|
|
Hi, I have been trying to get my openVPN setup to work. I have a debian (unstable) server running a shorewall firewall, and a windows XP laptop, with wich I want to connect savely to my server when I'm on the road. I have folloewed this howto: http://www.shorewall.net/OPENVPN.html I guess openVPN it self is working properly, since I can connect from my laptop to the server. My laptop is receiving an ip adress from the server (10.0.16.6). I will now post some info from my ser: # ifconfig eth0 Link encap:Ethernet HWaddr 00:40:F4:6B:21:CF inet addr:xxx Bcast:xxx Mask:255.255.255.0 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8158708 errors:0 dropped:0 overruns:0 frame:0 TX packets:5684185 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:426469951 (406.7 MiB) TX bytes:710574606 (677.6 MiB) Interrupt:169 Base address:0xec00 eth1 Link encap:Ethernet HWaddr 00:0C:6E:26:F3:1B inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:6eff:fe26:f31b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11979181 errors:0 dropped:0 overruns:0 frame:0 TX packets:14446842 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2289081185 (2.1 GiB) TX bytes:2236465872 (2.0 GiB) Interrupt:177 Base address:0xdc00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:106572 errors:0 dropped:0 overruns:0 frame:0 TX packets:106572 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:34849141 (33.2 MiB) TX bytes:34849141 (33.2 MiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.0.16.1 P-t-P:10.0.16.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:25 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1500 (1.4 KiB) TX bytes:704 (704.0 b) # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.16.2 * 255.255.255.255 UH 0 0 0 tun0 10.0.16.0 10.0.16.2 255.255.255.0 UG 0 0 0 tun0 localnet * 255.255.255.0 U 0 0 0 eth1 83.160.231.0 * 255.255.255.0 U 0 0 0 eth0 default babyxl-colo-gn- 0.0.0.0 UG 0 0 0 eth0 # ping 10.0.16.6 PING 10.0.16.6 (10.0.16.6) 56(84) bytes of data. >From 10.0.16.1 icmp_seq=1 Destination Host Unreachable >From 10.0.16.1 icmp_seq=1 Destination Host Unreachable >From 10.0.16.1 icmp_seq=1 Destination Host Unreachable >From 10.0.16.1 icmp_seq=1 Destination Host Unreachable >From 10.0.16.1 icmp_seq=1 Destination Host Unreachable >From 10.0.16.1 icmp_seq=1 Destination Host Unreachable ping: sendmsg: Operation not permitted >From 10.0.16.1 icmp_seq=2 Destination Host Unreachable ping: sendmsg: Operation not permitted >From 10.0.16.1 icmp_seq=3 Destination Host Unreachable ping: sendmsg: Operation not permitted >From 10.0.16.1 icmp_seq=4 Destination Host Unreachable ping: sendmsg: Operation not permitted --- 10.0.16.6 ping statistics --- 4 packets transmitted, 0 received, +9 errors, 100% packet loss, time 3060ms # tail /var/log/messages Jul 11 20:19:04 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=4 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=1 Jul 11 20:19:04 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=5 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=1 Jul 11 20:19:04 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=6 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=1 Jul 11 20:19:05 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=7 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=2 Jul 11 20:19:05 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=8 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=2 Jul 11 20:19:06 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=9 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=3 Jul 11 20:19:06 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=10 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=3 Jul 11 20:19:07 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=11 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=4 Jul 11 20:19:07 enterprise kernel: Shorewall:all2all:REJECT:IN= OUT=tun0 SRC=10.0.16.1 DST=10.0.16.6 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=12 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=4 Jul 11 20:20:57 enterprise kernel: Shorewall:all2all:REJECT:IN=tun0 OUT= MAC= SRC=10.0.16.6 DST=10.0.16.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=30600 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=9472 Jul 11 20:20:58 enterprise kernel: Shorewall:all2all:REJECT:IN=tun0 OUT= MAC= SRC=10.0.16.6 DST=10.0.16.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=30602 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=9728 Jul 11 20:20:59 enterprise kernel: Shorewall:all2all:REJECT:IN=tun0 OUT= MAC= SRC=10.0.16.6 DST=10.0.16.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=30604 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=9984 Jul 11 20:21:00 enterprise kernel: Shorewall:all2all:REJECT:IN=tun0 OUT= MAC= SRC=10.0.16.6 DST=10.0.16.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=30606 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=10240 Some info from my laptop: ipconfig /all Ethernet adapter VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V8 Physical Address. . . . . . . . . : 00-FF-0D-3A-A1-CE Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.16.6 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.0.16.5 Lease Obtained. . . . . . . . . . : maandag 11 juli 2005 19:54:55 Lease Expires . . . . . . . . . . : dinsdag 11 juli 2006 19:54:55 C:\Documents and Settings\diederik>route PRINT ======================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 30 10.0.16.0 255.255.255.0 10.0.16.5 10.0.16.6 1 10.0.16.4 255.255.255.252 10.0.16.6 10.0.16.6 30 10.0.16.6 255.255.255.255 127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.255 10.0.16.6 10.0.16.6 30 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.11 192.168.0.11 30 192.168.0.11 255.255.255.255 127.0.0.1 127.0.0.1 30 192.168.0.255 255.255.255.255 192.168.0.11 192.168.0.11 30 224.0.0.0 240.0.0.0 10.0.16.6 10.0.16.6 30 224.0.0.0 240.0.0.0 192.168.0.11 192.168.0.11 30 255.255.255.255 255.255.255.255 10.0.16.6 2 1 255.255.255.255 255.255.255.255 10.0.16.6 10.0.16.6 1 255.255.255.255 255.255.255.255 192.168.0.11 192.168.0.11 1 Default Gateway: 192.168.0.1 =========================================================================== Persistent Routes: None To make my post complete I'll post my config files /etc/openvpn/server.conf dev tun server 10.0.16.0 255.255.255.0 dh dh1024.pem ca ca.crt cert server.crt key server.key # This file should be kept secret port 1194 ifconfig-pool-persist ipp.txt client-to-client comp-lzo max-clients 5 user nobody group nogroup persist-key persist-tun ping 15 ping-restart 45 ping-timer-rem status openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp road tun0 loc eth1 192.168.0.255 tcpflags #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/masq ############################################################################## #INTERFACE SUBNET ADDRESS eth0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE /etc/shorewall/policy #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT loc fw ACCEPT fw net ACCEPT fw loc ACCEPT road loc ACCEPT loc road ACCEPT net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE /etc/shorewall/tunnels #TYPE ZONE GATEWAY GATEWAY ZONE openvpn:1194 net 0.0.0.0/0 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE /etc/shorewall/zones #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Networks road Roadwarrior Remote clients #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE C:\Program Files\OpenVPN\config\client.ovpn ca ca.crt cert diederik.crt key diederik.key dev tun remote 192.168.0.1 tls-client pull port 1194 #user nobody #group nogroup comp-lzo ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key verb 3 I believe I have gather all the relevant information I could think off. Iff there are any questions about or missing data please feel free to ask for it. I hope you guys can help me to find my problem and tell me what I'm doing wrong. Regards, Diederik Lascaris. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00084.html on line 454 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00084.html on line 454 |