|
|
the line Mon Dec 10 19:37:13 2007 us=649638 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.10.22/255.255.255.0 <http://192.168.10.22/255.255.255.0> on interface {49F4CC5A-D115-4353-BDAE-16A232DE9E7A} [DHCP-serv: 192.168.10.0 <http://192.168.10.0>, lease-time: 31536000] suggests that the DHCP server is at 192.168.10.0 ... that does not make sense. Can you try this in your server config file: server 192.168.10.0 255.255.255.0 passtos proto tcp local xx.xx.org port 8080 dev tap0 cert X509/Server/server.crt key X509/Server/server.key dh X509/Server/dh1024.pem ca X509/CA/ca.crt keepalive 10 120 user nobody group nobody persist-key persist-tun comp-lzo verb 4 mute 10 other than that , I am pretty much at a loss: during the negotiation phase there seems to be some data corruption: it's doing the certificate verify, it's doing other connection settings and Boom, all of a sudden the client receives a completely wrong remote config packet. Are there any firewalls in place on your LAN? Also, try dev tun instead of dev tap this will give you a slightly different type of network (TCP/IP only) but if this one works then we're one step further. HTH, JJK Tiger Big wrote: > Hi Jan, > Following is the client log without proxy: > ------------------------------------------------------------------------------------------------------------------- > > Mon Dec 10 19:37:13 2007 us=367205 Current Parameter Settings: > Mon Dec 10 19:37:13 2007 us=367322 config = 'client.ovpn' > Mon Dec 10 19:37:13 2007 us=367342 mode = 0 > Mon Dec 10 19:37:13 2007 us=367361 show_ciphers = DISABLED > Mon Dec 10 19:37:13 2007 us=367379 show_digests = DISABLED > Mon Dec 10 19:37:13 2007 us=367401 show_engines = DISABLED > Mon Dec 10 19:37:13 2007 us=367420 genkey = DISABLED > Mon Dec 10 19:37:13 2007 us=367438 key_pass_file = '[UNDEF]' > Mon Dec 10 19:37:13 2007 us=367457 show_tls_ciphers = DISABLED > Mon Dec 10 19:37:13 2007 us=367475 proto = 2 > Mon Dec 10 19:37:13 2007 us=367493 NOTE: --mute triggered... > Mon Dec 10 19:37:13 2007 us=367552 178 variation(s) on previous 10 > message(s) suppressed by --mute > Mon Dec 10 19:37:13 2007 us=367576 OpenVPN 2.0.9 Win32-MinGW [SSL] > [LZO] built on Oct 1 2006 > Mon Dec 10 19:37:13 2007 us=368035 IMPORTANT: OpenVPN's default port > number is now 1194, based on an official port number assignment by > IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. > Mon Dec 10 19:37:13 2007 us=629695 LZO compression initialized > Mon Dec 10 19:37:13 2007 us=629952 Control Channel MTU parms [ L:1576 > D:140 EF:40 EB:0 ET:0 EL:0 ] > Mon Dec 10 19:37:13 2007 us=645110 TAP-WIN32 device [tap0] opened: > \\.\Global\{49F4CC5A-D115-4353-BDAE-16A232DE9E7A}.tap > Mon Dec 10 19:37:13 2007 us=646752 TAP-Win32 Driver Version 8.4 > Mon Dec 10 19:37:13 2007 us=648748 TAP-Win32 MTU=1500 > Mon Dec 10 19:37:13 2007 us=649638 Notified TAP-Win32 driver to set a > DHCP IP/netmask of 192.168.10.22/255.255.255.0 > <http://192.168.10.22/255.255.255.0> on interface > {49F4CC5A-D115-4353-BDAE-16A232DE9E7A} [DHCP-serv: 192.168.10.0 > <http://192.168.10.0>, lease-time: 31536000] > Mon Dec 10 19:37:13 2007 us=681801 Successful ARP Flush on interface > [5] {49F4CC5A-D115-4353-BDAE-16A232DE9E7A} > Mon Dec 10 