[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: openvpn and ccd


  • Subject: [Openvpn-users] Re: openvpn and ccd
  • From: Pierre LEONARD <pier.leonard@xxxxxxx>
  • Date: Thu, 13 Apr 2006 12:00:40 +0200

Pierre LEONARD a écrit :

hello
i'm french student and i work on openvpn during my trainig period

in fact i've two problem but maybe it's the same...

i would like to use a tunnel with a tun interface in routed mode
i generate my certificate, the authentication is succesfull
the connection is established.

the logs are the following on the server side:
********************************************************************************************************


<client public ip>:33743 [nomade.test.pierre] Peer Connection Initiated with <client public ip>:33743
nomade.test.pierre/<client public ip>:33743 MULTI: no dynamic or static remote --ifconfig address is available for nomade.test.pierre/<client public ip>:33743
nomade.test.pierre/<client public ip>:33743 PUSH: Received control message: 'PUSH_REQUEST'
nomade.test.pierre/<client public ip>:33743 SENT CONTROL [nomade.test.pierre]: 'PUSH_REPLY,ifconfig 192.168.1.2 192.168.1.1,route 192.168.1.0 255.255.255.0,ping 10,ping-restart 120' (status=1)
********************************************************************************************************


and the initialization of the sequence is completed without error on the client side


but with the following configuration i cannot ping the server from the client, i've this message on server side:
*********************************************************************************************************


nomade.test.pierre/<client public ip>:33743 MULTI: bad source address from client [192.168.1.2], packet dropped
*********************************************************************************************************


i don't understand why because the tun interface are ok on the both sides


my configuration for the server is
*********************************************************************************************************


local <server public ip>
port 1194
proto udp
dev tun
mode server
tls-server
tun-mtu 1500
mssfix

persist-key
persist-tun
ca .../cacert.pem
cert .../vpn.pierre.crt
key .../vpn.pierre.key
dh .../dh1024.pem

ifconfig 192.168.1.1 192.168.1.2
route 192.168.1.0 255.255.255.0
push "ifconfig 192.168.1.2 192.168.1.1"
push "route 192.168.1.0 255.255.255.0"
client-to-client

keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 15
user nobody
group nogroup
chroot .../logs
status ...logs/status_routed.log
log-append ...logs/openvpn_routed.log
verb 4
************************************************************************************************************



and the client:
************************************************************************************************************


client
dev tun
proto udp
remote <server public ip> 1194
resolv-retry infinite
nobind

tls-client
persist-key
persist-tun
ca .../cacert.pem
cert .../nomade1.pierre.crt
key .../nomade1.pierre.key

keepalive 10 60
cipher BF-CBC
comp-lzo
verb 2
mute 5
**************************************************************************************************************




my second problem which maybe is link is that when i try to use ccd directory, i've this error on server
**************************************************************************************************************


TLS Auth Error: --client-config-dir authentication failed for common name 'nomade.test.pierre' file='/etc/openvpn/ccd/nomade.test.pierre'
**************************************************************************************************************



but i specify on the client the "pull" directive and on the server i specify: *********************************************** chroot /etc/openvpn/ccd # idon't know if necessary client-config-dir /etc/openvpn/ccd ccd-exclusive *********************************************** whitout "push ifconfig..."

i hope i'm clear !
who could help me??
thanks you for your interesting

nobody could help me please?
i don't find any solution on the web


------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users