[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] remote client problem


  • Subject: Re: [Openvpn-users] remote client problem
  • From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
  • Date: Wed, 27 Jun 2007 16:39:08 -0400
  • Importance: Normal

The problem described below occurs with TCP as well
as UDP.  I have attached a client log.

Thanks for any help you can provide.
Mike.
--
Michael D. Berger
m.d.berger@xxxxxxxx 
http://www.rosemike.net/


> -----Original Message-----
> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
> [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On 
> Behalf Of Michael D. Berger
> Sent: Monday, June 25, 2007 5:43 PM
> To: OpenVpn-Users
> Subject: [Openvpn-users] remote client problem
> 
> 
> I have an OpenVPN UDP bridge server running on
> a Linux FC4 under a Vigor router.  For test
> purposes, I have a Linksys router outside the
> Vigor to serve as a test "WAN".  I run an
> OpenVPN client on a laptop with WinXP on the
> "WAN". It all works.  I can, for example, get
> into directories on my Win2k boxes under the
> Vigor. When I examine the TAP interface on the
> laptop, I can see that IP address is as
> specified on the server-bridge line.
> 
> Next I take my laptop to a hotspot either at
> a coffee house or my church (with the Linksys
> programmed to pass 1194 if it is still in the
> system).  It doesn't work. here are some
> symptoms:
> 
> 1. The client log shows that it got the
>    server-bridge information from the server,
>    but it says it completed with errors.  It
>    doesn't say what the errors are (at
>    verbosity level 4).
> 
> 2. The client TAP interface does not have a
>    correct IP address.  Rather it has, for
>    example, 169.254.216.58, which goog informs
>    me is assigned by WinXP when it has nothing
>    better.
> 
> 3. 169.254.216.58 IGMP packets appear on the
>    server.
> 
> 4. On the client, neither pings, nor any other
>    attempt to access the internet, work. This
>    problem persists after the OpenVPN
>    client is closed, but can be corrected by
>    logging off the hotspot and logging on again.
> 
> I note that with the "WAN" tests, the client is
> wired, while at the hotspots, it is wireless.
> 
> I haven't yet tried it with TCP; I guess that
> is next.  Any other suggestions?  I have
> captured all related packets on the server if
> there is something someone thinks I should look
> for.
> 
> Thanks for your help.
> 
> Mike.
[...]
Wed Jun 27 14:13:44 2007 us=971040 Current Parameter Settings:
Wed Jun 27 14:13:44 2007 us=971155   config = 'client.ovpn'
Wed Jun 27 14:13:44 2007 us=971185   mode = 0
Wed Jun 27 14:13:44 2007 us=971211   show_ciphers = DISABLED
Wed Jun 27 14:13:44 2007 us=971236   show_digests = DISABLED
Wed Jun 27 14:13:44 2007 us=971262   show_engines = DISABLED
Wed Jun 27 14:13:44 2007 us=971289   genkey = DISABLED
Wed Jun 27 14:13:44 2007 us=971316   key_pass_file = '[UNDEF]'
Wed Jun 27 14:13:44 2007 us=971342   show_tls_ciphers = DISABLED
Wed Jun 27 14:13:44 2007 us=971368   proto = 2
Wed Jun 27 14:13:44 2007 us=971393   local = '[UNDEF]'
Wed Jun 27 14:13:44 2007 us=971479   remote_list[0] = {'rosemike.net', 1194}
Wed Jun 27 14:13:44 2007 us=971516   remote_random = DISABLED
Wed Jun 27 14:13:44 2007 us=971644   local_port = 1194
Wed Jun 27 14:13:44 2007 us=971661   remote_port = 1194
Wed Jun 27 14:13:44 2007 us=971673   remote_float = DISABLED
Wed Jun 27 14:13:44 2007 us=971684   ipchange = '[UNDEF]'
Wed Jun 27 14:13:44 2007 us=971696   bind_local = DISABLED
Wed Jun 27 14:13:44 2007 us=971707   dev = 'tap'
Wed Jun 27 14:13:44 2007 us=971718   dev_type = '[UNDEF]'
Wed Jun 27 14:13:44 2007 us=971729 NOTE: --mute triggered...
Wed Jun 27 14:13:44 2007 us=971760 168 variation(s) on previous 20 message(s) suppressed by --mute
