[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Problem using redirect-gateway: help wanted


  • Subject: [Openvpn-users] Problem using redirect-gateway: help wanted
  • From: mylists@xxxxxxxxxxxxxxxxxxxx
  • Date: Thu, 10 May 2007 17:10:03 +0200 (CEST)
  • Importance: Normal

Dear all,

I am using OpenVPN 2.0.9 x86_64-pc-linux-gnu [SSL] [LZO] [EPOLL] built on
Feb 27 2007 and I am trying to setup a VPN from my road laptop to my home
server using bridged connection (tap). Now I want to route all IP traffic
through the tunnel when I have it open but for some reason the windows box
doesn't route properly.

I tried following all documents I found and searching in the mailing lists
for other issues like this without success. I need help here, could
someone give a few hints please?

When I connect to the vpn, the laptop gets a local address 192.168.0.100
and the route to 192.168.0.1 is added. But I can not even ping the linux
box at 192.168.0.1.

This is the vpn log at the client:

Thu May 10 16:53:42 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
Oct  1 2006
Thu May 10 16:53:42 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Thu May 10 16:53:42 2007 WARNING: No server certificate verification
method has been enabled.  See http://openvpn.net/howto.html#mitm for more
info.
Thu May 10 16:53:45 2007 LZO compression initialized
Thu May 10 16:53:45 2007 Control Channel MTU parms [ L:1576 D:140 EF:40
EB:0 ET:0 EL:0 ]
Thu May 10 16:53:45 2007 Data Channel MTU parms [ L:1576 D:1450 EF:44
EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 10 16:53:45 2007 Local Options hash (VER=V4): '31fdf004'
Thu May 10 16:53:45 2007 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu May 10 16:53:45 2007 Attempting to establish TCP connection with
xxx.xxx.xxx.xxx:245
Thu May 10 16:53:45 2007 TCP connection established with xxx.xxx.xxx.xxx:245
Thu May 10 16:53:45 2007 TCPv4_CLIENT link local: [undef]
Thu May 10 16:53:45 2007 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:245
Thu May 10 16:53:46 2007 TLS: Initial packet from xxx.xxx.xxx.xxx:245,
sid=5cfe793c 4f3c7845
Thu May 10 16:53:50 2007 VERIFY OK: depth=1,
/C=XX/ST=XX/L=XX/O=MontblancVPN/CN=xxxx/emailAddress=xxxxx
Thu May 10 16:53:50 2007 VERIFY OK: depth=0,
/C=XX/ST=XX/O=MontblancVPN/CN=xxxx/emailAddress=xxxx
Thu May 10 16:53:57 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Thu May 10 16:53:57 2007 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu May 10 16:53:57 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Thu May 10 16:53:57 2007 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu May 10 16:53:57 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Thu May 10 16:53:57 2007 [xxxx] Peer Connection Initiated with
81.56.221.174:245
Thu May 10 16:53:58 2007 SENT CONTROL [xxxx]: 'PUSH_REQUEST' (status=1)
Thu May 10 16:53:59 2007 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway def1,ip-win32 dynamic,dhcp-option DNS
192.168.0.1,route-gateway 192.168.0.1,ping 10,ping-restart 120,ifconfig
192.168.0.100 255.255.255.0'
Thu May 10 16:53:59 2007 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 10 16:53:59 2007 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 10 16:53:59 2007 OPTIONS IMPORT: route options modified
Thu May 10 16:53:59 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Thu May 10 16:53:59 2007 TAP-WIN32 device [VPN to Montblanc] opened:
\\.\Global\{03D2D989-1CAA-4D63-8333-84F5C01D4053}.tap
Thu May 10 16:53:59 2007 TAP-Win32 Driver Version 8.4
Thu May 10 16:53:59 2007 TAP-Win32 MTU=1500
Thu May 10 16:53:59 2007 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 192.168.0.100/255.255.255.0 on interface
{03D2D989-1CAA-4D63-8333-84F5C01D4053} [DHCP-serv: 192.168.0.0,
lease-time: 31536000]
Thu May 10 16:53:59 2007 Successful ARP Flush on interface [6]
{03D2D989-1CAA-4D63-8333-84F5C01D4053}
Thu May 10 16:53:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Thu May 10 16:53:59 2007 Route: Waiting for TUN/TAP interface to come up...
Thu May 10 16:53:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Thu May 10 16:53:59 2007 Route: Waiting for TUN/TAP interface to come up...
Thu May 10 16:54:00 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Thu May 10 16:54:00 2007 Route: Waiting for TUN/TAP interface to come up...
Thu May 10 16:54:01 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu May 10 16:54:01 2007 route ADD 81.56.221.174 MASK 255.255.255.255
10.6.1.1
Thu May 10 16:54:01 2007 Warning: route gateway is ambiguous: 10.6.1.1 (2
matches)
Thu May 10 16:54:01 2007 Route addition via IPAPI failed
Thu May 10 16:54:01 2007 route ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu May 10 16:54:01 2007 Route addition via IPAPI succeeded
Thu May 10 16:54:01 2007 route ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu May 10 16:54:01 2007 Route addition via IPAPI succeeded
Thu May 10 16:54:01 2007 Initialization Sequence Completed

What is this warning about an ambiguous gateway ????

