[SOLVED] Site to Site VPN, Client not getting IP from VPN Su

[bmorales]

Can anyone tell me why the client can't get an ip from the vpn subnet dhcp 10.8.0.0/24 network?

Server Conf

local 10.60.1.236
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
cipher BF-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 5




Client Conf

remote 10.60.1.236
rport 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/client1.crt
key /etc/openvpn/easy-rsa/2.0/keys/client1.key
ns-cert-type server
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 1
cipher BF-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 9

[janjust]

no clue, we'll need more information:
* set the client verbosity back to 4
* reconnect the client
* post the (sanitized) client connect log
* post the relevant part of the (sanitized) server log

perhaps then we can tell.

[bmorales]

Hi janjust,

This is how I start the server manually:
openvpn --config server.conf --tls-server &

sanitized server log:

Code: Select all

Tue May 31 08:43:44 2011 us=67966 OpenVPN 2.1.3 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Apr 12 2011
Tue May 31 08:43:44 2011 us=68333 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 31 08:43:44 2011 us=122090 Diffie-Hellman initialized with 2048 bit key
Tue May 31 08:43:44 2011 us=124012 Control Channel Authentication: using '/etc/openvpn/easy-rsa/2.0/keys/ta.key' as a OpenVPN static key file
Tue May 31 08:43:44 2011 us=124075 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 08:43:44 2011 us=124120 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 08:43:44 2011 us=124258 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue May 31 08:43:44 2011 us=124355 Socket Buffers: R=[112640->131072] S=[112640->131072]
Tue May 31 08:43:44 2011 us=124612 ROUTE default_gateway=10.60.1.2
Tue May 31 08:43:44 2011 us=128784 TUN/TAP device tun0 opened
Tue May 31 08:43:44 2011 us=128823 TUN/TAP TX queue length set to 100
Tue May 31 08:43:44 2011 us=128891 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Tue May 31 08:43:44 2011 us=152611 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Tue May 31 08:43:44 2011 us=168385 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 31 08:43:44 2011 us=172046 GID set to nogroup
Tue May 31 08:43:44 2011 us=172086 UID set to nobody
Tue May 31 08:43:44 2011 us=172105 UDPv4 link local (bound): 10.60.1.236:1194
Tue May 31 08:43:44 2011 us=172115 UDPv4 link remote: [undef]
Tue May 31 08:43:44 2011 us=172171 MULTI: multi_init called, r=256 v=256
Tue May 31 08:43:44 2011 us=172298 IFCONFIG POOL: base=10.8.0.4 size=62
Tue May 31 08:43:44 2011 us=172343 IFCONFIG POOL LIST
Tue May 31 08:43:44 2011 us=172355 client2,10.8.0.4
Tue May 31 08:43:44 2011 us=172364 client1,10.8.0.8
Tue May 31 08:43:44 2011 us=172373 client3,10.8.0.12
Tue May 31 08:43:44 2011 us=172436 Initialization Sequence Completed
Tue May 31 08:43:50 2011 us=831048 MULTI: multi_create_instance called
Tue May 31 08:43:50 2011 us=831913 10.60.1.239:1194 Re-using SSL/TLS context
Tue May 31 08:43:50 2011 us=832510 10.60.1.239:1194 LZO compression initialized
Tue May 31 08:43:50 2011 us=837794 10.60.1.239:1194 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue May 31 08:43:50 2011 us=837864 10.60.1.239:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 31 08:43:50 2011 us=838980 10.60.1.239:1194 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF
Tue May 31 08:43:50 2011 us=839000 10.60.1.239:1194 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1
Tue May 31 08:43:50 2011 us=839108 10.60.1.239:1194 Local Options hash (VER=V4): '14168603'
Tue May 31 08:43:50 2011 us=839133 10.60.1.239:1194 Expected Remote Options hash (VER=V4): '504e774e'
RTue May 31 08:43:50 2011 us=839588 10.60.1.239:1194 TLS: Initial packet from 10.60.1.239:1194, sid=60fe5667 1876e9f2

This is how i start my 1st client:
openvpn --config client1.conf --tls-client &

client1 log:

