OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[open] problem with the routes, connection to openvpn works!

https://forums.openvpn.net/viewtopic.php?t=8339

Page 1 of 1

[open] problem with the routes, connection to openvpn works!

Posted: Wed Jun 22, 2011 7:11 am
by syn4pse
Hello,
this is my first openvpn setup. I picked myself a tutorial and followed the steps after reading up on the basics. So here is what i tried to setup. I´m running a server in a NL datacentre. Due to the fact that i need to login securely to from various locations i decided to use openvpn. My server is running a debian 64 bit.
After starting the openvpn I simply could not log in from a windows client ( using openvpn GUI ). So i decided to enable verbose output on the server which shows me the following:
  • Wed Jun 22 12:05:21 2011 us=355867 Current Parameter Settings:
    Wed Jun 22 12:05:21 2011 us=355940 config = 'server.conf'
    Wed Jun 22 12:05:21 2011 us=355950 mode = 1
    Wed Jun 22 12:05:21 2011 us=355957 persist_config = DISABLED
    Wed Jun 22 12:05:21 2011 us=355964 persist_mode = 1
    Wed Jun 22 12:05:21 2011 us=355971 show_ciphers = DISABLED
    Wed Jun 22 12:05:21 2011 us=355978 show_digests = DISABLED
    Wed Jun 22 12:05:21 2011 us=355984 show_engines = DISABLED
    Wed Jun 22 12:05:21 2011 us=355991 genkey = DISABLED
    Wed Jun 22 12:05:21 2011 us=355997 key_pass_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356004 show_tls_ciphers = DISABLED
    Wed Jun 22 12:05:21 2011 us=356013 Connection profiles [default]:
    Wed Jun 22 12:05:21 2011 us=356020 proto = udp
    Wed Jun 22 12:05:21 2011 us=356027 local = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356034 local_port = 1194
    Wed Jun 22 12:05:21 2011 us=356041 remote = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356047 remote_port = 1194
    Wed Jun 22 12:05:21 2011 us=356054 remote_float = DISABLED
    Wed Jun 22 12:05:21 2011 us=356061 bind_defined = DISABLED
    Wed Jun 22 12:05:21 2011 us=356067 bind_local = ENABLED
    Wed Jun 22 12:05:21 2011 us=356074 connect_retry_seconds = 5
    Wed Jun 22 12:05:21 2011 us=356081 connect_timeout = 10
    Wed Jun 22 12:05:21 2011 us=356087 connect_retry_max = 0
    Wed Jun 22 12:05:21 2011 us=356094 socks_proxy_server = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356101 socks_proxy_port = 0
    Wed Jun 22 12:05:21 2011 us=356108 socks_proxy_retry = DISABLED
    Wed Jun 22 12:05:21 2011 us=356116 Connection profiles END
    Wed Jun 22 12:05:21 2011 us=356122 remote_random = DISABLED
    Wed Jun 22 12:05:21 2011 us=356129 ipchange = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356136 dev = 'tun'
    Wed Jun 22 12:05:21 2011 us=356142 dev_type = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356149 dev_node = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356155 lladdr = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356162 topology = 1
    Wed Jun 22 12:05:21 2011 us=356168 tun_ipv6 = DISABLED
    Wed Jun 22 12:05:21 2011 us=356176 ifconfig_local = '10.0.0.1'
    Wed Jun 22 12:05:21 2011 us=356185 ifconfig_remote_netmask = '10.0.0.2'
    Wed Jun 22 12:05:21 2011 us=356192 ifconfig_noexec = DISABLED
    Wed Jun 22 12:05:21 2011 us=356199 ifconfig_nowarn = DISABLED
    Wed Jun 22 12:05:21 2011 us=356205 shaper = 0
    Wed Jun 22 12:05:21 2011 us=356212 tun_mtu = 1500
    Wed Jun 22 12:05:21 2011 us=356219 tun_mtu_defined = ENABLED
    Wed Jun 22 12:05:21 2011 us=356230 link_mtu = 1500
    Wed Jun 22 12:05:21 2011 us=356236 link_mtu_defined = DISABLED
    Wed Jun 22 12:05:21 2011 us=356243 tun_mtu_extra = 0
    Wed Jun 22 12:05:21 2011 us=356250 tun_mtu_extra_defined = DISABLED
    Wed Jun 22 12:05:21 2011 us=356256 fragment = 0
    Wed Jun 22 12:05:21 2011 us=356263 mtu_discover_type = -1
    Wed Jun 22 12:05:21 2011 us=356269 mtu_test = 0
    Wed Jun 22 12:05:21 2011 us=356276 mlock = DISABLED
    Wed Jun 22 12:05:21 2011 us=356283 keepalive_ping = 10
    Wed Jun 22 12:05:21 2011 us=356289 keepalive_timeout = 120
    Wed Jun 22 12:05:21 2011 us=356296 inactivity_timeout = 0
    Wed Jun 22 12:05:21 2011 us=356302 ping_send_timeout = 10
    Wed Jun 22 12:05:21 2011 us=356309 ping_rec_timeout = 240
    Wed Jun 22 12:05:21 2011 us=356315 ping_rec_timeout_action = 2
    Wed Jun 22 12:05:21 2011 us=356322 ping_timer_remote = DISABLED
    Wed Jun 22 12:05:21 2011 us=356328 remap_sigusr1 = 0
    Wed Jun 22 12:05:21 2011 us=356335 explicit_exit_notification = 0
    Wed Jun 22 12:05:21 2011 us=356342 persist_tun = ENABLED
    Wed Jun 22 12:05:21 2011 us=356348 persist_local_ip = DISABLED
    Wed Jun 22 12:05:21 2011 us=356355 persist_remote_ip = DISABLED
    Wed Jun 22 12:05:21 2011 us=356361 persist_key = ENABLED
    Wed Jun 22 12:05:21 2011 us=356368 mssfix = 1450
    Wed Jun 22 12:05:21 2011 us=356377 passtos = DISABLED
    Wed Jun 22 12:05:21 2011 us=356387 resolve_retry_seconds = 1000000000
    Wed Jun 22 12:05:21 2011 us=356395 username = 'nobody'
    Wed Jun 22 12:05:21 2011 us=356401 groupname = 'nogroup'
    Wed Jun 22 12:05:21 2011 us=356408 chroot_dir = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356415 cd_dir = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356428 writepid = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356436 up_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356442 down_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356449 down_pre = DISABLED
    Wed Jun 22 12:05:21 2011 us=356455 up_restart = DISABLED
    Wed Jun 22 12:05:21 2011 us=356461 up_delay = DISABLED
    Wed Jun 22 12:05:21 2011 us=356468 daemon = DISABLED
    Wed Jun 22 12:05:21 2011 us=356474 inetd = 0
    Wed Jun 22 12:05:21 2011 us=356480 log = DISABLED
