[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Linux server, windows client, briding no joy


  • Subject: [Openvpn-users] Linux server, windows client, briding no joy
  • From: Yan Seiner <yan@xxxxxxxxxx>
  • Date: Fri, 02 Nov 2007 08:02:38 -0700

I've been trying to set up a bridged linux-winXP tunnel and we're having 
no luck.

The tunnel is created, but no data flows.  We can't ping and eventually 
the client gets dropped for inactivity.

We've tried adding

route 192.168.141.0 255.255.255.0 192.168.141.3
ifconfig 192.168.141.120 255.255.255.0

to the client config and still no joy.

I've gotten routed systems up with no trouble; this is the first time 
I'm trying bridging so I expect I have something wrong...

Could someone please review our config and offer an opinion?

Thanks

--Yan

The server config:

port 1194
proto tcp
dev tap
ca ....
cert ....
key ....
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.141.3 255.255.255.0 192.168.141.120 192.168.141.127
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Nov  2 09:51:23 kahn openvpn[3336]: MULTI: multi_create_instance called
Nov  2 09:51:23 kahn openvpn[3336]: Re-using SSL/TLS context
Nov  2 09:51:23 kahn openvpn[3336]: LZO compression initialized
Nov  2 09:51:23 kahn openvpn[3336]: Control Channel MTU parms [ L:1576 
D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov  2 09:51:23 kahn openvpn[3336]: Data Channel MTU parms [ L:1576 
D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Nov  2 09:51:23 kahn openvpn[3336]: Local Options hash (VER=V4): '3e6d1056'
Nov  2 09:51:23 kahn openvpn[3336]: Expected Remote Options hash 
(VER=V4): '31fdf004'
Nov  2 09:51:23 kahn openvpn[3336]: TCP connection established with 
216.49.170.185:50956
Nov  2 09:51:23 kahn openvpn[3336]: TCPv4_SERVER link local: [undef]
Nov  2 09:51:23 kahn openvpn[3336]: TCPv4_SERVER link remote: yyyyy:50956
Nov  2 09:51:23 kahn openvpn[3336]: 216.49.170.185:50956 TLS: Initial 
packet from 216.49.170.185:50956, sid=b76bca0e 1f0cff7d
Nov  2 09:51:27 kahn openvpn[3336]: 216.49.170.185:50956 VERIFY OK: 
depth=1,
Nov  2 09:51:27 kahn openvpn[3336]: 216.49.170.185:50956 VERIFY OK: 
depth=0,
Nov  2 09:51:28 kahn openvpn[3336]: 216.49.170.185:50956 Data Channel 
Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov  2 09:51:28 kahn openvpn[3336]: 216.49.170.185:50956 Data Channel 
Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov  2 09:51:28 kahn openvpn[3336]: 216.49.170.185:50956 Data Channel 
Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov  2 09:51:28 kahn openvpn[3336]: 216.49.170.185:50956 Data Channel 
Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov  2 09:51:28 kahn openvpn[3336]: 216.49.170.185:50956 Control 
Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov  2 09:51:28 kahn openvpn[3336]: 216.49.170.185:50956 
[tiffini.tnd.lan] Peer Connection Initiated with 216.49.170.185:50956
Nov  2 09:51:28 kahn openvpn[3336]: tiffini.tnd.lan/yyyyy:50956 TCP/UDP: 
Closing socket
Nov  2 09:51:28 kahn openvpn[3336]: MULTI: new connection by client 
'tiffini.tnd.lan' will cause previous active sessions by this client to 