Code: Select all

ue May 31 08:45:49 2011 us=545602 OpenVPN 2.1.3 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Apr 12 2011
Tue May 31 08:45:49 2011 us=546514 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 31 08:45:49 2011 us=597338 Control Channel Authentication: using '/etc/openvpn/easy-rsa/2.0/keys/ta.key' as a OpenVPN static key file
Tue May 31 08:45:49 2011 us=597448 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 08:45:49 2011 us=597463 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 08:45:49 2011 us=597590 LZO compression initialized
Tue May 31 08:45:49 2011 us=598011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue May 31 08:45:49 2011 us=598146 Socket Buffers: R=[112640->131072] S=[112640->131072]
Tue May 31 08:45:49 2011 us=602205 TUN/TAP device tun0 opened
Tue May 31 08:45:49 2011 us=602368 TUN/TAP TX queue length set to 100
Tue May 31 08:45:49 2011 us=602527 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 31 08:45:49 2011 us=602577 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,ke
Tue May 31 08:45:49 2011 us=602587 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,au
Tue May 31 08:45:49 2011 us=602644 Local Options hash (VER=V4): '504e774e'
Tue May 31 08:45:49 2011 us=602660 Expected Remote Options hash (VER=V4): '14168603'
Tue May 31 08:45:49 2011 us=609038 GID set to nogroup
Tue May 31 08:45:49 2011 us=609084 UID set to nobody
Tue May 31 08:45:49 2011 us=609117 UDPv4 link local (bound): [undef]:1194
Tue May 31 08:45:49 2011 us=609134 UDPv4 link remote: 10.60.1.236:1194
Tue May 31 08:45:49 2011 us=610384 TLS: Initial packet from 10.60.1.236:1194, sid=d7f36561 92bb57a5
Tue May 31 08:45:49 2011 us=701838 VERIFY OK: depth=1, /C=US/ST=NY/L=Hauppauge/O=Bascom_Byron_s_VM/CN=Bascom_Byron_s_VM_CA/emailAddress=bmorales@bascom.com
Tue May 31 08:45:49 2011 us=702440 VERIFY OK: nsCertType=SERVER
Tue May 31 08:45:49 2011 us=702454 VERIFY OK: depth=0, /C=US/ST=NY/L=Hauppauge/O=Bascom_Byron_s_VM/CN=server/emailAddress=bmorales@bascom.com
Tue May 31 08:45:49 2011 us=921192 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 31 08:45:49 2011 us=921246 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 08:45:49 2011 us=921304 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 31 08:45:49 2011 us=921315 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 08:45:49 2011 us=921456 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue May 31 08:45:49 2011 us=921483 [server] Peer Connection Initiated with 10.60.1.236:1194
Tue May 31 08:45:50 2011 us=941734 Initialization Sequence Completed

[janjust]

your client and server logs show a much lower verbosity than 'verb 5' and 'verb 9' would warrant; I'm especially interested in the client log with 'verb 5' or higher.

[bmorales]

I kept the server.conf verb to 5 but changed the client1.conf verb to 4 as you recommended and then only pasted the end of each log which seemed to be the most interesting. Do you need more of the log then just the end? I'm not sure what part is most helpful.

I can change the client1.conf to be verb 5 and repost.

[bmorales]