    Wed Jun 22 12:05:21 2011 us=356487 suppress_timestamps = DISABLED
    Wed Jun 22 12:05:21 2011 us=356494 nice = 0
    Wed Jun 22 12:05:21 2011 us=356500 verbosity = 5
    Wed Jun 22 12:05:21 2011 us=356507 mute = 0
    Wed Jun 22 12:05:21 2011 us=356513 gremlin = 0
    Wed Jun 22 12:05:21 2011 us=356520 status_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356526 status_file_version = 1
    Wed Jun 22 12:05:21 2011 us=356533 status_file_update_freq = 60
    Wed Jun 22 12:05:21 2011 us=356539 occ = ENABLED
    Wed Jun 22 12:05:21 2011 us=356546 rcvbuf = 65536
    Wed Jun 22 12:05:21 2011 us=356552 sndbuf = 65536
    Wed Jun 22 12:05:21 2011 us=356559 sockflags = 0
    Wed Jun 22 12:05:21 2011 us=356565 fast_io = DISABLED
    Wed Jun 22 12:05:21 2011 us=356572 lzo = 7
    Wed Jun 22 12:05:21 2011 us=356578 route_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356585 route_default_gateway = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356591 route_default_metric = 0
    Wed Jun 22 12:05:21 2011 us=356599 route_noexec = DISABLED
    Wed Jun 22 12:05:21 2011 us=356606 route_delay = 0
    Wed Jun 22 12:05:21 2011 us=356612 route_delay_window = 30
    Wed Jun 22 12:05:21 2011 us=356618 route_delay_defined = DISABLED
    Wed Jun 22 12:05:21 2011 us=356625 route_nopull = DISABLED
    Wed Jun 22 12:05:21 2011 us=356631 route_gateway_via_dhcp = DISABLED
    Wed Jun 22 12:05:21 2011 us=356638 allow_pull_fqdn = DISABLED
    Wed Jun 22 12:05:21 2011 us=356645 management_addr = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356651 management_port = 0
    Wed Jun 22 12:05:21 2011 us=356658 management_user_pass = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356664 management_log_history_cache = 250
    Wed Jun 22 12:05:21 2011 us=356671 management_echo_buffer_size = 100
    Wed Jun 22 12:05:21 2011 us=356677 management_write_peer_info_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356684 management_flags = 0
    Wed Jun 22 12:05:21 2011 us=356691 shared_secret_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356697 key_direction = 0
    Wed Jun 22 12:05:21 2011 us=356704 ciphername_defined = ENABLED
    Wed Jun 22 12:05:21 2011 us=356711 ciphername = 'BF-CBC'
    Wed Jun 22 12:05:21 2011 us=356717 authname_defined = ENABLED
    Wed Jun 22 12:05:21 2011 us=356724 authname = 'SHA1'
    Wed Jun 22 12:05:21 2011 us=356730 keysize = 0
    Wed Jun 22 12:05:21 2011 us=356737 engine = DISABLED
    Wed Jun 22 12:05:21 2011 us=356743 replay = ENABLED
    Wed Jun 22 12:05:21 2011 us=356750 mute_replay_warnings = DISABLED
    Wed Jun 22 12:05:21 2011 us=356757 replay_window = 64
    Wed Jun 22 12:05:21 2011 us=356763 replay_time = 15
    Wed Jun 22 12:05:21 2011 us=356770 packet_id_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356776 use_iv = ENABLED
    Wed Jun 22 12:05:21 2011 us=356783 test_crypto = DISABLED
    Wed Jun 22 12:05:21 2011 us=356789 tls_server = ENABLED
    Wed Jun 22 12:05:21 2011 us=356796 tls_client = DISABLED
    Wed Jun 22 12:05:21 2011 us=356802 key_method = 2
    Wed Jun 22 12:05:21 2011 us=356809 ca_file = 'certs/vpn-ca.pem'
    Wed Jun 22 12:05:21 2011 us=356815 ca_path = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356822 dh_file = 'certs/dh1024.pem'
    Wed Jun 22 12:05:21 2011 us=356828 cert_file = 'certs/servercert.pem'
    Wed Jun 22 12:05:21 2011 us=356835 priv_key_file = 'certs/serverkey.pem'
    Wed Jun 22 12:05:21 2011 us=356842 pkcs12_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356848 cipher_list = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356855 tls_verify = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356861 tls_remote = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356868 crl_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356883 ns_cert_type = 0
    Wed Jun 22 12:05:21 2011 us=356890 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356897 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356903 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356910 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356916 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356922 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356929 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356935 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356941 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356948 remote_cert_ku = 0
    Wed Jun 22 12:05:21 2011 us=356954 remote_cert_ku[i] = 0
    Wed Jun 22 12:05:21 2011 us=356960 remote_cert_ku[i] = 0
    Wed Jun 22 12:05:21 2011 us=356967 remote_cert_ku[i] = 0
    Wed Jun 22 12:05:21 2011 us=356973 remote_cert_ku[i] = 0
    Wed Jun 22 12:05:21 2011 us=356979 remote_cert_ku[i] = 0
    Wed Jun 22 12:05:21 2011 us=356985 remote_cert_ku[i] = 0
    Wed Jun 22 12:05:21 2011 us=356992 remote_cert_eku = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=356998 tls_timeout = 2
    Wed Jun 22 12:05:21 2011 us=357005 renegotiate_bytes = 0
    Wed Jun 22 12:05:21 2011 us=357011 renegotiate_packets = 0
    Wed Jun 22 12:05:21 2011 us=357018 renegotiate_seconds = 3600
    Wed Jun 22 12:05:21 2011 us=357024 handshake_window = 60
    Wed Jun 22 12:05:21 2011 us=357031 transition_window = 3600
    Wed Jun 22 12:05:21 2011 us=357037 single_session = DISABLED
    Wed Jun 22 12:05:21 2011 us=357044 tls_exit = DISABLED