19:37:13 2007 us=693088 Data Channel MTU parms [ L:1576 > D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] > Mon Dec 10 19:37:13 2007 us=693212 Local Options String: 'V4,dev-type > tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,ifconfig > 192.168.10.0 <http://192.168.10.0> 255.255.255.0 > <http://255.255.255.0>,comp-lzo,cipher BF-CBC,auth SHA1,keysize > 128,key-method 2,tls-client' > Mon Dec 10 19:37:13 2007 us=693241 Expected Remote Options String: > 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto > TCPv4_SERVER,ifconfig 192.168.10.0 <http://192.168.10.0> 255.255.255.0 > <http://255.255.255.0>,comp-lzo,cipher BF-CBC,auth SHA1,keysize > 128,key-method 2,tls-server' > Mon Dec 10 19:37:13 2007 us=724124 Local Options hash (VER=V4): > '1b763cc3' > Mon Dec 10 19:37:13 2007 us=724228 Expected Remote Options hash > (VER=V4): '2f5a5592' > Mon Dec 10 19:37:13 2007 us=724315 Attempting to establish TCP > connection with 192.168.1.1:8080 <http://192.168.1.1:8080> > Mon Dec 10 19:37:13 2007 us=749371 TCP connection established with > 192.168.1.1:8080 <http://192.168.1.1:8080> > Mon Dec 10 19:37:13 2007 us=749476 Socket Buffers: R=[8192->8192] > S=[8192->8192] > Mon Dec 10 19:37:13 2007 us=753208 TCPv4_CLIENT link local: > 192.168.1.108 <http://192.168.1.108> > Mon Dec 10 19:37:13 2007 us=753278 TCPv4_CLIENT link remote: > 192.168.1.1:8080 <http://192.168.1.1:8080> > Mon Dec 10 19:37:13 2007 us=903624 TLS: Initial packet from > 192.168.1.1:8080 <http://192.168.1.1:8080>, sid=37941370 92caaa2c > Mon Dec 10 19:37:15 2007 us=183361 VERIFY OK: depth=1, > /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/emailAddress=xxx@xxxxxxx > <mailto:xxx@xxxxxxx> > Mon Dec 10 19:37:15 2007 us=184410 VERIFY OK: nsCertType=SERVER > Mon Dec 10 19:37:15 2007 us=184431 VERIFY OK: depth=0, > /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Server/emailAddress=xxx@xxxxxxx > <mailto:xxx@xxxxxxx> > Mon Dec 10 19:37:17 2007 us=38580 NOTE: Options consistency check may > be skewed by version differences > Mon Dec 10 19:37:17 2007 us=38695 WARNING: 'version' is used > inconsistently, local='version V4', remote='version V0 UNDEF' > Mon Dec 10 19:37:17 2007 us=40350 WARNING: 'dev-type' is present in > local config but missing in remote config, local='dev-type tap' > Mon Dec 10 19:37:17 2007 us=40385 WARNING: 'link-mtu' is present in > local config but missing in remote config, local='link-mtu 1576' > Mon Dec 10 19:37:17 2007 us=40415 WARNING: 'tun-mtu' is present in > local config but missing in remote config, local='tun-mtu 1532' > Mon Dec 10 19:37:17 2007 us=40445 WARNING: 'proto' is present in local > config but missing in remote config, local='proto TCPv4_SERVER' > Mon Dec 10 19:37:17 2007 us=40482 WARNING: 'ifconfig' is present in > local config but missing in remote config, local='ifconfig > 192.168.10.0 <http://192.168.10.0> 255.255.255.0 <http://255.255.255.0>' > Mon Dec 10 19:37:17 2007 us=40512 WARNING: 'comp-lzo' is present in > local config but missing in remote config, local='comp-lzo' > Mon Dec 10 19:37:17 2007 us=40542 WARNING: 'cipher' is present in > local config but missing in remote config, local='cipher BF-CBC' > Mon Dec 10 19:37:17 2007 us=40571 WARNING: 'auth' is present