Client conf log verb 5

Code: Select all

Tue May 31 11:46:24 2011 us=585670 Current Parameter Settings:
Tue May 31 11:46:24 2011 us=586205   config = 'client1.conf'
Tue May 31 11:46:24 2011 us=586225   mode = 0
Tue May 31 11:46:24 2011 us=586235   persist_config = DISABLED
Tue May 31 11:46:24 2011 us=586244   persist_mode = 1
Tue May 31 11:46:24 2011 us=586253   show_ciphers = DISABLED
Tue May 31 11:46:24 2011 us=586261   show_digests = DISABLED
Tue May 31 11:46:24 2011 us=586269   show_engines = DISABLED
Tue May 31 11:46:24 2011 us=586278   genkey = DISABLED
Tue May 31 11:46:24 2011 us=586286   key_pass_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586295   show_tls_ciphers = DISABLED
Tue May 31 11:46:24 2011 us=586313 Connection profiles [default]:
Tue May 31 11:46:24 2011 us=586323   proto = udp
Tue May 31 11:46:24 2011 us=586332   local = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586340   local_port = 1194
Tue May 31 11:46:24 2011 us=586349   remote = '10.60.1.236'
Tue May 31 11:46:24 2011 us=586357   remote_port = 1194
Tue May 31 11:46:24 2011 us=586366   remote_float = DISABLED
Tue May 31 11:46:24 2011 us=586374   bind_defined = DISABLED
Tue May 31 11:46:24 2011 us=586383   bind_local = ENABLED
Tue May 31 11:46:24 2011 us=586392   connect_retry_seconds = 5
Tue May 31 11:46:24 2011 us=586400   connect_timeout = 10
Tue May 31 11:46:24 2011 us=586409   connect_retry_max = 0
Tue May 31 11:46:24 2011 us=586417   socks_proxy_server = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586425   socks_proxy_port = 0
Tue May 31 11:46:24 2011 us=586433   socks_proxy_retry = DISABLED
Tue May 31 11:46:24 2011 us=586462 Connection profiles END
Tue May 31 11:46:24 2011 us=586472   remote_random = DISABLED
Tue May 31 11:46:24 2011 us=586481   ipchange = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586489   dev = 'tun'
Tue May 31 11:46:24 2011 us=586497   dev_type = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586505   dev_node = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586513   lladdr = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586522   topology = 1
Tue May 31 11:46:24 2011 us=586530   tun_ipv6 = DISABLED
Tue May 31 11:46:24 2011 us=586538   ifconfig_local = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586546   ifconfig_remote_netmask = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586554   ifconfig_noexec = DISABLED
Tue May 31 11:46:24 2011 us=586562   ifconfig_nowarn = DISABLED
Tue May 31 11:46:24 2011 us=586571   shaper = 0
Tue May 31 11:46:24 2011 us=586579   tun_mtu = 1500
Tue May 31 11:46:24 2011 us=586587   tun_mtu_defined = ENABLED
Tue May 31 11:46:24 2011 us=586595   link_mtu = 1500
Tue May 31 11:46:24 2011 us=586603   link_mtu_defined = DISABLED
Tue May 31 11:46:24 2011 us=586611   tun_mtu_extra = 0
Tue May 31 11:46:24 2011 us=586620   tun_mtu_extra_defined = DISABLED
Tue May 31 11:46:24 2011 us=586628   fragment = 0
Tue May 31 11:46:24 2011 us=586636   mtu_discover_type = -1
Tue May 31 11:46:24 2011 us=586644   mtu_test = 0
Tue May 31 11:46:24 2011 us=586652   mlock = DISABLED
Tue May 31 11:46:24 2011 us=586660   keepalive_ping = 10
Tue May 31 11:46:24 2011 us=586669   keepalive_timeout = 120
Tue May 31 11:46:24 2011 us=586677   inactivity_timeout = 0
Tue May 31 11:46:24 2011 us=586685   ping_send_timeout = 10
Tue May 31 11:46:24 2011 us=586693   ping_rec_timeout = 120
Tue May 31 11:46:24 2011 us=586701   ping_rec_timeout_action = 2
Tue May 31 11:46:24 2011 us=586709   ping_timer_remote = DISABLED
Tue May 31 11:46:24 2011 us=586717   remap_sigusr1 = 0
Tue May 31 11:46:24 2011 us=586725   explicit_exit_notification = 0
Tue May 31 11:46:24 2011 us=586739   persist_tun = ENABLED
Tue May 31 11:46:24 2011 us=586748   persist_local_ip = DISABLED
Tue May 31 11:46:24 2011 us=586756   persist_remote_ip = DISABLED
Tue May 31 11:46:24 2011 us=586764   persist_key = ENABLED
Tue May 31 11:46:24 2011 us=586773   mssfix = 1450
Tue May 31 11:46:24 2011 us=586781   passtos = DISABLED
Tue May 31 11:46:24 2011 us=586789   resolve_retry_seconds = 1000000000
Tue May 31 11:46:24 2011 us=586798   username = 'nobody'
