|
|
Thanks guys, for you help! It is working now, the problem was a firewall
setting on the server side.
Regards,
Gert Koning
> Hi Gert,
>
> the line
>
> Dec 8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link remote:
> 212.45.32.70:1194
>
> does *not* imply that your link is working. Even more so, if this is the
> last line you're seeing when your openvpn client starts then I am almost
> positive that it is NOT working as it should. Use a simpler config file
> for debugging purposes, e.g.
>
> client
> nobind
> proto udp
> dev tun
> remote <ip address of our server>
> persist-key
> persist-tun
> ca /etc/openvpn/ca.crt
> cert /etc/openvpn/client19.crt
> key /etc/openvpn/client19.key
> ns-cert-type server
> tls-remote office
> tls-auth ta.key 1
> tls-client
> comp-lzo
> keepalive 10 60
> verb 5
>
>
> and then run openvpn on the command line : all output will be sent to
> stdout/stderr.
> If that works then proceed to including the other config statements again.
> I am still not sure what the 'route-up' command is supposed to achieve
> that a
> route 10.12.0.0 255.255.0.0 vpn_gateway
> or
>
> route 10.12.0.0 255.255.0.0 net_gateway
> couldn't do.
>
> HTH and groetjes,
>
> JJK
>
> Gert Koning wrote:
>> Hi all,
>>
>> I have been struggling for days now to get a straight forward openvpn
>> client setup to work - to no avail. I am trying to connect to our office
>> where they run an openvpn server. Different colleagues succesfully
>> connect
>> to the office this way.
>>
>> I am running Ubuntu 7.04 with kernel 2.6.20-16-generic on a laptop,
>> connected wireless (device eth1) to a DSL modem. IP address is provided
>> by
>> DHCP and is mostly 192.168.1.102. The internal network at the office is
>> in the 10.12.0.0 range.
>>
>> This is my openvpn configuration, supplied by our network guys:
>>
>> client
>> nobind
>> proto udp
>> dev tun
>> remote <ip address of our server>
>> user nobody
>> group nobody
>> persist-key
>> persist-tun
>> ca /etc/openvpn/ca.crt
>> cert /etc/openvpn/client19.crt
>> key /etc/openvpn/client19.key
>> ns-cert-type server
>> tls-remote office
>> tls-auth ta.key 1
>> tls-client
>> route-up "route add -net 10.12.0.0/16 gw `route -n |grep 10.11 | head
>> -n1|
>> awk '{ print$2 }'`"
>> comp-lzo
>> keepalive 10 60
>> daemon
>>
>> I do have the tun device:
>> root@sjert-laptop:~# lsmod|grep tun
>> tun 12032 0
>>
>> When I start openvpn:
>> root@sjert-laptop:~# /etc/init.d/openvpn start
>> Starting virtual private network daemon: clientEnter Private Key
>> Password:
>> (OK).
>>
>> So my password is accepted. The daemon is running:
>> root@sjert-laptop:/etc/openvpn# ps -ef|grep vpn
>> root 5524 1 0 15:04 ? 00:00:00 /usr/sbin/openvpn
>> --writepid /var/run/openvpn.client.pid --status
>> /var/run/openvpn.client.status 10 --cd /etc/openvpn --config
>> /etc/openvpn/client.conf
>>
>> Looking at /var/log/daemon:
>> Dec 8 15:03:59 sjert-laptop openvpn[5523]: OpenVPN 2.0.9
>> i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 2 2007
>> Dec 8 15:03:59 sjert-laptop openvpn[5523]: IMPORTANT: OpenVPN's default
>> port number is now 1194, based on an official port number assignm
>> ent by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default
>> port.
>> Dec 8 15:04:03 sjert-laptop openvpn[5523]: Control Channel
>> Authentication: using 'ta.key' as a OpenVPN static key file
>> Dec 8 15:04:03 sjert-laptop openvpn[5523]: LZO compression initialized
>> Dec 8 15:04:03 sjert-laptop openvpn[5524]: NOTE: UID/GID downgrade will
>> be delayed because of --client, --pull, or --up-delay
>> Dec 8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link local: [undef]
>> Dec 8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link remote:
>> 212.45.32.70:1194
>>
>> So everything looks OK, except its not working. The tun device is not
>> shown in ifconfig:
>>
>> root@sjert-laptop:/etc/openvpn# ifconfig -a
>> eth0 Link encap:Ethernet HWaddr 00:12:3F:D7:49:11
>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>> Interrupt:19
>>
>> eth1 Link encap:Ethernet HWaddr 00:13:CE:13:91:3C
>> inet addr:192.168.1.102 Bcast:192.168.1.255
>> Mask:255.255.255.0
>> inet6 addr: fe80::213:ceff:fe13:913c/64 Scope:Link
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:3849 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:3774 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:2924710 (2.7 MiB) TX bytes:449634 (439.0 KiB)
>> Interrupt:18 Base address:0xc000 Memory:dfcfd000-dfcfdfff
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> inet6 addr: ::1/128 Scope:Host
>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> RX packets:190 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:78165 (76.3 KiB) TX bytes:78165 (76.3 KiB)
>>
>> And no route has been added:
>>
>> root@sjert-laptop:/etc/openvpn# route -n
>> Kernel IP routeing table
>> Destination Gateway Genmask Flags Metric Ref Use
>> Iface
>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
>> eth1
>> 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0
>> eth1
>> 0.0.0.0 192.168.1.101 0.0.0.0 UG 0 0 0
>> eth1
>>
>>
>> The network guys at the office seem to have run out of ideas. Is there
>> anybody out there that can point me into the right direction?
>>
>>
>
>
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|