Hi All,
I have a problem and I think I am missing something very simple.
I lost my VPN server with no backups and had to reinstall OpenVPN on a different box. Now Windows 7/Vista clients connect and work perfectly. Linux (Centos and Ubuntu) clients can connect but I can't even ping the vpn server from the client and vice versa.
My server config:
local 203.21.3.208
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 203.21.3.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
float
My client config:
client
dev tun
proto tcp
remote 203.21.3.208 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert devel.crt
key devel.key
comp-lzo
verb 4
I hope someone can show me what I am doing wrong! I feel that when I can successfully ping 10.10.0.1 it'll be fine!
Regards,
Steve
Linux client problem
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Linux client problem
Hello, Steve.
Post your client and server log corresponding to a failed connection and I'll see what I can do.
-Stephen
Post your client and server log corresponding to a failed connection and I'll see what I can do.
-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
SteveM
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Jan 11, 2011 3:50 am
Re: Linux client problem
Thanks a lot for your help, Stephen!gladiatr72 wrote:Hello, Steve.
Post your client and server log corresponding to a failed connection and I'll see what I can do.
-Stephen
The server log is:
Code: Select all
Jan 12 10:10:06 theodredold openvpn[28722]: MULTI: multi_create_instance called
Jan 12 10:10:06 theodredold openvpn[28722]: Re-using SSL/TLS context
Jan 12 10:10:06 theodredold openvpn[28722]: LZO compression initialized
Jan 12 10:10:06 theodredold openvpn[28722]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 12 10:10:06 theodredold openvpn[28722]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 12 10:10:06 theodredold openvpn[28722]: Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Jan 12 10:10:06 theodredold openvpn[28722]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Jan 12 10:10:06 theodredold openvpn[28722]: Local Options hash (VER=V4): 'c0103fa8'
Jan 12 10:10:06 theodredold openvpn[28722]: Expected Remote Options hash (VER=V4): '69109d17'
Jan 12 10:10:06 theodredold openvpn[28722]: TCP connection established with 120.151.35.193:58826
Jan 12 10:10:06 theodredold openvpn[28722]: TCPv4_SERVER link local: [undef]
Jan 12 10:10:06 theodredold openvpn[28722]: TCPv4_SERVER link remote: 120.151.35.193:58826
Jan 12 10:10:07 theodredold openvpn[28722]: 120.151.35.193:58826 TLS: Initial packet from 120.151.35.193:58826, sid=f907af34 32a84a79
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 VERIFY OK: depth=1, /C=AU/ST=VICTORIA/L=MELBOURNE/O=SportingPulse/CN=theodredold.sportingpulse.com/emailAddress=security@sportingpulse.com
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 VERIFY OK: depth=0, /C=AU/ST=VICTORIA/L=MELBOURNE/O=SportingPulse/CN=devel/name=devel/emailAddress=security@sportingpulse.com
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 12 10:10:08 theodredold openvpn[28722]: 120.151.35.193:58826 [devel] Peer Connection Initiated with 120.151.35.193:58826
Jan 12 10:10:08 theodredold openvpn[28722]: devel/120.151.35.193:58826 MULTI: Learn: 10.10.0.10 -> devel/120.151.35.193:58826
Jan 12 10:10:08 theodredold openvpn[28722]: devel/120.151.35.193:58826 MULTI: primary virtual IP for devel/120.151.35.193:58826: 10.10.0.10
Jan 12 10:10:10 theodredold openvpn[28722]: devel/120.151.35.193:58826 PUSH: Received control message: 'PUSH_REQUEST'
Jan 12 10:10:10 theodredold openvpn[28722]: devel/120.151.35.193:58826 SENT CONTROL [devel]: 'PUSH_REPLY,route 203.21.3.0 255.255.255.0,route 10.10.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.10.0.10 10.10.0.9' (status=1)
Jan 12 10:14:10 theodredold openvpn[28722]: devel/120.151.35.193:58826 [devel] Inactivity timeout (--ping-restart), restarting
Jan 12 10:14:10 theodredold openvpn[28722]: devel/120.151.35.193:58826 SIGUSR1[soft,ping-restart] received, client-instance restarting
Jan 12 10:14:10 theodredold openvpn[28722]: TCP/UDP: Closing socket
Code: Select all
Jan 12 10:10:06 devel openvpn[10250]: Current Parameter Settings:
Jan 12 10:10:06 devel openvpn[10250]: config = 'client.conf'
Jan 12 10:10:06 devel openvpn[10250]: mode = 0
Jan 12 10:10:06 devel openvpn[10250]: persist_config = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: persist_mode = 1
Jan 12 10:10:06 devel openvpn[10250]: show_ciphers = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: show_digests = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: show_engines = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: genkey = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: key_pass_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: show_tls_ciphers = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: Connection profiles [default]:
Jan 12 10:10:06 devel openvpn[10250]: proto = tcp-client
Jan 12 10:10:06 devel openvpn[10250]: local = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: local_port = 0