    Wed Jun 22 12:05:21 2011 us=357050 tls_auth_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357057 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357064 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357070 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357077 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357083 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357089 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357096 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357102 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357109 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357115 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357121 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357128 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357134 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357140 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357147 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357153 pkcs11_protected_authentication = DISABLED
    Wed Jun 22 12:05:21 2011 us=357160 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357166 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357173 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357183 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357190 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357196 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357203 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357210 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357216 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357229 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357236 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357242 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357249 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357256 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357262 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357269 pkcs11_private_mode = 00000000
    Wed Jun 22 12:05:21 2011 us=357275 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357282 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357295 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357301 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357308 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357314 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357321 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357327 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357334 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357340 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357346 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357353 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357359 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357366 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357372 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357378 pkcs11_cert_private = DISABLED
    Wed Jun 22 12:05:21 2011 us=357385 pkcs11_pin_cache_period = -1
    Wed Jun 22 12:05:21 2011 us=357391 pkcs11_id = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357398 pkcs11_id_management = DISABLED
    Wed Jun 22 12:05:21 2011 us=357415 server_network = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357423 server_netmask = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357430 server_bridge_ip = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357437 server_bridge_netmask = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357445 server_bridge_pool_start = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357452 server_bridge_pool_end = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357459 push_list = 'ping 10,ping-restart 120'
    Wed Jun 22 12:05:21 2011 us=357465 ifconfig_pool_defined = ENABLED
    Wed Jun 22 12:05:21 2011 us=357473 ifconfig_pool_start = 10.0.0.10
    Wed Jun 22 12:05:21 2011 us=357480 ifconfig_pool_end = 10.0.0.251
    Wed Jun 22 12:05:21 2011 us=357487 ifconfig_pool_netmask = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357494 ifconfig_pool_persist_filename = 'ipp.txt'
    Wed Jun 22 12:05:21 2011 us=357500 ifconfig_pool_persist_refresh_freq = 600
    Wed Jun 22 12:05:21 2011 us=357507 n_bcast_buf = 256
    Wed Jun 22 12:05:21 2011 us=357513 tcp_queue_limit = 64
    Wed Jun 22 12:05:21 2011 us=357520 real_hash_size = 256
    Wed Jun 22 12:05:21 2011 us=357527 virtual_hash_size = 256
    Wed Jun 22 12:05:21 2011 us=357533 client_connect_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357540 learn_address_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357546 client_disconnect_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357553 client_config_dir = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357559 ccd_exclusive = DISABLED
    Wed Jun 22 12:05:21 2011 us=357566 tmp_dir = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357573 push_ifconfig_defined = DISABLED
    Wed Jun 22 12:05:21 2011 us=357580 push_ifconfig_local = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357588 push_ifconfig_remote_netmask = 0.0.0.0
    Wed Jun 22 12:05:21 2011 us=357596 enable_c2c = DISABLED
    Wed Jun 22 12:05:21 2011 us=357602 duplicate_cn = DISABLED
    Wed Jun 22 12:05:21 2011 us=357609 cf_max = 0
    Wed Jun 22 12:05:21 2011 us=357615 cf_per = 0
    Wed Jun 22 12:05:21 2011 us=357622 max_clients = 1024
    Wed Jun 22 12:05:21 2011 us=357628 max_routes_per_client = 256
    Wed Jun 22 12:05:21 2011 us=357635 client_cert_not_required = DISABLED
    Wed Jun 22 12:05:21 2011 us=357641 username_as_common_name = DISABLED
    Wed Jun 22 12:05:21 2011 us=357648 auth_user_pass_verify_script = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357654 auth_user_pass_verify_script_via_file = DISABLED
    Wed Jun 22 12:05:21 2011 us=357661 port_share_host = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357668 port_share_port = 0
    Wed Jun 22 12:05:21 2011 us=357674 client = DISABLED
    Wed Jun 22 12:05:21 2011 us=357681 pull = DISABLED