be dropped.  Remember to use the --duplicate-cn option if you want 
multiple clients using the same certificate or username to concurrently 
connect.
Nov  2 09:51:29 kahn openvpn[3336]: tiffini.tnd.lan/yyyy:50956 PUSH: 
Received control message: 'PUSH_REQUEST'
Nov  2 09:51:29 kahn openvpn[3336]: tiffini.tnd.lan/yyyyyy:50956 SENT 
CONTROL [tiffini.tnd.lan]: 'PUSH_REPLY,route-gateway 192.168.141.3,ping 
10,ping-restart 120,ifconfig 192.168.141.120 255.255.255.0' (status=1)
Nov  2 09:51:30 kahn openvpn[3336]: tiffini.tnd.lan/yyyy:50956 
Connection reset, restarting [-1]
Nov  2 09:51:30 kahn openvpn[3336]: tiffini.tnd.lan/yyyy:50956 
SIGUSR1[soft,connection-reset] received, client-instance restarting
Nov  2 09:51:30 kahn openvpn[3336]: TCP/UDP: Closing socket
Nov  2 09:51:33 kahn openvpn[3336]: MULTI: multi_create_instance called
Nov  2 09:51:33 kahn openvpn[3336]: Re-using SSL/TLS context
Nov  2 09:51:33 kahn openvpn[3336]: LZO compression initialized
Nov  2 09:51:33 kahn openvpn[3336]: Control Channel MTU parms [ L:1576 
D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov  2 09:51:33 kahn openvpn[3336]: Data Channel MTU parms [ L:1576 
D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Nov  2 09:51:33 kahn openvpn[3336]: Local Options hash (VER=V4): '3e6d1056'
Nov  2 09:51:33 kahn openvpn[3336]: Expected Remote Options hash 
(VER=V4): '31fdf004'
Nov  2 09:51:33 kahn openvpn[3336]: TCP connection established with 
216.49.170.185:50957
Nov  2 09:51:33 kahn openvpn[3336]: TCPv4_SERVER link local: [undef]
Nov  2 09:51:33 kahn openvpn[3336]: TCPv4_SERVER link remote: 
216.49.170.185:50957
Nov  2 09:51:33 kahn openvpn[3336]: yyyy:50957 TLS: Initial packet from 
216.49.170.185:50957, sid=827f32c3 b744790a
Nov  2 09:51:37 kahn openvpn[3336]: yyyy:50957 VERIFY OK: depth=1, 
/C=US/ST=SC/L=BEAUFORT/O=TnD/CN=kahn.tnd.lan/emailAddress=johantndbft@xxxxxxxx
Nov  2 09:51:37 kahn openvpn[3336]: yyyy:50957 VERIFY OK: depth=0, 
/C=US/ST=SC/O=TnD/CN=tiffini.tnd.lan/emailAddress=johantndbft@xxxxxxxx
Nov  2 09:51:38 kahn openvpn[3336]: yyyyy:50957 Data Channel Encrypt: 
Cipher 'BF-CBC' initialized with 128 bit key
Nov  2 09:51:38 kahn openvpn[3336]: yyyyy:50957 Data Channel Encrypt: 
Using 160 bit message hash 'SHA1' for HMAC authentication
Nov  2 09:51:38 kahn openvpn[3336]: yyyyy:50957 Data Channel Decrypt: 
Cipher 'BF-CBC' initialized with 128 bit key
Nov  2 09:51:38 kahn openvpn[3336]: yyyyy:50957 Data Channel Decrypt: 
Using 160 bit message hash 'SHA1' for HMAC authentication
Nov  2 09:51:39 kahn openvpn[3336]: yyyyy:50957 Control Channel: TLSv1, 
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov  2 09:51:39 kahn openvpn[3336]: yyyyy:50957 [tiffini.tnd.lan] Peer 
Connection Initiated with yyyyy:50957
Nov  2 09:51:40 kahn openvpn[3336]: tiffini.tnd.lan/yyyyy:50957 PUSH: 
Received control message: 'PUSH_REQUEST'
Nov  2 09:51:40 kahn openvpn[3336]: tiffini.tnd.lan/yyyyy:50957 SENT 
CONTROL [tiffini.tnd.lan]: 'PUSH_REPLY,route-gateway 192.168.141.3,ping 
10,ping-restart 120,ifconfig 192.168.141.120 255.255.255.0' (status=1)
Nov  2 09:51:43 kahn openvpn[3336]: tiffini.tnd.lan/yyyyy:50957 MULTI: 
Learn: 00:ff:9f:6b:8f:e6 -> tiffini.tnd.lan/yyyyy:50957