Jan 12 10:10:06 devel openvpn[10250]: remote = '203.21.3.208'
Jan 12 10:10:06 devel openvpn[10250]: remote_port = 1194
Jan 12 10:10:06 devel openvpn[10250]: remote_float = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: bind_defined = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: bind_local = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: connect_retry_seconds = 5
Jan 12 10:10:06 devel openvpn[10250]: connect_timeout = 10
Jan 12 10:10:06 devel openvpn[10250]: connect_retry_max = 0
Jan 12 10:10:06 devel openvpn[10250]: socks_proxy_server = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: socks_proxy_port = 0
Jan 12 10:10:06 devel openvpn[10250]: socks_proxy_retry = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: Connection profiles END
Jan 12 10:10:06 devel openvpn[10250]: remote_random = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: ipchange = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: dev = 'tun'
Jan 12 10:10:06 devel openvpn[10250]: dev_type = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: dev_node = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: lladdr = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: topology = 1
Jan 12 10:10:06 devel openvpn[10250]: tun_ipv6 = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_local = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_remote_netmask = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_noexec = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_nowarn = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: shaper = 0
Jan 12 10:10:06 devel openvpn[10250]: tun_mtu = 1500
Jan 12 10:10:06 devel openvpn[10250]: tun_mtu_defined = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: link_mtu = 1500
Jan 12 10:10:06 devel openvpn[10250]: link_mtu_defined = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: tun_mtu_extra = 0
Jan 12 10:10:06 devel openvpn[10250]: tun_mtu_extra_defined = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: fragment = 0
Jan 12 10:10:06 devel openvpn[10250]: mtu_discover_type = -1
Jan 12 10:10:06 devel openvpn[10250]: mtu_test = 0
Jan 12 10:10:06 devel openvpn[10250]: mlock = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: keepalive_ping = 0
Jan 12 10:10:06 devel openvpn[10250]: keepalive_timeout = 0
Jan 12 10:10:06 devel openvpn[10250]: inactivity_timeout = 0
Jan 12 10:10:06 devel openvpn[10250]: ping_send_timeout = 0
Jan 12 10:10:06 devel openvpn[10250]: ping_rec_timeout = 0
Jan 12 10:10:06 devel openvpn[10250]: ping_rec_timeout_action = 0
Jan 12 10:10:06 devel openvpn[10250]: ping_timer_remote = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: remap_sigusr1 = 0
Jan 12 10:10:06 devel openvpn[10250]: explicit_exit_notification = 0
Jan 12 10:10:06 devel openvpn[10250]: persist_tun = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: persist_local_ip = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: persist_remote_ip = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: persist_key = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: mssfix = 1450
Jan 12 10:10:06 devel openvpn[10250]: passtos = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: resolve_retry_seconds = 1000000000
Jan 12 10:10:06 devel openvpn[10250]: username = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: groupname = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: chroot_dir = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: cd_dir = '/etc/openvpn'
Jan 12 10:10:06 devel openvpn[10250]: selinux_context = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: writepid = '/var/run/openvpn/client.pid'
Jan 12 10:10:06 devel openvpn[10250]: up_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: down_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: down_pre = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: up_restart = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: up_delay = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: daemon = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: inetd = 0
Jan 12 10:10:06 devel openvpn[10250]: log = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: suppress_timestamps = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: nice = 0
Jan 12 10:10:06 devel openvpn[10250]: verbosity = 4
Jan 12 10:10:06 devel openvpn[10250]: mute = 0
Jan 12 10:10:06 devel openvpn[10250]: gremlin = 0
Jan 12 10:10:06 devel openvpn[10250]: status_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: status_file_version = 1
Jan 12 10:10:06 devel openvpn[10250]: status_file_update_freq = 60
Jan 12 10:10:06 devel openvpn[10250]: occ = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: rcvbuf = 65536
Jan 12 10:10:06 devel openvpn[10250]: sndbuf = 65536
Jan 12 10:10:06 devel openvpn[10250]: sockflags = 0
Jan 12 10:10:06 devel openvpn[10250]: fast_io = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: lzo = 7