    Wed Jun 22 12:05:21 2011 us=357687 auth_user_pass_file = '[UNDEF]'
    Wed Jun 22 12:05:21 2011 us=357699 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
    Wed Jun 22 12:05:21 2011 us=360239 Diffie-Hellman initialized with 1024 bit key
    Wed Jun 22 12:05:21 2011 us=360678 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
    Wed Jun 22 12:05:21 2011 us=434394 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 22 12:05:21 2011 us=434644 TUN/TAP device tun0 opened
    Wed Jun 22 12:05:21 2011 us=434667 TUN/TAP TX queue length set to 100
    Wed Jun 22 12:05:21 2011 us=434745 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
    Wed Jun 22 12:05:21 2011 us=444534 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 22 12:05:21 2011 us=444679 GID set to nogroup
    Wed Jun 22 12:05:21 2011 us=444698 UID set to nobody
    Wed Jun 22 12:05:21 2011 us=444712 Socket Buffers: R=[137216->131072] S=[137216->131072]
    Wed Jun 22 12:05:21 2011 us=444723 UDPv4 link local (bound): [undef]:1194
    Wed Jun 22 12:05:21 2011 us=444733 UDPv4 link remote: [undef]
    Wed Jun 22 12:05:21 2011 us=444745 MULTI: multi_init called, r=256 v=256
    Wed Jun 22 12:05:21 2011 us=444773 IFCONFIG POOL: base=10.0.0.8 size=61
    Wed Jun 22 12:05:21 2011 us=444790 IFCONFIG POOL LIST
    Wed Jun 22 12:05:21 2011 us=444808 Initialization Sequence Completed
    Wed Jun 22 12:05:25 2011 us=96500 MULTI: multi_create_instance called
    Wed Jun 22 12:05:25 2011 us=96540 93.220.8.55:51638 Re-using SSL/TLS context
    Wed Jun 22 12:05:25 2011 us=96565 93.220.8.55:51638 LZO compression initialized
    Wed Jun 22 12:05:25 2011 us=96657 93.220.8.55:51638 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 22 12:05:25 2011 us=96671 93.220.8.55:51638 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 22 12:05:25 2011 us=96700 93.220.8.55:51638 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Wed Jun 22 12:05:25 2011 us=96708 93.220.8.55:51638 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Wed Jun 22 12:05:25 2011 us=96733 93.220.8.55:51638 Local Options hash (VER=V4): '530fdded'
    Wed Jun 22 12:05:25 2011 us=96745 93.220.8.55:51638 Expected Remote Options hash (VER=V4): '41690919'
    Wed Jun 22 12:05:25 2011 us=96785 93.220.8.55:51638 TLS: Initial packet from 93.220.8.55:51638, sid=6d3a66db 12894825
    Wed Jun 22 12:05:28 2011 us=477022 MULTI: multi_create_instance called
    Wed Jun 22 12:05:28 2011 us=477077 93.220.8.55:51639 Re-using SSL/TLS context
    Wed Jun 22 12:05:28 2011 us=477097 93.220.8.55:51639 LZO compression initialized
    Wed Jun 22 12:05:28 2011 us=477173 93.220.8.55:51639 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 22 12:05:28 2011 us=477186 93.220.8.55:51639 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 22 12:05:28 2011 us=477214 93.220.8.55:51639 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Wed Jun 22 12:05:28 2011 us=477223 93.220.8.55:51639 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Wed Jun 22 12:05:28 2011 us=477238 93.220.8.55:51639 Local Options hash (VER=V4): '530fdded'
    Wed Jun 22 12:05:28 2011 us=477250 93.220.8.55:51639 Expected Remote Options hash (VER=V4): '41690919'
    Wed Jun 22 12:05:28 2011 us=477279 93.220.8.55:51639 TLS: Initial packet from 93.220.8.55:51639, sid=294b7687 9a32fd29
    Wed Jun 22 12:05:30 2011 us=722083 MULTI: multi_create_instance called
    Wed Jun 22 12:05:30 2011 us=722144 93.220.8.55:51640 Re-using SSL/TLS context
    Wed Jun 22 12:05:30 2011 us=722164 93.220.8.55:51640 LZO compression initialized
    Wed Jun 22 12:05:30 2011 us=722239 93.220.8.55:51640 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 22 12:05:30 2011 us=722252 93.220.8.55:51640 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 22 12:05:30 2011 us=722280 93.220.8.55:51640 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Wed Jun 22 12:05:30 2011 us=722305 93.220.8.55:51640 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Wed Jun 22 12:05:30 2011 us=722320 93.220.8.55:51640 Local Options hash (VER=V4): '530fdded'
    Wed Jun 22 12:05:30 2011 us=722332 93.220.8.55:51640 Expected Remote Options hash (VER=V4): '41690919'
    Wed Jun 22 12:05:30 2011 us=722361 93.220.8.55:51640 TLS: Initial packet from 93.220.8.55:51640, sid=4742b1e8 42520a32
    Wed Jun 22 12:05:32 2011 us=969105 MULTI: multi_create_instance called
    Wed Jun 22 12:05:32 2011 us=969167 93.220.8.55:51641 Re-using SSL/TLS context
    Wed Jun 22 12:05:32 2011 us=969187 93.220.8.55:51641 LZO compression initialized
    Wed Jun 22 12:05:32 2011 us=969264 93.220.8.55:51641 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Jun 22 12:05:32 2011 us=969282 93.220.8.55:51641 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Jun 22 12:05:32 2011 us=969311 93.220.8.55:51641 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Wed Jun 22 12:05:32 2011 us=969319 93.220.8.55:51641 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Wed Jun 22 12:05:32 2011 us=969333 93.220.8.55:51641 Local Options hash (VER=V4): '530fdded'
    Wed Jun 22 12:05:32 2011 us=969344 93.220.8.55:51641 Expected Remote Options hash (VER=V4): '41690919'
    Wed Jun 22 12:05:32 2011 us=969413 93.220.8.55:51641 TLS: Initial packet from 93.220.8.55:51641, sid=4664e0dc 64f8dfa7
    Wed Jun 22 12:05:58 2011 us=882488 event_wait : Interrupted system call (code=4)
    Wed Jun 22 12:05:58 2011 us=882779 TCP/UDP: Closing socket
    Wed Jun 22 12:05:58 2011 us=882800 Closing TUN/TAP interface
    Wed Jun 22 12:05:58 2011 us=882812 /sbin/ifconfig tun0 0.0.0.0
    Wed Jun 22 12:05:58 2011 us=883665 Linux ip addr del failed: external program exited with error status: 255
    Wed Jun 22 12:05:58 2011 us=910017 SIGINT[hard,] received, process exiting


