|
|
On Thu, 5 Aug 2004, [windows-1252] Fabio Antonio Esquivel Chacón wrote:
> On Thu, 5 Aug 2004 10:56:16 -0500, James Yonan <jim@xxxxxxxxx> wrote:
>
> >> I know the previous logs show that the routing was made correctly, but
> >> still the "route print" command just shows that traffic directed for
> >> 10.3.1.1 goes to the public IP instead of the TAP interface... OpenVPN bug?
> >> Windows bug? Should I try with yet another beta or rollback to v1.6.0?
> >> Any suggestions?
> >
> > Can you run OpenVPN with the --show-net-up flag to output the routing table to
> > the log file, then do a "route print" after OpenVPN has attempted to add the
> > routes? It would be useful to see both views of the routing table,
> > especially if there are discrepancies.
> >
> > James
>
> Sure, here they are:
> [OpenVPNGUI] STARTING OPENVPN with Default.ovpn
> us=881756 Current Parameter Settings:
> us=881852 config = 'Default.ovpn'
> us=881869 mode = 0
> us=881884 show_ciphers = DISABLED
> us=881898 show_digests = DISABLED
> us=881913 genkey = DISABLED
> us=881927 askpass = DISABLED
> us=881942 show_tls_ciphers = DISABLED
> us=881959 proto = 0
> us=881972 local = '[UNDEF]'
> us=882565 142 variation(s) on previous 10 message(s) suppressed by --mute
> us=882594 OpenVPN 2.0_beta10 Win32-MinGW [SSL] [LZO] built on Aug 2 2004
> us=883423 Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
> us=883468 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> us=883494 Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
> us=883519 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> us=883558 LZO compression initialized
> us=915000 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{384CF9B3-56AF-40DB-A51F-4C23E44ACE2
> us=915050 TAP-Win32 Driver Version 8.1
> us=915071 TAP-Win32 MTU=1500
> us=915100 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.2.2/255.255.255.0 on in
> us=918000 Successful ARP Flush on interface [65540] {384CF9B3-56AF-40DB-A51F-4C23E44ACE29}
> [OpenVPNGUI] Connected to remote server!
> us=960522 Data Channel MTU parms [ L:1593 D:1450 EF:61 EB:19 ET:32 EL:0 ]
> us=960597 Local Options String: 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,ifco
> us=960619 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto
> us=960668 Local Options hash (VER=V4): '5f1c7972'
> us=960696 Expected Remote Options hash (VER=V4): '5f1c7972'
> us=960752 Socket Buffers: R=[8192->8192] S=[8192->8192]
> us=960782 UDPv4 link local (bound): [undef]:5000
> us=960802 UDPv4 link remote: <VPN public IP>:5000
> us=500693 Peer Connection Initiated with <VPN public IP>:5000
> us=652710 DEBUG: test_routes: 0/0 succeeded len=1 ret=0 a=0 u/d=down
> us=652762 Route: Waiting for TAP-Win32 interface to come up...
> us=413245 DEBUG: test_routes: 1/1 succeeded len=1 ret=1 a=0 u/d=up
> us=413308 route ADD 10.3.1.1 MASK 255.255.255.255 10.3.2.1 METRIC 1
> us=429339 Route addition via IPAPI succeeded
> SYSTEM ROUTING TABLE
> 0.0.0.0 0.0.0.0 196.40.48.58 p=0 i=196610 t=3 pr=3 a=26 h=0 m=1/-1/-1/-1/-1
> 10.3.1.1 255.255.255.255 10.3.2.1 p=0 i=65540 t=4 pr=3 a=0 h=0 m=1/-1/-1/-1/-1
> 10.3.2.0 255.255.255.0 10.3.2.2 p=0 i=65540 t=3 pr=2 a=0 h=0 m=1/-1/-1/-1/-1
> 10.3.2.2 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=0 h=0 m=1/-1/-1/-1/-1
> 10.255.255.255 255.255.255.255 10.3.2.2 p=0 i=65540 t=3 pr=2 a=0 h=0 m=1/-1/-1/-1/-1
> 127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=1298 h=0 m=1/-1/-1/-1/-1
> 196.40.48.1 255.255.255.255 196.40.48.58 p=0 i=196610 t=4 pr=3 a=26 h=0 m=1/-1/-1/-1/-1