The client config and log file:

client
dev tap
proto tcp
remote x.y.z.a 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ....
cert ....
key ....
comp-lzo
verb 3

Fri Nov 02 10:17:31 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Fri Nov 02 10:17:31 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Nov 02 10:17:31 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 02 10:17:31 2007 LZO compression initialized
Fri Nov 02 10:17:31 2007 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Nov 02 10:17:31 2007 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 02 10:17:31 2007 Local Options hash (VER=V4): '31fdf004'
Fri Nov 02 10:17:31 2007 Expected Remote Options hash (VER=V4): '3e6d1056'
Fri Nov 02 10:17:31 2007 Attempting to establish TCP connection with xxxxx:1194
Fri Nov 02 10:17:31 2007 TCP connection established with xxxxx:1194
Fri Nov 02 10:17:31 2007 TCPv4_CLIENT link local: [undef]
Fri Nov 02 10:17:31 2007 TCPv4_CLIENT link remote: xxxxx:1194
Fri Nov 02 10:17:31 2007 TLS: Initial packet from xxxxx:1194, sid=db4a0c4c 2282e4d7
Fri Nov 02 10:17:33 2007 VERIFY OK: depth=1, 
Fri Nov 02 10:17:33 2007 VERIFY OK: depth=0, 
Fri Nov 02 10:17:36 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov 02 10:17:36 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 02 10:17:36 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov 02 10:17:36 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 02 10:17:36 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Nov 02 10:17:36 2007 [kahn.tnd.lan] Peer Connection Initiated with xxxx:1194
Fri Nov 02 10:17:37 2007 SENT CONTROL [kahn.tnd.lan]: 'PUSH_REQUEST' (status=1)
Fri Nov 02 10:17:38 2007 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.141.3,ping 10,ping-restart 120,ifconfig 192.168.141.120 255.255.255.0'
Fri Nov 02 10:17:38 2007 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov 02 10:17:38 2007 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov 02 10:17:38 2007 OPTIONS IMPORT: route options modified
Fri Nov 02 10:17:38 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{9F6B8FE6-F70E-4A84-9B96-69A513918D31}.tap
Fri Nov 02 10:17:38 2007 TAP-Win32 Driver Version 8.4 
Fri Nov 02 10:17:38 2007 TAP-Win32 MTU=1500
Fri Nov 02 10:17:38 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.141.120/255.255.255.0 on interface {9F6B8FE6-F70E-4A84-9B96-69A513918D31} [DHCP-serv: 192.168.141.0, lease-time: 31536000]
Fri Nov 02 10:17:38 2007 Successful ARP Flush on interface [4] {9F6B8FE6-F70E-4A84-9B96-69A513918D31}
Fri Nov 02 10:17:38 2007 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Nov 02 10:17:38 2007 Route: Waiting for TUN/TAP interface to come up...
Fri Nov 02 10:17:39 2007 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Nov 02 10:17:39 2007 Route: Waiting for TUN/TAP interface to come up...
Fri Nov 02 10:17:40 2007 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Fri Nov 02 10:17:40 2007 route ADD 192.168.141.0 MASK 255.255.255.0 192.168.141.3
Fri Nov 02 10:17:40 2007 Route addition via IPAPI succeeded
Fri Nov 02 10:17:40 2007 Initialization Sequence Completed



-- 
  o__
  ,>/'_          o__
  (_)\(_)        ,>/'_          o__
Yan Seiner      (_)\(_)         ,>/'_   o__     o__
Certified Personal Trainer     (_)\(_)  ,>/'_   ,>/'_
Licensed Professional Engineer         (_)\(_) (_)\(_)

Linux stuff has made big progress over the competition. When things sit and don't start right away, we have a watch, and those poor guys have to settle for an hourglass.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users