I also documented what i did to setup my openvpn so here is the history of my install:
  • 1.) install openvpn:

    apt-get install openvpn


    2.) create certs:

    cd /usr/lib/ssl

    openssl genrsa -aes256 -out private/vpn-cakey.pem 2048
    -> password mysecretpass

    openssl req -new -x509 -days 3650 -key private/vpn-cakey.pem -out vpn-ca.pem -set_serial 1
    -> password mysecretpass

    openssl req -new -newkey rsa:1024 -out certs/servercsr.pem -nodes -keyout private/serverkey.pem -days 3650
    -> password mysecretpass

    openssl x509 -req -in certs/servercsr.pem -out certs/servercert.pem -CA vpn-ca.pem -CAkey private/vpn-cakey.pem -CAserial /usr/lib/ssl/serial -days 3650
    -> password mysecretpass

    3.) creating client cert

    openssl req -new -newkey rsa:1024 -out certs/lukas_wenning_csr.pem -nodes -keyout private/lukas_wenning_key.pem -days 3650

    openssl x509 -req -in certs/lukas_wenning_csr.pem -out certs/lukas_wenning_cert.pem -CA vpn-ca.pem -CAkey private/vpn-cakey.pem -CAserial /usr/lib/ssl/serial -days 3650
    -> password mysecretpass

    rm certs/lukas_wenning_csr.pem

    4.) creating a Diffie-Hellmann parameter

    openssl dhparam -out dh1024.pem 1024

    5.) copying certs / params to destination directories

    cd /etc/openvpn
    mkdir certs
    cp /usr/lib/ssl/dh1024.pem ./certs/
    cp /usr/lib/ssl/vpn-ca.pem ./certs/
    cp /usr/lib/ssl/certs/servercert.pem ./certs/
    cp /usr/lib/ssl/private/serverkey.pem ./certs/
    chmod 0600 certs/serverkey.pem

    6.) server.config

    # Port
    port 1194

    # TCP oder UDP?
    #proto tcp-server
    proto udp
    mode server
    tls-server

    # tun oder tap?
    # Das tun Device erstellt einen IP Tunnel,
    # während das tap Device einen Ethernet Tunnel erstellt.
    #tun or tap device
    #tun is an IP tunnel,
    #tap an ethernet tunnel
    dev tun

    #Our Server IP
    ifconfig 10.0.0.1 10.0.0.2
    #255.255.255.0

    #dynamic clients from 10.0.0.2-10.0.0.254
    ifconfig-pool 10.0.0.4 10.0.0.251

    #Die pakete werden auf dieser größe gekapselt
    tun-mtu 1500
    #fragment 1300
    mssfix

    #Paths to the certs
    ca certs/vpn-ca.pem
    cert certs/servercert.pem
    key certs/serverkey.pem

    #Clients können miteinander kommunizieren
    #client-to-client

    #Diffie-Hellmann Parameters
    dh certs/dh1024.pem

    #Same Ip in the next session
    ifconfig-pool-persist ipp.txt

    #Routes the packages to the intern network, you should use iptables instead of this
    #push "route 192.168.0.0 255.255.255.0"

    #Tests the connection with a ping like paket. (wait=120sec)
    keepalive 10 120

    #Authenication
    auth SHA1

    #Our encryption algorithm
    #cipher aes-256-ecb
    #openvpn --show-ciphers for testing

    #comp
    comp-lzo

    #Sets new rights after the connection
    user nobody
    group nogroup

    #We need this because of user nobody/group nobody.
    persist-key
    persist-tun

    #Logging 0, (testing:5)
    verb 5

    7.) client config:

    client
    float
    dev tun

    #MTU
    tun-mtu 1500
    #fragment 1300
    mssfix

    #device name, unter linux nicht mehr auskommentieren (# löschen)
    #dev-node vsn-device

    #tcp oder udp
    proto udp

    #Server IP
    remote support.rapidspeeds.com 1194

    #force authentication
    #WICHTIG: hier den COMMON Name vom Server Zertifikat nehmen!
    tls-remote server

    ca vpn-ca.pem
    cert lukas_wenning_cert.pem
    key lukas_wenning_key.pem

    auth SHA1
    #cipher aes-256-cbc
    nobind
    #comp-lzo
    persist-key
    persist-tun
    verb 0

    # Nach dem Verbindungsaufbau wird eine Route zum lokalen Netz vom Server aus aufgebaut
    # AUSKOMMENTIERT
    # Beispiel: Subnetz 192.168.2.0/24
    #route 192.168.2.0 255.255.255.0

    # Default route ueber VPN
    # AUSKOMMENTIERT
    #route remote_host 255.255.255.255 net_gateway
    #route 0.0.0.0 0.0.0.0 vpn_gateway

    # script-security 2

    8.) copy client certs to config folder of openvpn client


Thank you very much for anybody who might have a clue or hint what i did wrong ;)

Re: fresh setup, cannot determine what i made wrong.

Posted: Wed Jun 22, 2011 7:34 am
by janjust
the server is receiving a packet from the client, and afterwards hears nothing, until the cilent seems to reconnect.
change the client config to use 'verb 5', reconnect it and post the client log.
most likely the client is rejecting the server cert for some reason.

Any particular reason why you created the client and server certs using plain openssl commands? they're tricky to get right, and openvpn comes with the handy 'easy-rsa' scripts to build a CA, server cert and client cert for you.

Is the /CN= name of the server cert really 'server' ?

why did you use
ifconfig 10.0.0.1 10.0.02
ifconfig-pool 10.0.0.4 10.0.0.251
?
it would be cleaner to use

Code: Select all

server 10.0.0.0 255.255.255.0
which has (almost) the same effect.

Re: fresh setup, cannot determine what i made wrong.

Posted: Wed Jun 22, 2011 8:45 am
by syn4pse
hello,

thanks for that quick response!.

no i did not have any reason to create them command libe based ;) did not know of easy-rsa, but after readin up on it it really looks sexey ;).
- I just used it to create new certificates
- changed settings for the client now aswell. c
- hanged the ifconfig to the server like you said.
- and set the /CN= Name to rapidspeeds.com

When connecting now I get another error message stating that the certificate is not valid yet. If I take it right my problem is that I still did something wrong with creating the certs? Any Idea what it could bee ? Both System times are the same


heres the output of the vpn CLIENT:

Code: Select all

Wed Jun 22 10:34:57 2011 us=893000 Current Parameter Settings:
Wed Jun 22 10:34:57 2011 us=909000   config = 'rapidspeeds.ovpn'
Wed Jun 22 10:34:57 2011 us=909000   mode = 0
Wed Jun 22 10:34:57 2011 us=909000   show_ciphers = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   show_digests = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   show_engines = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   genkey = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   key_pass_file = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   show_tls_ciphers = DISABLED
Wed Jun 22 10:34:57 2011 us=909000 Connection profiles [default]:
Wed Jun 22 10:34:57 2011 us=909000   proto = udp
Wed Jun 22 10:34:57 2011 us=909000   local = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   local_port = 0
Wed Jun 22 10:34:57 2011 us=909000   remote = 'support.rapidspeeds.com'
Wed Jun 22 10:34:57 2011 us=909000   remote_port = 1194
Wed Jun 22 10:34:57 2011 us=909000   remote_float = ENABLED
Wed Jun 22 10:34:57 2011 us=909000   bind_defined = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   bind_local = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   connect_retry_seconds = 5
Wed Jun 22 10:34:57 2011 us=909000   connect_timeout = 10
Wed Jun 22 10:34:57 2011 us=909000   connect_retry_max = 0
Wed Jun 22 10:34:57 2011 us=909000   socks_proxy_server = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   socks_proxy_port = 0
Wed Jun 22 10:34:57 2011 us=909000   socks_proxy_retry = DISABLED
Wed Jun 22 10:34:57 2011 us=909000 Connection profiles END
Wed Jun 22 10:34:57 2011 us=909000   remote_random = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   ipchange = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   dev = 'tun'
Wed Jun 22 10:34:57 2011 us=909000   dev_type = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   dev_node = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   lladdr = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   topology = 1
Wed Jun 22 10:34:57 2011 us=909000   tun_ipv6 = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   ifconfig_local = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   ifconfig_remote_netmask = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   ifconfig_noexec = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   ifconfig_nowarn = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   shaper = 0
Wed Jun 22 10:34:57 2011 us=909000   tun_mtu = 1500
Wed Jun 22 10:34:57 2011 us=909000   tun_mtu_defined = ENABLED
Wed Jun 22 10:34:57 2011 us=909000   link_mtu = 1500
Wed Jun 22 10:34:57 2011 us=909000   link_mtu_defined = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   tun_mtu_extra = 0
Wed Jun 22 10:34:57 2011 us=909000   tun_mtu_extra_defined = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   fragment = 0
Wed Jun 22 10:34:57 2011 us=909000   mtu_discover_type = -1
Wed Jun 22 10:34:57 2011 us=909000   mtu_test = 0
Wed Jun 22 10:34:57 2011 us=909000   mlock = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   keepalive_ping = 0
Wed Jun 22 10:34:57 2011 us=909000   keepalive_timeout = 0
Wed Jun 22 10:34:57 2011 us=909000   inactivity_timeout = 0
Wed Jun 22 10:34:57 2011 us=909000   ping_send_timeout = 0
Wed Jun 22 10:34:57 2011 us=909000   ping_rec_timeout = 0
Wed Jun 22 10:34:57 2011 us=909000   ping_rec_timeout_action = 0
Wed Jun 22 10:34:57 2011 us=909000   ping_timer_remote = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   remap_sigusr1 = 0
Wed Jun 22 10:34:57 2011 us=909000   explicit_exit_notification = 0
Wed Jun 22 10:34:57 2011 us=909000   persist_tun = ENABLED
Wed Jun 22 10:34:57 2011 us=909000   persist_local_ip = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   persist_remote_ip = DISABLED
Wed Jun 22 10:34:57 2011 us=909000   persist_key = ENABLED
Wed Jun 22 10:34:57 2011 us=909000   mssfix = 1450
Wed Jun 22 10:34:57 2011 us=909000   resolve_retry_seconds = 1000000000
Wed Jun 22 10:34:57 2011 us=909000   username = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   groupname = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   chroot_dir = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   cd_dir = '[UNDEF]'
Wed Jun 22 10:34:57 2011 us=909000   writepid = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=81000   up_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=81000   down_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=81000   down_pre = DISABLED
Wed Jun 22 10:34:58 2011 us=81000   up_restart = DISABLED
Wed Jun 22 10:34:58 2011 us=81000   up_delay = DISABLED
Wed Jun 22 10:34:58 2011 us=81000   daemon = DISABLED
Wed Jun 22 10:34:58 2011 us=81000   inetd = 0
Wed Jun 22 10:34:58 2011 us=81000   log = DISABLED
Wed Jun 22 10:34:58 2011 us=81000   suppress_timestamps = DISABLED
Wed Jun 22 10:34:58 2011 us=81000   nice = 0
Wed Jun 22 10:34:58 2011 us=81000   verbosity = 5
Wed Jun 22 10:34:58 2011 us=96000   mute = 0
Wed Jun 22 10:34:58 2011 us=96000   gremlin = 0
Wed Jun 22 10:34:58 2011 us=96000   status_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=96000   status_file_version = 1
Wed Jun 22 10:34:58 2011 us=96000   status_file_update_freq = 60
Wed Jun 22 10:34:58 2011 us=96000   occ = ENABLED
Wed Jun 22 10:34:58 2011 us=96000   rcvbuf = 0
Wed Jun 22 10:34:58 2011 us=127000   sndbuf = 0
Wed Jun 22 10:34:58 2011 us=127000   sockflags = 0
Wed Jun 22 10:34:58 2011 us=127000   fast_io = DISABLED
Wed Jun 22 10:34:58 2011 us=127000   lzo = 0
Wed Jun 22 10:34:58 2011 us=127000   route_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=127000   route_default_gateway = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=127000   route_default_metric = 0
Wed Jun 22 10:34:58 2011 us=127000   route_noexec = DISABLED
Wed Jun 22 10:34:58 2011 us=127000   route_delay = 5
Wed Jun 22 10:34:58 2011 us=127000   route_delay_window = 30
Wed Jun 22 10:34:58 2011 us=127000   route_delay_defined = ENABLED
Wed Jun 22 10:34:58 2011 us=127000   route_nopull = DISABLED
Wed Jun 22 10:34:58 2011 us=127000   route_gateway_via_dhcp = DISABLED
Wed Jun 22 10:34:58 2011 us=127000   max_routes = 100
Wed Jun 22 10:34:58 2011 us=127000   allow_pull_fqdn = DISABLED
Wed Jun 22 10:34:58 2011 us=127000   management_addr = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=127000   management_port = 0
Wed Jun 22 10:34:58 2011 us=205000   management_user_pass = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=205000   management_log_history_cache = 250
Wed Jun 22 10:34:58 2011 us=205000   management_echo_buffer_size = 100
Wed Jun 22 10:34:58 2011 us=205000   management_write_peer_info_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=205000   management_client_user = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=205000   management_client_group = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=205000   management_flags = 0
Wed Jun 22 10:34:58 2011 us=205000   shared_secret_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=205000   key_direction = 0
Wed Jun 22 10:34:58 2011 us=205000   ciphername_defined = ENABLED
Wed Jun 22 10:34:58 2011 us=205000   ciphername = 'BF-CBC'
Wed Jun 22 10:34:58 2011 us=205000   authname_defined = ENABLED
Wed Jun 22 10:34:58 2011 us=205000   authname = 'SHA1'
Wed Jun 22 10:34:58 2011 us=205000   prng_hash = 'SHA1'
Wed Jun 22 10:34:58 2011 us=205000   prng_nonce_secret_len = 16
Wed Jun 22 10:34:58 2011 us=299000   keysize = 0
Wed Jun 22 10:34:58 2011 us=299000   engine = DISABLED
Wed Jun 22 10:34:58 2011 us=299000   replay = ENABLED
Wed Jun 22 10:34:58 2011 us=299000   mute_replay_warnings = DISABLED