Here is my ipconfig /all (note ethernet interface, wireless and vmware
interfaces):

C:\Documents and Settings\pep>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : peak
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter VMware Network Adapter VMnet8:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for
VMnet8
        Physical Address. . . . . . . . . : 00-50-56-C0-00-08
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.18.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::250:56ff:fec0:8%4
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%5
                                            fec0:0:0:ffff::2%5
                                            fec0:0:0:ffff::3%5

Ethernet adapter VMware Network Adapter VMnet1:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : VMware Virtual Ethernet
Adapter for
VMnet1
        Physical Address. . . . . . . . . : 00-50-56-C0-00-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.17.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::250:56ff:fec0:1%5
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%4
                                            fec0:0:0:ffff::2%4
                                            fec0:0:0:ffff::3%4

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . : ifrc.ds
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
Network
 Connection
        Physical Address. . . . . . . . . : 00-0E-35-D4-45-EF
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.6.4.43
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        IP Address. . . . . . . . . . . . : fe80::20e:35ff:fed4:45ef%6
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.6.1.1
        DNS Servers . . . . . . . . . . . : 10.1.1.90
                                            10.1.1.91
                                            fec0:0:0:ffff::1%2
                                            fec0:0:0:ffff::2%2
                                            fec0:0:0:ffff::3%2
        Primary WINS Server . . . . . . . : 10.1.1.90
        Secondary WINS Server . . . . . . : 10.1.1.91
        Lease Obtained. . . . . . . . . . : Thursday, May 10, 2007 4:11:05 PM
        Lease Expires . . . . . . . . . . : Sunday, May 20, 2007 4:11:05 PM

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : ifrc.ds
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connecti
on
        Physical Address. . . . . . . . . : 00-01-4A-05-5C-35
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.6.4.41
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        IP Address. . . . . . . . . . . . : fe80::201:4aff:fe05:5c35%7
        Default Gateway . . . . . . . . . : 10.6.1.1
        DHCP Server . . . . . . . . . . . : 10.6.1.1
        DNS Servers . . . . . . . . . . . : 10.1.1.90
                                            10.1.1.91
                                            fec0:0:0:ffff::1%2
                                            fec0:0:0:ffff::2%2
                                            fec0:0:0:ffff::3%2
        Primary WINS Server . . . . . . . : 10.1.1.90
        Secondary WINS Server . . . . . . : 10.1.1.91
        Lease Obtained. . . . . . . . . . : Thursday, May 10, 2007 4:53:35 PM
        Lease Expires . . . . . . . . . . : Sunday, May 20, 2007 4:53:35 PM

Ethernet adapter VPN to Montblanc:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Win32 Adapter V8
        Physical Address. . . . . . . . . : 00-FF-03-D2-D9-89
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::2ff:3ff:fed2:d989%8
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.0
        DNS Servers . . . . . . . . . . . : 192.168.0.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Thursday, May 10, 2007 4:54:00 PM
        Lease Expires . . . . . . . . . . : Friday, May 09, 2008 4:54:00 PM

Ethernet adapter Bluetooth Network Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Bluetooth Device (Personal
Area Netw
ork)
        Physical Address. . . . . . . . . : 00-01-4A-15-87-5B

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%9
        Default Gateway . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Automatic Tunneling
Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-12-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.18.1%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%5
                                            fec0:0:0:ffff::2%5
                                            fec0:0:0:ffff::3%5
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Automatic Tunneling
Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-11-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.17.1%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%4
                                            fec0:0:0:ffff::2%4
                                            fec0:0:0:ffff::3%4
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : ifrc.ds
        Description . . . . . . . . . . . : Automatic Tunneling
Pseudo-Interface

        Physical Address. . . . . . . . . : 0A-06-04-29
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:10.6.4.41%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
                                            fec0:0:0:ffff::2%2
                                            fec0:0:0:ffff::3%2
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : ifrc.ds
        Description . . . . . . . . . . . : Automatic Tunneling
Pseudo-Interface

        Physical Address. . . . . . . . . : 0A-06-04-2B
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:10.6.4.43%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
                                            fec0:0:0:ffff::2%2
                                            fec0:0:0:ffff::3%2
        NetBIOS over Tcpip. . . . . . . . : Disabled

As you see the interface "VPN to Montblanc" has address 192.168.0.100,
gateway and dns is pointing to the linux box at 192.168.0.1. DHCP server
points to 192.168.0.0 ?

