OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Adding a virtual server to vlan

https://forums.openvpn.net/viewtopic.php?t=8240

Page 1 of 1

Adding a virtual server to vlan

Posted: Tue May 31, 2011 12:32 am
by ghostcorps
Hi Guys

I have been trying to add a virtual server to the vlan created by OpenVPN without any luck. I am hoping someone here may be able to assist?

As I am using FreeBSD jails, I am told that the ip can not be set on the virtual server itself, and that I should use an ipconfig-pool instead. So I have been trying to do as much reading as I can on the matter, but am still no wiser :(

Here is the output of ifconfig and my ovpn settings. I just need the server at xxx.xxx.xxx.213 to be added to the 192.168.254.xx subnet so that I can access blocked ports on that machine (eg. 21) remotely. Surely I am missing something very simple? :

Code: Select all

# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether xx:xx:xx:xx:xx
        inet xxx.xxx.xxx.212 netmask 0xfffffff8 broadcast xxx.xxx.xxx.215
        inet xxx.xxx.xxx.213 netmask 0xffffffff broadcast xxx.xxx.xxx.213
        inet xxx.xxx.xxx.214 netmask 0xffffffff broadcast xxx.xxx.xxx.214
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 00:50:56:8f:30:3b
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether 00:bd:8e:20:00:00
        inet 192.168.254.1 netmask 0xffffff00 broadcast 192.168.254.255
        Opened by PID 1078

Server
  • /usr/local/etc/openvpn/server.conf

Code: Select all

port 1194
proto udp
dev tap
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 192.168.254.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
max-clients 10
user root
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 3

Re: Adding a virtual server to vlan

Posted: Tue May 31, 2011 1:17 am
by ghostcorps
Also: I get this error when I try to start OpenVPN on the virtual server (client). Perhaps the issue is with the routing socket?

Code: Select all

Tue May 31 01:12:50 2011 OpenVPN 2.1.1 amd64-portbld-freebsd8.1 [SSL] [LZO2] built on May 31 2011
Tue May 31 01:12:50 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 31 01:12:50 2011 LZO compression initialized
Tue May 31 01:12:50 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 31 01:12:50 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue May 31 01:12:50 2011 Local Options hash (VER=V4): 'd79ca330'
Tue May 31 01:12:50 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue May 31 01:12:50 2011 Socket Buffers: R=[42080->65536] S=[9216->65536]
Tue May 31 01:12:50 2011 UDPv4 link local: [undef]
Tue May 31 01:12:50 2011 UDPv4 link remote: xxx.xxx.xxx.x12:1194
Tue May 31 01:12:50 2011 TLS: Initial packet from xxx.xxx.xxx.x12:1194, sid=8f16ab2d 28e9b9bf
Tue May 31 01:12:50 2011 VERIFY OK: depth=1, /C=AU/ST=CA/L=Melbourne/O=none/CN=vpnserver/name=advoy/emailAddress=webmaster@xxx.com.au
Tue May 31 01:12:50 2011 VERIFY OK: nsCertType=SERVER
Tue May 31 01:12:50 2011 VERIFY OK: depth=0, /C=AU/ST=CA/L=Melbourne/O=none/CN=xxx.com/name=advoy/emailAddress=webmaster@xxx.com.au
Tue May 31 01:12:50 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 31 01:12:50 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 01:12:50 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 31 01:12:50 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 31 01:12:50 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 31 01:12:50 2011 [xxx.com] Peer Connection Initiated with xxx.xxx.xxx.x12:2501
Tue May 31 01:12:52 2011 SENT CONTROL [xxx.com]: 'PUSH_REQUEST' (status=1)
Tue May 31 01:12:52 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.254.1,ping 10,ping-restart 120,ifconfig 192.168.254.3 255.255.255.0'
Tue May 31 01:12:52 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 31 01:12:52 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 31 01:12:52 2011 OPTIONS IMPORT: route-related options modified
openvpn: writing to routing socket: No such process
Tue May 31 01:12:52 2011 Cannot allocate TUN/TAP dev dynamically
Tue May 31 01:12:52 2011 Exiting
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/