[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN & MDK Still struggling

  • Subject: [Openvpn-users] OpenVPN & MDK Still struggling
  • From: Doug Lytle <support@xxxxxxxxxx>
  • Date: Sun, 03 Oct 2004 10:32:29 -0400
Ok,

Still trying to figure out what is the cause of not being able to chroot via OpenVPN or user as user/group nobody/nogroup. This is what I've found.

If I try just to do the chroot, via openvpn's --chroot /etc/openvpn, I get the following:


<<snip>>
Sun Oct 3 10:18:09 2004 us=243817 Current Parameter Settings:
Sun Oct 3 10:18:09 2004 us=244153 config = '/etc/openvpn/server.conf'
Sun Oct 3 10:18:10 2004 us=707213 [OpenVPN.Server] Peer Connection Initiated with 12.27.xxx.xxx:50xx
Sun Oct 3 10:18:11 2004 us=232530 SENT CONTROL [OpenVPN.Server]: 'PUSH_REQUEST' (status=1)
Sun Oct 3 10:18:11 2004 us=391300 PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 192.168.100.0 255.255.255.0
Sun Oct 3 10:18:11 2004 us=391663 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 3 10:18:11 2004 us=391700 OPTIONS IMPORT: route options modified
Sun Oct 3 10:18:11 2004 us=391729 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 3 10:18:11 2004 us=392605 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Sun Oct 3 10:18:11 2004 us=392650 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Sun Oct 3 10:18:11 2004 us=393427 Cannot allocate TUN/TAP dev dynamically
Sun Oct 3 10:18:11 2004 us=393461 Exiting
<<snip>>

Notice that the connection is initiated, TLS is verified, routes are pushed, chroot is confirmed. THEN TUN/TAP is accessed. At this point, the device is not found.

Now, if I #remark out the chroot option and enable the user/group option, I get:

<<snip>>
Sun Oct 3 10:27:48 2004 us=619303 Current Parameter Settings:
Sun Oct 3 10:27:48 2004 us=619666 config = '/etc/openvpn/server.conf'
Sun Oct 3 10:27:48 2004 us=626201 GID set to nogroup
Sun Oct 3 10:27:48 2004 us=626411 UID set to nobody
Sun Oct 3 10:27:49 2004 us=864472 [OpenVPN.Server] Peer Connection Initiated with 12.27.8.106:5015
Sun Oct 3 10:27:51 2004 us=78150 SENT CONTROL [OpenVPN.Server]: 'PUSH_REQUEST' (status=1)
Sun Oct 3 10:27:51 2004 us=157676 PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 192.168.100.0 255.255.255.0
Sun Oct 3 10:27:51 2004 us=158030 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 3 10:27:51 2004 us=158093 OPTIONS IMPORT: route options modified
Sun Oct 3 10:27:51 2004 us=158125 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 3 10:27:51 2004 us=159250 Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Sun Oct 3 10:27:51 2004 us=159327 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Sun Oct 3 10:28:02 2004 us=37338 Cannot allocate TUN/TAP dev dynamically
Sun Oct 3 10:28:02 2004 us=37461 Exiting
<<snip>>

Now, I'm getting the downgrade, the initial connect, the routes are being set. And, then I get a permissions denied on the TUN/TAP adapter.

It would appear, at least under Mandrake 10 and 10.1 that the permissions or chroot is happening too early.

Anybody?

Doug




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users