Wed Jun 27 14:13:44 2007 us=971777 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Jun 27 14:13:44 2007 us=972597 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 27 14:13:48 2007 us=799532 Control Channel Authentication: using 'D:/vpn/ta.key' as a OpenVPN static key file
Wed Jun 27 14:13:48 2007 us=799623 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 27 14:13:48 2007 us=799661 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 27 14:13:48 2007 us=799868 Control Channel MTU parms [ L:1591 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Jun 27 14:13:48 2007 us=857804 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Wed Jun 27 14:13:48 2007 us=857908 Local Options String: 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_CLIENT,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jun 27 14:13:48 2007 us=857940 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_SERVER,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jun 27 14:13:48 2007 us=857997 Local Options hash (VER=V4): '369e8339'
Wed Jun 27 14:13:48 2007 us=858035 Expected Remote Options hash (VER=V4): '706b5732'
Wed Jun 27 14:13:48 2007 us=858086 Attempting to establish TCP connection with 68.55.229.147:1194
Wed Jun 27 14:13:48 2007 us=902462 TCP connection established with 68.55.229.147:1194
Wed Jun 27 14:13:48 2007 us=902534 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jun 27 14:13:48 2007 us=902580 TCPv4_CLIENT link local: [undef]
Wed Jun 27 14:13:48 2007 us=902605 TCPv4_CLIENT link remote: 68.55.229.147:1194
Wed Jun 27 14:13:48 2007 us=938348 TLS: Initial packet from 68.55.229.147:1194, sid=bf867957 5269a1ea
Wed Jun 27 14:13:49 2007 us=759228 VERIFY OK: depth=1, /C=US/ST=Virginia/L=Reston/O=RoseMike/OU=Michael_D._Berger___Rosalie_A._Clavez/CN=mbrc32/emailAddress=mdberger@xxxxxxxxxxxx
Wed Jun 27 14:13:49 2007 us=761968 VERIFY OK: nsCertType=SERVER
Wed Jun 27 14:13:49 2007 us=762004 VERIFY OK: depth=0, /C=US/ST=Virginia/O=RoseMike/OU=Michael_D._Berger___Rosalie_A._Clavez/CN=mbrc32/emailAddress=mdberger@xxxxxxxxxxxx
Wed Jun 27 14:13:51 2007 us=786615 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jun 27 14:13:51 2007 us=786680 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 27 14:13:51 2007 us=786713 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jun 27 14:13:51 2007 us=786744 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 27 14:13:51 2007 us=787201 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Jun 27 14:13:51 2007 us=787264 [mbrc32] Peer Connection Initiated with 68.55.229.147:1194
Wed Jun 27 14:13:52 2007 us=964983 SENT CONTROL [mbrc32]: 'PUSH_REQUEST' (status=1)
Wed Jun 27 14:13:53 2007 us=209448 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 192.168.1.32,ping 10,ping-restart 120,ifconfig 192.168.1.91 255.255.255.0'
Wed Jun 27 14:13:53 2007 us=209573 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jun 27 14:13:53 2007 us=209598 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jun 27 14:13:53 2007 us=209618 OPTIONS IMPORT: route options modified
Wed Jun 27 14:13:53 2007 us=221752 TAP-WIN32 device [TAP-Win32] opened: \\.\Global\{AEF712C2-BA38-41F5-8C93-324DA48138BF}.tap
Wed Jun 27 14:13:53 2007 us=221812 TAP-Win32 Driver Version 8.4 
Wed Jun 27 14:13:53 2007 us=221842 TAP-Win32 MTU=1500
Wed Jun 27 14:13:53 2007 us=221884 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.1.91/255.255.255.0 on interface {AEF712C2-BA38-41F5-8C93-324DA48138BF} [DHCP-serv: 192.168.1.0, lease-time: 31536000]

Wed Jun 27 14:13:53 2007 us=224899 Successful ARP Flush on interface [4] {AEF712C2-BA38-41F5-8C93-324DA48138BF}
Wed Jun 27 14:13:53 2007 us=232444 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down

[The above two lines appear 26 mote times.]

Wed Jun 27 14:14:23 2007 us=249188 route ADD 192.168.1.0 MASK 255.255.255.0 192.168.1.32
Wed Jun 27 14:14:23 2007 us=252967 Route addition via IPAPI succeeded
Wed Jun 27 14:14:23 2007 us=253016 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users