Now here is the routing table in the laptop:

C:\Documents and Settings\pep>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 0e 35 d4 45 ef ...... Intel(R) PRO/Wireless 2200BG Network
Connection
- Packet Scheduler Miniport
0x5 ...00 01 4a 05 5c 35 ...... Intel(R) PRO/100 VE Network Connection -
Packet
Scheduler Miniport
0x6 ...00 ff 03 d2 d9 89 ...... TAP-Win32 Adapter V8 - Packet Scheduler
Miniport

0x10008 ...00 01 4a 15 87 5b ...... Bluetooth Device (Personal Area Network)
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.6.1.1       10.6.4.41       20
          0.0.0.0        128.0.0.0      192.168.0.1   192.168.0.100       1
         10.6.0.0      255.255.0.0        10.6.4.41       10.6.4.41       20
         10.6.0.0      255.255.0.0        10.6.4.43       10.6.4.43       25
        10.6.4.41  255.255.255.255        127.0.0.1       127.0.0.1       20
        10.6.4.43  255.255.255.255        127.0.0.1       127.0.0.1       25
   10.255.255.255  255.255.255.255        10.6.4.41       10.6.4.41       20
   10.255.255.255  255.255.255.255        10.6.4.43       10.6.4.43       25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        128.0.0.0        128.0.0.0      192.168.0.1   192.168.0.100       1
      192.168.0.0    255.255.255.0    192.168.0.100   192.168.0.100       30
    192.168.0.100  255.255.255.255        127.0.0.1       127.0.0.1       30
    192.168.0.255  255.255.255.255    192.168.0.100   192.168.0.100       30
     192.168.17.0    255.255.255.0     192.168.17.1    192.168.17.1       20
     192.168.17.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.17.255  255.255.255.255     192.168.17.1    192.168.17.1       20
     192.168.18.0    255.255.255.0     192.168.18.1    192.168.18.1       20
     192.168.18.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.18.255  255.255.255.255     192.168.18.1    192.168.18.1       20
        224.0.0.0        240.0.0.0        10.6.4.41       10.6.4.41       20
        224.0.0.0        240.0.0.0        10.6.4.43       10.6.4.43       25
        224.0.0.0        240.0.0.0    192.168.0.100   192.168.0.100       30
        224.0.0.0        240.0.0.0     192.168.17.1    192.168.17.1       20
        224.0.0.0        240.0.0.0     192.168.18.1    192.168.18.1       20
  255.255.255.255  255.255.255.255        10.6.4.41       10.6.4.41       1
  255.255.255.255  255.255.255.255        10.6.4.43       10.6.4.43       1
  255.255.255.255  255.255.255.255    192.168.0.100   192.168.0.100       1
  255.255.255.255  255.255.255.255     192.168.17.1    192.168.17.1       1
  255.255.255.255  255.255.255.255     192.168.17.1           10008       1
  255.255.255.255  255.255.255.255     192.168.18.1    192.168.18.1       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\pep>

The configuration for the linux box follows:

net0 is the ethernet connected to ADSL line
net1 is the local ethernet card -> I have local masquerading at home. tap0
is the link for the vpn
br0 is the bridge that puts together net1 and tap0.

/montblanc:/etc/openvpn# ifconfig
br0       Link encap:Ethernet  HWaddr 00:17:31:25:9F:4D
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::217:31ff:fe25:9f4d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10734 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7419 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:895702 (874.7 KiB)  TX bytes:1247372 (1.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:118187 errors:0 dropped:0 overruns:0 frame:0
          TX packets:118187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
          RX bytes:14719525 (14.0 MiB)  TX bytes:14719525 (14.0 MiB)

net0      Link encap:Ethernet  HWaddr 00:17:31:25:97:DB
          inet addr:xxx.xxx.xxx.xxx  Bcast:xxx.xxx.xxx.xxx
Mask:255.255.255.0
          inet6 addr: fe80::217:31ff:fe25:97db/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21569326 errors:0 dropped:0 overruns:0 frame:0 TX
packets:26739960 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
          RX bytes:7539973016 (7.0 GiB)  TX bytes:22435709760 (20.8 GiB)
Base address:0xc800 Memory:e7ee0000-e7f00000

net1      Link encap:Ethernet  HWaddr 00:17:31:25:9F:4D
          inet6 addr: fe80::217:31ff:fe25:9f4d/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1 RX
packets:11868317 errors:0 dropped:0 overruns:0 frame:0 TX
packets:9887828 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
          RX bytes:13612167993 (12.6 GiB)  TX bytes:7989971125 (7.4 GiB)
Interrupt:58

tap0      Link encap:Ethernet  HWaddr E2:B1:EB:D7:72:16
          inet6 addr: fe80::e0b1:ebff:fed7:7216/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1 RX
packets:353 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2202 errors:0 dropped:301 overruns:0 carrier:0
collisions:0 txqueuelen:100
          RX bytes:38819 (37.9 KiB)  TX bytes:241901 (236.2 KiB)


Now here is my server configuration:

dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.0.1 255.255.255.0 192.168.0.100 192.168.0.103 push
"redirect-gateway def1"
push "ip-win32 dynamic"
push "dhcp-option DNS 192.168.0.1"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users