:27 MANAGEMENT: CMD 'hold release'
2014-06-11 10:49:27 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2014-06-11 10:49:27 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-06-11 10:49:27 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
2014-06-11 10:49:27 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-11 10:49:27 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-11 10:49:27 LZO compression initialized
2014-06-11 10:49:27 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
2014-06-11 10:49:27 Socket Buffers: R=[131072->65536] S=[131072->65536]
2014-06-11 10:49:27 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
2014-06-11 10:49:27 Local Options hash (VER=V4): '2f2c6498'
2014-06-11 10:49:27 Expected Remote Options hash (VER=V4): '9915e4a2'
2014-06-11 10:49:27 Attempting to establish TCP connection with #proxy_ip#:#proxy_port# [nonblock]
2014-06-11 10:49:27 MANAGEMENT: >STATE:1402476567,TCP_CONNECT,,,
2014-06-11 10:49:27 *Tunnelblick: openvpnstart starting OpenVPN
2014-06-11 10:49:28 TCP connection established with #proxy_ip#:#proxy_port#
2014-06-11 10:49:28 Send to HTTP proxy: 'CONNECT #server_ip#:443 HTTP/1.0'
2014-06-11 10:49:28 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
2014-06-11 10:49:30 TCPv4_CLIENT link local: [undef]
2014-06-11 10:49:30 TCPv4_CLIENT link remote: #proxy_ip#:#proxy_port#
2014-06-11 10:49:30 MANAGEMENT: >STATE:1402476570,WAIT,,,
2014-06-11 10:49:30 MANAGEMENT: >STATE:1402476570,AUTH,,,
2014-06-11 10:49:30 TLS: Initial packet from #proxy_ip#:#proxy_port#, sid=e538b080 2846e1d3
2014-06-11 10:49:30 VERIFY OK: depth=1, /C=FR/ST=06/L=Paris/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
2014-06-11 10:49:30 VERIFY OK: depth=0, /C=FR/ST=06/L=Paris/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
2014-06-11 10:49:31 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2014-06-11 10:49:31 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-11 10:49:31 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2014-06-11 10:49:31 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-11 10:49:31 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-06-11 10:49:31 [changeme] Peer Connection Initiated with #proxy_ip#:#proxy_port#
2014-06-11 10:49:32 MANAGEMENT: >STATE:1402476572,GET_CONFIG,,,
2014-06-11 10:49:33 SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1)
2014-06-11 10:49:33 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2014-06-11 10:49:33 OPTIONS IMPORT: timers and/or timeouts modified
2014-06-11 10:49:33 OPTIONS IMPORT: --ifconfig/up options modified
2014-06-11 10:49:33 OPTIONS IMPORT: route options modified
2014-06-11 10:49:33 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2014-06-11 10:49:33 ROUTE default_gateway=172.16.95.1
2014-06-11 10:49:33 TUN/TAP device /dev/tun0 opened
2014-06-11 10:49:33 MANAGEMENT: >STATE:1402476573,ASSIGN_IP,,10.8.0.6,
2014-06-11 10:49:33 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2014-06-11 10:49:33 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2014-06-11 10:49:33 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2014-06-11 10:49:33 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw tun0 1500 1560 10.8.0.6 10.8.0.5 init
**********************************************
Start of output from client.up.tunnelblick.sh
Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Set ServerAddresses to 208.67.222.222 208.67.220.220
Set SearchDomains to openvpn
Set DomainName to openvpn
Flushed the DNS Cache
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2014-06-11 10:49:36 *Tunnelblick: No 'connected.sh' script to execute
2014-06-11 10:49:36 /sbin/route add -net #proxy_ip# 172.16.95.1 255.255.255.255
add net #proxy_ip#: gateway 172.16.95.1
2014-06-11 10:49:36 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.5
2014-06-11 10:49:36 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.5
2014-06-11 10:49:36 MANAGEMENT: >STATE:1402476576,ADD_ROUTES,,,
2014-06-11 10:49:36 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.5
2014-06-11 10:49:36 Initialization Sequence Completed
2014-06-11 10:49:36 MANAGEMENT: >STATE:1402476576,CONNECTED,SUCCESS,10.8.0.6,#proxy_ip#
2014-06-11 10:49:41 *Tunnelblick process-network-changes: A system configuration change was ignored