Wed Jun 22 10:34:58 2011 us=299000   replay_window = 64
Wed Jun 22 10:34:58 2011 us=299000   replay_time = 15
Wed Jun 22 10:34:58 2011 us=299000   packet_id_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=299000   use_iv = ENABLED
Wed Jun 22 10:34:58 2011 us=299000   test_crypto = DISABLED
Wed Jun 22 10:34:58 2011 us=299000   tls_server = DISABLED
Wed Jun 22 10:34:58 2011 us=299000   tls_client = ENABLED
Wed Jun 22 10:34:58 2011 us=299000   key_method = 2
Wed Jun 22 10:34:58 2011 us=299000   ca_file = 'ca.crt'
Wed Jun 22 10:34:58 2011 us=299000   ca_path = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=299000   dh_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=299000   cert_file = 'lukas_wenning.crt'
Wed Jun 22 10:34:58 2011 us=299000   priv_key_file = 'lukas_wenning.key'
Wed Jun 22 10:34:58 2011 us=377000   pkcs12_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=377000   cryptoapi_cert = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=377000   cipher_list = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=377000   tls_verify = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=377000   tls_remote = 'rapidspeeds.com'
Wed Jun 22 10:34:58 2011 us=377000   crl_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=377000   ns_cert_type = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=377000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_ku[i] = 0
Wed Jun 22 10:34:58 2011 us=439000   remote_cert_eku = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=439000   tls_timeout = 2
Wed Jun 22 10:34:58 2011 us=439000   renegotiate_bytes = 0
Wed Jun 22 10:34:58 2011 us=439000   renegotiate_packets = 0
Wed Jun 22 10:34:58 2011 us=439000   renegotiate_seconds = 3600
Wed Jun 22 10:34:58 2011 us=439000   handshake_window = 60
Wed Jun 22 10:34:58 2011 us=439000   transition_window = 3600
Wed Jun 22 10:34:58 2011 us=439000   single_session = DISABLED
Wed Jun 22 10:34:58 2011 us=439000   push_peer_info = DISABLED
Wed Jun 22 10:34:58 2011 us=439000   tls_exit = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   tls_auth_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=502000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_protected_authentication = DISABLED
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=564000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_private_mode = 00000000
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=627000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_cert_private = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_pin_cache_period = -1
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_id = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=673000   pkcs11_id_management = DISABLED
Wed Jun 22 10:34:58 2011 us=673000   server_network = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=673000   server_netmask = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=673000   server_bridge_ip = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=673000   server_bridge_netmask = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=736000   server_bridge_pool_start = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=736000   server_bridge_pool_end = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=736000   ifconfig_pool_defined = DISABLED
Wed Jun 22 10:34:58 2011 us=736000   ifconfig_pool_start = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=736000   ifconfig_pool_end = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=736000   ifconfig_pool_netmask = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=736000   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=736000   ifconfig_pool_persist_refresh_freq = 600
Wed Jun 22 10:34:58 2011 us=736000   n_bcast_buf = 256
Wed Jun 22 10:34:58 2011 us=736000   tcp_queue_limit = 64
Wed Jun 22 10:34:58 2011 us=736000   real_hash_size = 256
Wed Jun 22 10:34:58 2011 us=736000   virtual_hash_size = 256
Wed Jun 22 10:34:58 2011 us=736000   client_connect_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=736000   learn_address_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=783000   client_disconnect_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=783000   client_config_dir = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=783000   ccd_exclusive = DISABLED
Wed Jun 22 10:34:58 2011 us=783000   tmp_dir = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=783000   push_ifconfig_defined = DISABLED
Wed Jun 22 10:34:58 2011 us=783000   push_ifconfig_local = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=783000   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jun 22 10:34:58 2011 us=783000   enable_c2c = DISABLED
Wed Jun 22 10:34:58 2011 us=783000   duplicate_cn = DISABLED
Wed Jun 22 10:34:58 2011 us=783000   cf_max = 0
Wed Jun 22 10:34:58 2011 us=783000   cf_per = 0
Wed Jun 22 10:34:58 2011 us=783000   max_clients = 1024
Wed Jun 22 10:34:58 2011 us=783000   max_routes_per_client = 256
Wed Jun 22 10:34:58 2011 us=783000   auth_user_pass_verify_script = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=783000   auth_user_pass_verify_script_via_file = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   ssl_flags = 0
Wed Jun 22 10:34:58 2011 us=829000   client = ENABLED
Wed Jun 22 10:34:58 2011 us=829000   pull = ENABLED
Wed Jun 22 10:34:58 2011 us=829000   auth_user_pass_file = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=829000   show_net_up = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   route_method = 0
Wed Jun 22 10:34:58 2011 us=829000   ip_win32_defined = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   ip_win32_type = 3
Wed Jun 22 10:34:58 2011 us=829000   dhcp_masq_offset = 0
Wed Jun 22 10:34:58 2011 us=829000   dhcp_lease_time = 31536000
Wed Jun 22 10:34:58 2011 us=829000   tap_sleep = 0
Wed Jun 22 10:34:58 2011 us=829000   dhcp_options = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   dhcp_renew = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   dhcp_pre_release = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   dhcp_release = DISABLED
Wed Jun 22 10:34:58 2011 us=829000   domain = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=876000   netbios_scope = '[UNDEF]'
Wed Jun 22 10:34:58 2011 us=876000   netbios_node_type = 0
Wed Jun 22 10:34:58 2011 us=876000   disable_nbt = DISABLED
Wed Jun 22 10:34:58 2011 us=876000 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Wed Jun 22 10:34:58 2011 us=876000 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Wed Jun 22 10:34:58 2011 us=876000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jun 22 10:34:59 2011 us=204000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 22 10:34:59 2011 us=204000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jun 22 10:34:59 2011 us=219000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Jun 22 10:34:59 2011 us=219000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jun 22 10:34:59 2011 us=219000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jun 22 10:34:59 2011 us=219000 Local Options hash (VER=V4): '3514370b'
Wed Jun 22 10:34:59 2011 us=219000 Expected Remote Options hash (VER=V4): '239669a8'
Wed Jun 22 10:34:59 2011 us=219000 UDPv4 link local: [undef]
Wed Jun 22 10:34:59 2011 us=219000 UDPv4 link remote: 31.31.32.33:1194
Wed Jun 22 10:34:59 2011 us=251000 TLS: Initial packet from 31.31.32.33:1194, sid=f6ddd426 899b3e7d
Wed Jun 22 10:34:59 2011 us=469000 VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=GB/ST=GB/L=London/O=rapidspeeds.com/CN=rapidspeeds.com_CA/emailAddress=support@rapidspeeds.com