Tue May 31 11:46:24 2011 us=586806   groupname = 'nogroup'
Tue May 31 11:46:24 2011 us=586814   chroot_dir = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586822   cd_dir = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586839   writepid = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586848   up_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586856   down_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=586864   down_pre = DISABLED
Tue May 31 11:46:24 2011 us=586872   up_restart = DISABLED
Tue May 31 11:46:24 2011 us=586880   up_delay = DISABLED
Tue May 31 11:46:24 2011 us=586888   daemon = DISABLED
Tue May 31 11:46:24 2011 us=586896   inetd = 0
Tue May 31 11:46:24 2011 us=586905   log = ENABLED
Tue May 31 11:46:24 2011 us=586913   suppress_timestamps = DISABLED
Tue May 31 11:46:24 2011 us=586921   nice = 0
Tue May 31 11:46:24 2011 us=586930   verbosity = 5
Tue May 31 11:46:24 2011 us=586938   mute = 0
Tue May 31 11:46:24 2011 us=586946   gremlin = 0
Tue May 31 11:46:24 2011 us=586954   status_file = 'openvpn-status.log'
Tue May 31 11:46:24 2011 us=586963   status_file_version = 1
Tue May 31 11:46:24 2011 us=586971   status_file_update_freq = 60
Tue May 31 11:46:24 2011 us=586979   occ = ENABLED
Tue May 31 11:46:24 2011 us=586987   rcvbuf = 65536
Tue May 31 11:46:24 2011 us=586995   sndbuf = 65536
Tue May 31 11:46:24 2011 us=587003   sockflags = 0
Tue May 31 11:46:24 2011 us=587011   fast_io = DISABLED
Tue May 31 11:46:24 2011 us=587020   lzo = 7
Tue May 31 11:46:24 2011 us=587028   route_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587036   route_default_gateway = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587044   route_default_metric = 0
Tue May 31 11:46:24 2011 us=587052   route_noexec = DISABLED
Tue May 31 11:46:24 2011 us=587061   route_delay = 0
Tue May 31 11:46:24 2011 us=587069   route_delay_window = 30
Tue May 31 11:46:24 2011 us=587077   route_delay_defined = DISABLED
Tue May 31 11:46:24 2011 us=587085   route_nopull = DISABLED
Tue May 31 11:46:24 2011 us=587094   route_gateway_via_dhcp = DISABLED
Tue May 31 11:46:24 2011 us=587102   max_routes = 100
Tue May 31 11:46:24 2011 us=587111   allow_pull_fqdn = DISABLED
Tue May 31 11:46:24 2011 us=587119   management_addr = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587127   management_port = 0
Tue May 31 11:46:24 2011 us=587136   management_user_pass = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587144   management_log_history_cache = 250
Tue May 31 11:46:24 2011 us=587157   management_echo_buffer_size = 100
Tue May 31 11:46:24 2011 us=587168   management_write_peer_info_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587177   management_client_user = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587185   management_client_group = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587193   management_flags = 0
Tue May 31 11:46:24 2011 us=587202   shared_secret_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587210   key_direction = 2
Tue May 31 11:46:24 2011 us=587219   ciphername_defined = ENABLED
Tue May 31 11:46:24 2011 us=587227   ciphername = 'BF-CBC'
Tue May 31 11:46:24 2011 us=587236   authname_defined = ENABLED
Tue May 31 11:46:24 2011 us=587244   authname = 'SHA1'
Tue May 31 11:46:24 2011 us=587252   prng_hash = 'SHA1'
Tue May 31 11:46:24 2011 us=587260   prng_nonce_secret_len = 16
Tue May 31 11:46:24 2011 us=587269   keysize = 0
Tue May 31 11:46:24 2011 us=587277   engine = DISABLED
Tue May 31 11:46:24 2011 us=587285   replay = ENABLED
Tue May 31 11:46:24 2011 us=587294   mute_replay_warnings = DISABLED
Tue May 31 11:46:24 2011 us=587302   replay_window = 64
Tue May 31 11:46:24 2011 us=587311   replay_time = 15
Tue May 31 11:46:24 2011 us=587319   packet_id_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587327   use_iv = ENABLED
Tue May 31 11:46:24 2011 us=587336   test_crypto = DISABLED
Tue May 31 11:46:24 2011 us=587344   tls_server = DISABLED
Tue May 31 11:46:24 2011 us=587352   tls_client = ENABLED
Tue May 31 11:46:24 2011 us=587360   key_method = 2
Tue May 31 11:46:24 2011 us=587369   ca_file = '/etc/openvpn/easy-rsa/2.0/keys/ca.crt'