Jan 12 10:10:06 devel openvpn[10250]: route_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: route_default_gateway = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: route_default_metric = 0
Jan 12 10:10:06 devel openvpn[10250]: route_noexec = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: route_delay = 0
Jan 12 10:10:06 devel openvpn[10250]: route_delay_window = 30
Jan 12 10:10:06 devel openvpn[10250]: route_delay_defined = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: route_nopull = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: route_gateway_via_dhcp = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: max_routes = 100
Jan 12 10:10:06 devel openvpn[10250]: allow_pull_fqdn = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: management_addr = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: management_port = 0
Jan 12 10:10:06 devel openvpn[10250]: management_user_pass = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: management_log_history_cache = 250
Jan 12 10:10:06 devel openvpn[10250]: management_echo_buffer_size = 100
Jan 12 10:10:06 devel openvpn[10250]: management_write_peer_info_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: management_client_user = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: management_client_group = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: management_flags = 0
Jan 12 10:10:06 devel openvpn[10250]: shared_secret_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: key_direction = 0
Jan 12 10:10:06 devel openvpn[10250]: ciphername_defined = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: ciphername = 'BF-CBC'
Jan 12 10:10:06 devel openvpn[10250]: authname_defined = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: authname = 'SHA1'
Jan 12 10:10:06 devel openvpn[10250]: prng_hash = 'SHA1'
Jan 12 10:10:06 devel openvpn[10250]: prng_nonce_secret_len = 16
Jan 12 10:10:06 devel openvpn[10250]: keysize = 0
Jan 12 10:10:06 devel openvpn[10250]: engine = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: replay = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: mute_replay_warnings = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: replay_window = 64
Jan 12 10:10:06 devel openvpn[10250]: replay_time = 15
Jan 12 10:10:06 devel openvpn[10250]: packet_id_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: use_iv = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: test_crypto = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: tls_server = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: tls_client = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: key_method = 2
Jan 12 10:10:06 devel openvpn[10250]: ca_file = 'ca.crt'
Jan 12 10:10:06 devel openvpn[10250]: ca_path = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: dh_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: cert_file = 'devel.crt'
Jan 12 10:10:06 devel openvpn[10250]: priv_key_file = 'devel.key'
Jan 12 10:10:06 devel openvpn[10250]: pkcs12_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: cipher_list = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: tls_verify = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: tls_export_cert = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: tls_remote = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: crl_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: ns_cert_type = 0
Jan 12 10:10:06 devel openvpn[10250]: remote_cert_ku[i] = 0
Jan 12 10:10:06 devel last message repeated 15 times
Jan 12 10:10:06 devel openvpn[10250]: remote_cert_eku = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: tls_timeout = 2
Jan 12 10:10:06 devel openvpn[10250]: renegotiate_bytes = 0
Jan 12 10:10:06 devel openvpn[10250]: renegotiate_packets = 0
Jan 12 10:10:06 devel openvpn[10250]: renegotiate_seconds = 3600
Jan 12 10:10:06 devel openvpn[10250]: handshake_window = 60
Jan 12 10:10:06 devel openvpn[10250]: transition_window = 3600
Jan 12 10:10:06 devel openvpn[10250]: single_session = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: push_peer_info = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: tls_exit = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: tls_auth_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: server_network = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: server_netmask = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: server_bridge_ip = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: server_bridge_netmask = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: server_bridge_pool_start = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: server_bridge_pool_end = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_pool_defined = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_pool_start = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_pool_end = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_pool_netmask = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_pool_persist_filename = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: ifconfig_pool_persist_refresh_freq = 600
Jan 12 10:10:06 devel openvpn[10250]: n_bcast_buf = 256