Re: fresh setup, cannot determine what i made wrong.

Posted: Wed Jun 22, 2011 9:45 am
by janjust
the validity of the certificate is checked using UTC time - that is, if you've created the certificate on a PC with the UTC clock set wrongly then the server will not recognize the certificate until *after* it has become valid. You can check the validity dates of a certificate using

Code: Select all

openssl x509 -dates -subject -noout -in certificate.pem

Re: fresh setup, cannot determine what i made wrong.

Posted: Wed Jun 22, 2011 12:03 pm
by syn4pse
thank you very much waiting one hour solved it

Re: fresh setup, cannot determine what i made wrong.

Posted: Wed Jun 22, 2011 12:43 pm
by janjust
Excellent, closing topic

Re: [SOLVED] fresh setup, cannot determine what i made wrong

Posted: Wed Jun 22, 2011 2:01 pm
by syn4pse
so here is my next problem: the routes i take it. I can to the vpn with openvpn gui fine. but I´m not able to ping the server ( which should have 10.0.0.1 ). after entering "ipconfig" in my cmd.exe i realised that my adapter on the client got
the ip: 10.0.0.6
the netmask 255.255.255.252
but no gateway shows up.

I want to use the vpn as my default gateway on the client.

here is my server.conf:

Code: Select all

# Port
port 1194

# TCP oder UDP?
#proto tcp-server
proto udp
mode server 
tls-server

# tun oder tap?
# Das tun Device erstellt einen IP Tunnel,
# während das tap Device einen Ethernet Tunnel erstellt.
#tun or tap device
#tun is an IP tunnel,
#tap an ethernet tunnel
dev tun

#Our Server IP
server 10.0.0.0 255.255.255.0
#255.255.255.0

#dynamic clients from 10.0.0.2-10.0.0.254
#ifconfig-pool 10.0.0.10 10.0.0.251

#Die pakete werden auf dieser größe gekapselt
tun-mtu 1500
#fragment 1300
mssfix

#Paths to the certs
ca easy-rsa/2.0/keys/ca.crt
cert easy-rsa/2.0/keys/server.crt
key easy-rsa/2.0/keys/server.key

#Clients können miteinander kommunizieren
#client-to-client

#Diffie-Hellmann Parameters
dh easy-rsa/2.0/keys/dh1024.pem

#Same Ip in the next session
ifconfig-pool-persist ipp.txt


#Tests the connection with a ping like paket. (wait=120sec)
keepalive 10 120

#Authenication
auth SHA1

#Our encryption algorithm
#cipher aes-256-ecb
#openvpn --show-ciphers for testing

#comp
comp-lzo

#Sets new rights after the connection
user nobody
group nogroup

#We need this because of user nobody/group nobody.
persist-key
persist-tun

#Logging 0, (testing:5)
verb 0



#routen
push "route add 10.0.0.0 mask 255.255.255.255 10.0.0.1"
and here is my client.ovpn

Code: Select all

client
float
dev tun

#MTU
tun-mtu 1500
#fragment 1300
mssfix

#device name, unter linux nicht mehr auskommentieren (# löschen)
#dev-node vsn-device

#tcp oder udp
proto udp

#Server IP
remote support.rapidspeeds.com 1194

#force authentication
#WICHTIG: hier den COMMON Name vom Server Zertifikat nehmen!
tls-remote server

ca ca.crt
cert lukas_wenning.crt
key lukas_wenning.key

auth SHA1
#cipher aes-256-cbc
nobind
comp-lzo

persist-key
persist-tun
verb 0

# Nach dem Verbindungsaufbau wird eine Route zum lokalen Netz vom Server aus aufgebaut
# AUSKOMMENTIERT
# Beispiel: Subnetz 192.168.2.0/24

#route-gateway 10.0.0.1
#route-redirect
#route 0.0.0.0 0.0.0.0


# Default route ueber VPN
# AUSKOMMENTIERT
#route support.rapidspeeds.com 255.255.255.255 net_gateway
#route 0.0.0.0 0.0.0.0 vpn_gateway 

script-security 2

verb 5

Thanks in advance

Re: [open] problem with the routes, connection to openvpn wo

Posted: Thu Jun 23, 2011 7:58 am
by maikcat
hi there,

remove this
>push "route add 10.0.0.0 mask 255.255.255.255 10.0.0.1"

from your server config,restart service and try again

Michael.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/