2014-06-11 10:49:41 *Tunnelblick: This computer's apparent public IP address (#client_ip#) was unchanged after the connection was made
I have a friend with a raspberry pi at home and the tutorial worked well for him.Wed Jun 11 10:56:07 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Wed Jun 11 10:56:07 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jun 11 10:56:07 2014 Diffie-Hellman initialized with 1024 bit key
Wed Jun 11 10:56:07 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Jun 11 10:56:07 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 11 10:56:07 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 11 10:56:07 2014 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Jun 11 10:56:07 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Jun 11 10:56:07 2014 ROUTE default_gateway=#server_ip#
Wed Jun 11 10:56:07 2014 TUN/TAP device tun0 opened
Wed Jun 11 10:56:07 2014 TUN/TAP TX queue length set to 100
Wed Jun 11 10:56:07 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jun 11 10:56:07 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Jun 11 10:56:07 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Jun 11 10:56:07 2014 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 11 08:56:07 2014 chroot to '/etc/openvpn/jail' and cd to '/' succeeded
Wed Jun 11 08:56:07 2014 GID set to nogroup
Wed Jun 11 08:56:07 2014 UID set to nobody
Wed Jun 11 08:56:07 2014 Listening for incoming TCP connection on [undef]
Wed Jun 11 08:56:07 2014 TCPv4_SERVER link local (bound): [undef]
Wed Jun 11 08:56:07 2014 TCPv4_SERVER link remote: [undef]
Wed Jun 11 08:56:07 2014 MULTI: multi_init called, r=256 v=256
Wed Jun 11 08:56:07 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Jun 11 08:56:07 2014 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Jun 11 08:56:07 2014 Initialization Sequence Completed
Wed Jun 11 08:56:22 2014 MULTI: multi_create_instance called
Wed Jun 11 08:56:22 2014 Re-using SSL/TLS context
Wed Jun 11 08:56:22 2014 LZO compression initialized
Wed Jun 11 08:56:22 2014 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Jun 11 08:56:22 2014 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 11 08:56:22 2014 Local Options hash (VER=V4): '9915e4a2'
Wed Jun 11 08:56:22 2014 Expected Remote Options hash (VER=V4): '2f2c6498'
Wed Jun 11 08:56:22 2014 TCP connection established with [AF_INET]#client_ip#:49650
Wed Jun 11 08:56:22 2014 TCPv4_SERVER link local: [undef]
Wed Jun 11 08:56:22 2014 TCPv4_SERVER link remote: [AF_INET]#client_ip#:49650
Wed Jun 11 08:56:24 2014 #client_ip#:49650 TLS: Initial packet from [AF_INET]#client_ip#:49650, sid=e21adcc6 2b48caa7
Wed Jun 11 08:56:25 2014 #client_ip#:49650 VERIFY OK: depth=1, /C=FR/ST=06/L=Paris/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Wed Jun 11 08:56:25 2014 #client_ip#:49650 VERIFY OK: depth=0, /C=FR/ST=06/L=Paris/O=Fort-Funston/OU=changeme/CN=macbookpro/name=changeme/emailAddress=mail@host.domain
Wed Jun 11 08:56:25 2014 #client_ip#:49650 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Jun 11 08:56:25 2014 #client_ip#:49650 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 11 08:56:25 2014 #client_ip#:49650 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Jun 11 08:56:25 2014 #client_ip#:49650 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 11 08:56:25 2014 #client_ip#:49650 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jun 11 08:56:25 2014 #client_ip#:49650 [macbookpro] Peer Connection Initiated with [AF_INET]#client_ip#:49650
Wed Jun 11 08:56:25 2014 macbookpro/#client_ip#:49650 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=1::1e00:0:827f:0
Wed Jun 11 08:56:25 2014 macbookpro/#client_ip#:49650 MULTI: Learn: 10.8.0.6 -> macbookpro/#client_ip#:49650
Wed Jun 11 08:56:25 2014 macbookpro/#client_ip#:49650 MULTI: primary virtual IP for macbookpro/#client_ip#:49650: 10.8.0.6
Wed Jun 11 08:56:31 2014 macbookpro/#client_ip#:49650 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jun 11 08:56:31 2014 macbookpro/#client_ip#:49650 send_push_reply(): safe_cap=960
Wed Jun 11 08:56:31 2014 macbookpro/#client_ip#:49650 SENT CONTROL [macbookpro]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
What is the problem?
Thank you for your help