Jan 12 10:10:06 devel openvpn[10250]: tcp_queue_limit = 64
Jan 12 10:10:06 devel openvpn[10250]: real_hash_size = 256
Jan 12 10:10:06 devel openvpn[10250]: virtual_hash_size = 256
Jan 12 10:10:06 devel openvpn[10250]: client_connect_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: learn_address_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: client_disconnect_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: client_config_dir = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: ccd_exclusive = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: tmp_dir = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: push_ifconfig_defined = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: push_ifconfig_local = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: push_ifconfig_remote_netmask = 0.0.0.0
Jan 12 10:10:06 devel openvpn[10250]: enable_c2c = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: duplicate_cn = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: cf_max = 0
Jan 12 10:10:06 devel openvpn[10250]: cf_per = 0
Jan 12 10:10:06 devel openvpn[10250]: max_clients = 1024
Jan 12 10:10:06 devel openvpn[10250]: max_routes_per_client = 256
Jan 12 10:10:06 devel openvpn[10250]: auth_user_pass_verify_script = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: auth_user_pass_verify_script_via_file = DISABLED
Jan 12 10:10:06 devel openvpn[10250]: ssl_flags = 0
Jan 12 10:10:06 devel openvpn[10250]: port_share_host = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: port_share_port = 0
Jan 12 10:10:06 devel openvpn[10250]: client = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: pull = ENABLED
Jan 12 10:10:06 devel openvpn[10250]: auth_user_pass_file = '[UNDEF]'
Jan 12 10:10:06 devel openvpn[10250]: OpenVPN 2.2-beta5 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 11 2011
Jan 12 10:10:06 devel openvpn[10250]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 12 10:10:06 devel openvpn[10250]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 12 10:10:06 devel openvpn[10250]: LZO compression initialized
Jan 12 10:10:06 devel openvpn[10250]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 12 10:10:06 devel openvpn[10250]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jan 12 10:10:06 devel openvpn[10250]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 12 10:10:06 devel openvpn[10250]: Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Jan 12 10:10:06 devel openvpn[10250]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Jan 12 10:10:06 devel openvpn[10250]: Local Options hash (VER=V4): '69109d17'
Jan 12 10:10:06 devel openvpn[10250]: Expected Remote Options hash (VER=V4): 'c0103fa8'
Jan 12 10:10:06 devel openvpn[10251]: Attempting to establish TCP connection with 203.21.3.208:1194 [nonblock]
Jan 12 10:10:07 devel openvpn[10251]: TCP connection established with 203.21.3.208:1194
Jan 12 10:10:07 devel openvpn[10251]: TCPv4_CLIENT link local: [undef]
Jan 12 10:10:07 devel openvpn[10251]: TCPv4_CLIENT link remote: 203.21.3.208:1194
Jan 12 10:10:07 devel openvpn[10251]: TLS: Initial packet from 203.21.3.208:1194, sid=2b26a2b6 6621b79f
Jan 12 10:10:08 devel openvpn[10251]: VERIFY OK: depth=1, /C=AU/ST=VICTORIA/L=MELBOURNE/O=SportingPulse/CN=theodredold.sportingpulse.com/emailAddress=security@sportingpulse.com
Jan 12 10:10:08 devel openvpn[10251]: VERIFY OK: depth=0, /C=AU/ST=VICTORIA/L=MELBOURNE/O=SportingPulse/CN=server/emailAddress=security@sportingpulse.com
Jan 12 10:10:08 devel openvpn[10251]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 12 10:10:08 devel openvpn[10251]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 12 10:10:08 devel openvpn[10251]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 12 10:10:08 devel openvpn[10251]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 12 10:10:08 devel openvpn[10251]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 12 10:10:08 devel openvpn[10251]: [server] Peer Connection Initiated with 203.21.3.208:1194
Jan 12 10:10:10 devel openvpn[10251]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jan 12 10:10:10 devel openvpn[10251]: PUSH: Received control message: 'PUSH_REPLY,route 203.21.3.0 255.255.255.0,route 10.10.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.10.0.10 10.10.0.9'
Jan 12 10:10:10 devel openvpn[10251]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 12 10:10:10 devel openvpn[10251]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 12 10:10:10 devel openvpn[10251]: OPTIONS IMPORT: route options modified
Jan 12 10:10:10 devel openvpn[10251]: ROUTE default_gateway=192.168.200.241
Jan 12 10:10:10 devel openvpn[10251]: TUN/TAP device tun0 opened
Jan 12 10:10:10 devel openvpn[10251]: TUN/TAP TX queue length set to 100
Jan 12 10:10:10 devel openvpn[10251]: /sbin/ifconfig tun0 10.10.0.10 pointopoint 10.10.0.9 mtu 1500
Jan 12 10:10:10 devel openvpn[10251]: /sbin/route add -net 203.21.3.0 netmask 255.255.255.0 gw 10.10.0.9
Jan 12 10:10:10 devel openvpn[10251]: /sbin/route add -net 10.10.0.1 netmask 255.255.255.255 gw 10.10.0.9