Tue May 31 11:46:24 2011 us=587378   ca_path = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587386   dh_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587395   cert_file = '/etc/openvpn/easy-rsa/2.0/keys/client1.crt'
Tue May 31 11:46:24 2011 us=587411   priv_key_file = '/etc/openvpn/easy-rsa/2.0/keys/client1.key'
Tue May 31 11:46:24 2011 us=587420   pkcs12_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587428   cipher_list = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587437   tls_verify = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587445   tls_remote = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587486   crl_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587497   ns_cert_type = 64
Tue May 31 11:46:24 2011 us=587506   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587515   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587523   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587532   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587540   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587548   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587556   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587564   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587581   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587591   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587599   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587607   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587615   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587623   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587631   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587640   remote_cert_ku[i] = 0
Tue May 31 11:46:24 2011 us=587648   remote_cert_eku = '[UNDEF]'
Tue May 31 11:46:24 2011 us=587656   tls_timeout = 2
Tue May 31 11:46:24 2011 us=587665   renegotiate_bytes = 0
Tue May 31 11:46:24 2011 us=587673   renegotiate_packets = 0
Tue May 31 11:46:24 2011 us=587681   renegotiate_seconds = 3600
Tue May 31 11:46:24 2011 us=587690   handshake_window = 60
Tue May 31 11:46:24 2011 us=587698   transition_window = 3600
Tue May 31 11:46:24 2011 us=587706   single_session = DISABLED
Tue May 31 11:46:24 2011 us=587714   push_peer_info = DISABLED
Tue May 31 11:46:24 2011 us=587723   tls_exit = DISABLED
Tue May 31 11:46:24 2011 us=587731   tls_auth_file = '/etc/openvpn/easy-rsa/2.0/keys/ta.key'
Tue May 31 11:46:24 2011 us=587885   server_network = 0.0.0.0
Tue May 31 11:46:24 2011 us=587910   server_netmask = 0.0.0.0
Tue May 31 11:46:24 2011 us=587920   server_bridge_ip = 0.0.0.0
Tue May 31 11:46:24 2011 us=587930   server_bridge_netmask = 0.0.0.0
Tue May 31 11:46:24 2011 us=587940   server_bridge_pool_start = 0.0.0.0
Tue May 31 11:46:24 2011 us=587949   server_bridge_pool_end = 0.0.0.0
Tue May 31 11:46:24 2011 us=587958   ifconfig_pool_defined = DISABLED
Tue May 31 11:46:24 2011 us=587968   ifconfig_pool_start = 0.0.0.0
Tue May 31 11:46:24 2011 us=587977   ifconfig_pool_end = 0.0.0.0
Tue May 31 11:46:24 2011 us=587987   ifconfig_pool_netmask = 0.0.0.0
Tue May 31 11:46:24 2011 us=587995   ifconfig_pool_persist_filename = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588010   ifconfig_pool_persist_refresh_freq = 600
Tue May 31 11:46:24 2011 us=588019   n_bcast_buf = 256
Tue May 31 11:46:24 2011 us=588028   tcp_queue_limit = 64
Tue May 31 11:46:24 2011 us=588036   real_hash_size = 256
Tue May 31 11:46:24 2011 us=588044   virtual_hash_size = 256
Tue May 31 11:46:24 2011 us=588053   client_connect_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588061   learn_address_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588070   client_disconnect_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588078   client_config_dir = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588087   ccd_exclusive = DISABLED
Tue May 31 11:46:24 2011 us=588095   tmp_dir = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588104   push_ifconfig_defined = DISABLED
Tue May 31 11:46:24 2011 us=588113   push_ifconfig_local = 0.0.0.0
Tue May 31 11:46:24 2011 us=588123   push_ifconfig_remote_netmask = 0.0.0.0