> 196.40.48.58 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=26 h=0 m=50/-1/-1/-1/-1
> 196.40.48.255 255.255.255.255 196.40.48.58 p=0 i=196610 t=3 pr=2 a=26 h=0 m=50/-1/-1/-1/-1
> 224.0.0.0 240.0.0.0 10.3.2.2 p=0 i=65540 t=3 pr=2 a=0 h=0 m=1/-1/-1/-1/-1
> 224.0.0.0 240.0.0.0 196.40.48.58 p=0 i=196610 t=3 pr=3 a=26 h=0 m=1/-1/-1/-1/-1
> 255.255.255.255 255.255.255.255 10.3.2.2 p=0 i=65540 t=3 pr=2 a=99 h=0 m=1/-1/-1/-1/-1
> 255.255.255.255 255.255.255.255 196.40.48.58 p=0 i=196610 t=3 pr=2 a=26 h=0 m=1/-1/-1/-1/-1
> SYSTEM ADAPTER LIST
> TAP-Win32 Adapter V8 - Deterministic Network Enhancer Miniport
> Index = 65540
> GUID = {384CF9B3-56AF-40DB-A51F-4C23E44ACE29}
> IP = 10.3.2.2/255.255.255.0
> MAC = 00:ff:38:4c:f9:b3
> GATEWAY =
> DHCP SERV = 10.3.2.0
> DHCP LEASE OBTAINED = Thu Aug 05 10:01:38 2004
> DHCP LEASE EXPIRES = Fri Aug 05 10:01:38 2005
> WAN (PPP/SLIP) Interface
> Index = 196610
> GUID = {08292016-581C-4BEA-9F54-C54CA0F5F975}
> IP = 196.40.48.58/255.255.255.255
> MAC = 00:53:45:00:00:00
> GATEWAY = 196.40.48.58/0.0.0.0
>
> And Windows reports this:
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
> D:\Temp>route print
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x10004 ...00 ff 38 4c f9 b3 ...... TAP-Win32 Adapter V8 - Deterministic Net
> 0x30002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 196.40.48.58 196.40.48.58 1
> 10.3.1.1 255.255.255.255 10.3.2.1 10.3.2.2 1
> 10.3.2.0 255.255.255.0 10.3.2.2 10.3.2.2 1
> 10.3.2.2 255.255.255.255 127.0.0.1 127.0.0.1 1
> 10.255.255.255 255.255.255.255 10.3.2.2 10.3.2.2 1
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 196.40.48.1 255.255.255.255 196.40.48.58 196.40.48.58 1
> 196.40.48.58 255.255.255.255 127.0.0.1 127.0.0.1 50
> 196.40.48.255 255.255.255.255 196.40.48.58 196.40.48.58 50
> 224.0.0.0 240.0.0.0 10.3.2.2 10.3.2.2 1
> 224.0.0.0 240.0.0.0 196.40.48.58 196.40.48.58 1
> 255.255.255.255 255.255.255.255 10.3.2.2 10.3.2.2 1
> 255.255.255.255 255.255.255.255 196.40.48.58 196.40.48.58 1
> Default Gateway: 196.40.48.58
> ===========================================================================
> Persistent Routes:
> None
>
> WOW! There has been a change! Now it appears correctly routed through the TAP Interface ;-) Let's see if it works:
>
> D:\Temp>ping 10.3.1.1
>
> Pinging 10.3.1.1 with 32 bytes of data:
>
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
>
> Ping statistics for 10.3.1.1:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
>
> Damn it! Where is it going to?
>
> D:\Temp>tracert -d 10.3.1.1
>
> Tracing route to 10.3.1.1 over a maximum of 30 hops
>
> 1 * * * Request timed out.
> 2 * * * Request timed out.
> 3 * * * Request timed out.
> 4 * * * Request timed out.
> 5 ^C
> D:\Temp>
>
> Beats me!
>
> I'm using OpenVPN 2 beta 10 at the server and at the roadwarrior notebook.
Ok, let's see if we can ping the "Deterministic Network Enhancer Miniport"
endpoint :)
ping 10.3.2.1
If the ping succeeds, then there's probably some issue with IP forwarding
on the remote server or lack of a return route from 10.3.1.1 back to the
VPN.
If the ping fails, then there's probably an issue of the UDP packets
passing between the two OpenVPN servers.
Try a tcpdump or Ethereal dump on UDP port 5000 on both machines to
establish whether or not UDP packets are being generated, and if so
whether they are being received by the OpenVPN process at the other end of
the connection.
James
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|