Jan 12 10:10:10 devel openvpn[10251]: Initialization Sequence Completed
Jan 12 10:12:12 devel openvpn[10251]: [server] Inactivity timeout (--ping-restart), restarting
Jan 12 10:12:12 devel openvpn[10251]: TCP/UDP: Closing socket
Jan 12 10:12:12 devel openvpn[10251]: SIGUSR1[soft,ping-restart] received, process restarting
Jan 12 10:12:12 devel openvpn[10251]: Restart pause, 5 second(s)
Jan 12 10:12:17 devel openvpn[10251]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 12 10:12:17 devel openvpn[10251]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 12 10:12:17 devel openvpn[10251]: Re-using SSL/TLS context
Jan 12 10:12:17 devel openvpn[10251]: LZO compression initialized
Jan 12 10:12:17 devel openvpn[10251]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 12 10:12:17 devel openvpn[10251]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jan 12 10:12:17 devel openvpn[10251]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 12 10:12:17 devel openvpn[10251]: Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Jan 12 10:12:17 devel openvpn[10251]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Jan 12 10:12:17 devel openvpn[10251]: Local Options hash (VER=V4): '69109d17'
Jan 12 10:12:17 devel openvpn[10251]: Expected Remote Options hash (VER=V4): 'c0103fa8'
Jan 12 10:12:17 devel openvpn[10251]: Attempting to establish TCP connection with 203.21.3.208:1194 [nonblock]
Jan 12 10:12:27 devel openvpn[10251]: TCP: connect to 203.21.3.208:1194 failed, will try again in 5 seconds: Connection timed out
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Linux client problem
did you allow then tun device in your firewall? see the FIREWALLS section of the manual... it has some iptables specific commands you might need
http://openvpn.net/man-beta
http://openvpn.net/man-beta
-
SteveM
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Jan 11, 2011 3:50 am
Re: Linux client problem
I basically disabled firewallls for testing both on the server and the client.krzee wrote:did you allow then tun device in your firewall? see the FIREWALLS section of the manual... it has some iptables specific commands you might need
http://openvpn.net/man-beta
All I am trying to acheive now is to be able to ping 10.10.0.1 which is the VPN server tun0.
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Linux client problem
if i had a dime for every time i heard thatSteveM wrote: I basically disabled firewallls for testing both on the server and the client.
try this
Code: Select all
iptables -A INPUT -i tun+ -j ACCEPT-
SteveM
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Jan 11, 2011 3:50 am
Re: Linux client problem
try this on your client[/quote]
That did not make any difference.
Code: Select all
iptables -A INPUT -i tun+ -j ACCEPTThat did not make any difference.
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Linux client problem
please replace your log above with one at verb 5
-
SteveM
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Jan 11, 2011 3:50 am
Re: Linux client problem
We fixed the problem by adding
push "route remote_host 255.255.255.255 net_gateway"
in the server config.
I don't have any explanation for that so if anyone knows why this works better I'd really like to hear.
We also changed to udp but that was just because most clients had that in their configs in the past before the old server died.
push "route remote_host 255.255.255.255 net_gateway"
in the server config.
I don't have any explanation for that so if anyone knows why this works better I'd really like to hear.
We also changed to udp but that was just because most clients had that in their configs in the past before the old server died.
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Linux client problem
o lol right
this was needed because you did this:
push "route 203.21.3.0 255.255.255.0"
which told the routing table of the clients to route 203.21.3.0/24 over the vpn, including the vpn server itself.
when you added the new line, it adds a route to the client for just the vpn server to be reached over the inet gateway instead of the vpn.
this was needed because you did this:
push "route 203.21.3.0 255.255.255.0"
which told the routing table of the clients to route 203.21.3.0/24 over the vpn, including the vpn server itself.
when you added the new line, it adds a route to the client for just the vpn server to be reached over the inet gateway instead of the vpn.
-
SteveM
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Jan 11, 2011 3:50 am
Re: Linux client problem
That's sound logical.krzee wrote:o lol right
this was needed because you did this:
push "route 203.21.3.0 255.255.255.0"
which told the routing table of the clients to route 203.21.3.0/24 over the vpn, including the vpn server itself.
when you added the new line, it adds a route to the client for just the vpn server to be reached over the inet gateway instead of the vpn.
What I still don't understand is why Windows clients worked perfectly even without this line. Any idea?