Tue May 31 11:46:24 2011 us=588131   enable_c2c = DISABLED
Tue May 31 11:46:24 2011 us=588140   duplicate_cn = DISABLED
Tue May 31 11:46:24 2011 us=588148   cf_max = 0
Tue May 31 11:46:24 2011 us=588156   cf_per = 0
Tue May 31 11:46:24 2011 us=588165   max_clients = 1024
Tue May 31 11:46:24 2011 us=588173   max_routes_per_client = 256
Tue May 31 11:46:24 2011 us=588189   auth_user_pass_verify_script = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588198   auth_user_pass_verify_script_via_file = DISABLED
Tue May 31 11:46:24 2011 us=588207   ssl_flags = 0
Tue May 31 11:46:24 2011 us=588215   port_share_host = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588223   port_share_port = 0
Tue May 31 11:46:24 2011 us=588232   client = DISABLED
Tue May 31 11:46:24 2011 us=588240   pull = DISABLED
Tue May 31 11:46:24 2011 us=588249   auth_user_pass_file = '[UNDEF]'
Tue May 31 11:46:24 2011 us=588280 OpenVPN 2.1.3 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Apr 12 2011
Tue May 31 11:46:24 2011 us=588561 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 31 11:46:24 2011 us=788999 Control Channel Authentication: using '/etc/openvpn/easy-rsa/2.0/keys/ta.key' as a OpenVPN static key file
Tue May 31 11:46:24 2011 us=789200 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 11:46:24 2011 us=789222 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 11:46:24 2011 us=790057 LZO compression initialized
Tue May 31 11:46:24 2011 us=791103 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue May 31 11:46:24 2011 us=791296 Socket Buffers: R=[112640->131072] S=[112640->131072]
Tue May 31 11:46:24 2011 us=799924 TUN/TAP device tun0 opened
Tue May 31 11:46:24 2011 us=800316 TUN/TAP TX queue length set to 100
Tue May 31 11:46:24 2011 us=800429 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 31 11:46:24 2011 us=938807 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue May 31 11:46:24 2011 us=938851 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue May 31 11:46:24 2011 us=938935 Local Options hash (VER=V4): '504e774e'
Tue May 31 11:46:24 2011 us=938952 Expected Remote Options hash (VER=V4): '14168603'
Tue May 31 11:46:24 2011 us=953376 GID set to nogroup
Tue May 31 11:46:24 2011 us=953376 UID set to nobody
Tue May 31 11:46:24 2011 us=953380 UDPv4 link local (bound): [undef]:1194
Tue May 31 11:46:24 2011 us=953397 UDPv4 link remote: 10.60.1.236:1194
WRTue May 31 11:46:24 2011 us=969926 TLS: Initial packet from 10.60.1.236:1194, sid=73c1e531 9e3e11e5
WWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRTue May 31 11:46:25 2011 us=88359 VERIFY OK: depth=1, /C=US/ST=NY/L=Hauppauge/O=Bascom_Byron_s_VM/CN=Bascom_Byron_s_VM_CA/emailAddress=bmorales@bascom.com
Tue May 31 11:46:25 2011 us=88933 VERIFY OK: nsCertType=SERVER
Tue May 31 11:46:25 2011 us=88950 VERIFY OK: depth=0, /C=US/ST=NY/L=Hauppauge/O=Bascom_Byron_s_VM/CN=server/emailAddress=bmorales@bascom.com
WRWRWRWRWRWRWRWRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWWWRRRRWRWRTue May 31 11:46:25 2011 us=329228 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 31 11:46:25 2011 us=329269 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 11:46:25 2011 us=329326 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 31 11:46:25 2011 us=329338 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WTue May 31 11:46:25 2011 us=329472 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue May 31 11:46:25 2011 us=329514 [server] Peer Connection Initiated with 10.60.1.236:1194
Tue May 31 11:46:26 2011 us=588957 Initialization Sequence Completed
RWRWRWRWRWRWRWRWRWWRRWRW

[janjust]

oops, I have to remember what I recommend - sorry about that....


the client log looks OK, actually; what is the IP address of the tun0 interface after the client connects? also, does the server log show anything about PUSHING an IP address to the client?

[janjust]

oh doh - I think I see what the problem is ; try adding

Code: Select all

client

to the client configuration file - if this is not present then no server options (e.g. an IP address) are pulled.

[bmorales]

That is amazing,, It worked!!
Thanks for the help