|
|
Hi All, I've long had OpenVPN 1.6 running between two Suse 9.1 boxes using static keys. I have recently upgraded to Open VPN 2.0 using certificates and tls-auth. On the server side I am using bridge-ethernet with the goal that clients that connect will interact with the system DHCP server. I have the following odd problem. If I connect from Suse 9.1 laptop with the options shown at the end, the connection is smooth, but ifconfig does not show a tap0 device and dhcp has not run. If I manually run 'ifconfig tap0' and 'dhcpcd -G -R -n -h laptop tap0' then the device tap0 is brought up and dhcp configures just fine. The problem is how to automate this? If I add to the client configuration for laptop 'up client.up' and put these two commands in client.up, then I do not connect properly. I've have poured through the documentation and tried every permutation I can think of. Apologies in adavnce if I have missed something obvious, but I need a clue. Michael When it fails, I see this on the client syslog: [deleted...] Jul 10 12:23:36 cipher openvpn[5114]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Jul 10 12:23:36 cipher openvpn[5114]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticati on Jul 10 12:23:36 cipher openvpn[5114]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Jul 10 12:23:36 cipher openvpn[5114]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticati on Jul 10 12:23:36 cipher openvpn[5114]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Jul 10 12:23:36 cipher openvpn[5114]: [server] Peer Connection Initiated with 66.108.147.210:1194 Jul 10 12:23:38 cipher openvpn[5114]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Jul 10 12:23:38 cipher openvpn[5114]: Replay-window backtrack occurred [1] Jul 10 12:23:38 cipher openvpn[5114]: PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120' Jul 10 12:23:38 cipher openvpn[5114]: OPTIONS IMPORT: timers and/or timeouts modified Jul 10 12:23:38 cipher openvpn[5114]: TUN/TAP device tap0 opened Jul 10 12:23:38 cipher openvpn[5114]: /etc/openvpn/client.up tap0 1500 1574 init Jul 10 12:23:38 cipher dhcpcd[5129]: broadcasting DHCP_REQUEST for 192.168.110.28 Jul 10 12:23:48 cipher dhcpcd[5129]: timed out waiting for DHCP_ACK response Jul 10 12:23:48 cipher dhcpcd[5129]: broadcasting DHCP_DISCOVER Jul 10 12:23:48 cipher kernel: tap0: no IPv6 routers present Jul 10 12:24:48 cipher dhcpcd[5129]: timed out waiting for a valid DHCP server response Jul 10 12:24:48 cipher openvpn[5114]: script failed: shell command exited with error status: 14 Jul 10 12:24:48 cipher openvpn[5114]: Exiting and I see this on the server syslog: Jul 10 18:34:32 santamaria openvpn[24557]: 70.212.166.188:1029 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Jul 10 18:34:32 santamaria openvpn[24557]: 70.212.166.188:1029 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jul 10 18:34:32 santamaria openvpn[24557]: 70.212.166.188:1029 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Jul 10 18:34:32 santamaria openvpn[24557]: 70.212.166.188:1029 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jul 10 18:34:32 santamaria openvpn[24557]: 70.212.166.188:1029 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Jul 10 18:34:32 santamaria openvpn[24557]: 70.212.166.188:1029 [cipher] Peer Connection Initiated with 70.212.166.188:1029 *Jul 10 18:34:32 santamaria openvpn[24557]: MULTI: no dynamic or static remote --ifconfig address is available for cipher/70.212.166.188:1029* Jul 10 18:34:33 santamaria openvpn[24557]: cipher/70.212.166.188:1029 PUSH: Received control message: 'PUSH_REQUEST' Jul 10 18:34:33 santamaria openvpn[24557]: cipher/70.212.166.188:1029 SENT CONTROL [cipher]: 'PUSH_REPLY,ping 10,ping-restart 120' (status=1) Here is a summary of the server conf port 1194 proto udp dev tap0 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key # This file should be kept secret dh /etc/openvpn/dh1024.pem mode server tls-server client-to-client keepalive 10 120 tls-auth /etc/openvpn/ta.key # This file is secret cipher BF-CBC # Blowfish (default) comp-lzo max-clients 100 user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3
client dev tap0 proto udp remote aa.bbb.ccc.ddd 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun mute-replay-warnings ca /etc/openvpn/ca.crt cert /etc/openvpn/cipher.crt key /etc/openvpn/cipher.key ns-cert-type server tls-auth /etc/openvpn/ta.key cipher BF-CBC #Blowfish comp-lzo verb 3 mute 20 ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00077.html on line 291 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00077.html on line 291 |