in local > config but missing in remote config, local='auth SHA1' > Mon Dec 10 19:37:17 2007 us=40597 NOTE: --mute triggered... > Mon Dec 10 19:37:17 2007 us=41150 3 variation(s) on previous 10 > message(s) suppressed by --mute > Mon Dec 10 19:37:17 2007 us=41171 Data Channel Encrypt: Cipher > 'BF-CBC' initialized with 128 bit key > Mon Dec 10 19:37:17 2007 us=41199 Data Channel Encrypt: Using 160 bit > message hash 'SHA1' for HMAC authentication > Mon Dec 10 19:37:17 2007 us=41319 Data Channel Decrypt: Cipher > 'BF-CBC' initialized with 128 bit key > Mon Dec 10 19:37:17 2007 us=41348 Data Channel Decrypt: Using 160 bit > message hash 'SHA1' for HMAC authentication > Mon Dec 10 19:37:17 2007 us=59439 Control Channel: TLSv1, cipher > TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA > Mon Dec 10 19:37:17 2007 us=59558 [Server] Peer Connection Initiated > with 192.168.1.1:8080 <http://192.168.1.1:8080> > Mon Dec 10 19:37:18 2007 us=534876 TEST ROUTES: 0/0 succeeded len=-1 > ret=1 a=0 u/d=up > Mon Dec 10 19:37:18 2007 us=534935 Initialization Sequence Completed > -------------------------------------------------------------------------------------------------------------------------------- > As you see, this time I setup Openvpn in a LAN environment, . > Server IP:192.168.1.1 <http://192.168.1.1>; Client IP 192.168.1.108 > <http://192.168.1.108>; > Server VPN IP:192.168.10.11 <http://192.168.10.11> Client VPN IP > 192.168.10.22 <http://192.168.10.22> > but still get same warnings > And I have to say sorry about previous mis-config, maybe you havn't > noticed: > I have assigned the same VPN IP(192.168.10.11 <http://192.168.10.11>) > to both server and client, I've corrected that now. > On Dec 10, 2007 6:24 AM, Jan Just Keijser <janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx>> wrote: > > OK you can restore the mtu setting again... can you post the client log > > when trying to connect *without* the proxy (127.0.0.1:3128 > <http://127.0.0.1:3128>) ? > > > > JJK > > > > > > Tiger Big wrote: > > > Hi ,Jan > > > I have tried to avoide using proxy and set tun-mtu to a lower value, > > > but still the same result. > > > > > > BTW, if setting tun-mtu to 1200 in server conf, there will be a > > > warning message saying: > > > > > > "WARNING: normally if you use --mssfix and/or --fragment, you should > > > also set --tun-mtu 1500 (currently it is 1200)" > > > > > > I have no idea with that message. > > > > > > anyway, I'll try using a linux client to see if all those warnings > > > comes out because of the windows platform. > > > > > > On Dec 7, 2007 6:14 PM, Jan Just Keijser <janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx>> wrote: > > > > > >> Hi Tiger Big, > > >> > > >> hmmm I misread your config file a little bit. I saw > > >> tls-client > > >> ifconfig <IP> <IP> > > >> the first statement is a client/server setup (openvpn 2.x) > whereas the > > >> second statement is used mostly in point-to-point (openvpn 1.x) > setups. > > >> However, if you use > > >> ifconfig <IP> <NETMASK> > > >> which your config file shows then you're fine. Sorry about that. > > >> > > >> As for the warnings, your client log file shows that you're > connecting > > >> thru an HTTP proxy - I presume this is intentional; it might be > best to > > >> reflect this in the openvpn client config file. It should not > make much > > >> difference but you never know. > > >> > > >> Finally, try reducing the 'tun-mtu' parameter on both sides (to e.g. > > >> 1200) and see if that helps at all. > > >> > > >> cheers, > > >> > > >> JJK > > >> > > >> > > >> Tiger Big wrote: > > >> > > >>> thanks Jan, but still the same results/warnings. > > >>> > > >>> one more question, why would you say "config files don't make > sense" ? > > >>> the only difference between my original conf and your modified > version > > >>> is the method of how to obtain IP address. > > >>> > > >>> > > >>> > > >>> On Dec 6, 2007 5:06 PM, Jan Just Keijser <janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx>> wrote: > > >>> > > >>> > > >>>> your client and server config files don't make sense. Try this > for the > > >>>> server config: > > >>>> > > >>>> local xxx.xxx.org <http://xxx.xxx.org> > > >>>> > > >>>> port 8080 > > >>>> proto tcp-server > > >>>> tls-server > > >>>> server 192.168.10.0 <http://192.168.10.0> 255.255.255.0 > <http://255.255.255.0> > > >>>> > > >>>> dev tap0 > > >>>> cert X509/Server/server.crt > > >>>> key X509/Server/server.key > > >>>> dh X509/Server/dh1024.pem > > >>>> ca X509/CA/ca.crt > > >>>> > > >>>> keepalive 10 120 > > >>>> user nobody > > >>>> group nobody > > >>>> persist-key > > >>>> persist-tun > > >>>> comp-lzo > > >>>> verb 4 > > >>>> mute 10 > > >>>> > > >>>> and this for the client > > >>>> > > >>>> local abc > > >>>> remote xxx.xxx.org <http://xxx.xxx.org> 8080 > > >>>> > > >>>> proto tcp-client > > >>>> tls-client > > >>>> dev tap > > >>>> dev-node tap0 > > >>>> nobind > > >>>> cert D:\\OpenVPN\\easy-rsa\\keys\\Tiger.crt > > >>>> key D:\\OpenVPN\\easy-rsa\\keys\\Tiger.key > > >>>> ca D:\\OpenVPN\\easy-rsa\\keys\\ca.crt > > >>>> > > >>>> keepalive 10 120 > > >>>> comp-lzo > > >>>> verb 4 > > >>>> mute 10 > > >>>> > > >>>> HTH, > > >>>> > > >>>> JJK > > >>>> > > >>>> > > >>>> Tiger Big wrote: > > >>>> > > >>>> > > >>>>> Server Configuration (Linux): > > >>>>> −−−−−−−−−−−−−−−−−− > > >>>>> local xxx.xxx.org <http://xxx.xxx.org> > > >>>>> port 8080 > > >>>>> proto tcp-server > > >>>>> tls-server > > >>>>> dev tap0 > > >>>>> cert X509/Server/server.crt > > >>>>> key X509/Server/server.key > > >>>>> dh X509/Server/dh1024.pem > > >>>>> ca X509/CA/ca.crt > > >>>>> ifconfig 192.168.10.11 <http://192.168.10.11> 255.255.255.0 > <http://255.255.255.0> > > >>>>> keepalive 10 120 > > >>>>> user nobody > > >>>>> group nobody > > >>>>> persist-key > > >>>>> persist-tun > > >>>>> comp-lzo > > >>>>> verb 4 > > >>>>> mute 10 > > >>>>> −−−−−−−−−−−−−−−−−− > > >>>>> > > >>>>> > > >>>>> Client Configuration (WinXP): > > >>>>> ------------------------------------------ > > >>>>> local abc > > >>>>> remote xxx.xxx.org <http://xxx.xxx.org> 8080 > > >>>>> proto tcp-client > > >>>>> tls-client > > >>>>> dev tap > > >>>>> dev-node tap0 > > >>>>> nobind > > >>>>> cert D:\\OpenVPN\\easy-rsa\\keys\\Tiger.crt > > >>>>> key D:\\OpenVPN\\easy-rsa\\keys\\Tiger.key > > >>>>> ca D:\\OpenVPN\\easy-rsa\\keys\\ca.crt > > >>>>> ifconfig 192.168.10.11 <http://192.168.10.11> 255.255.255.0 > <http://255.255.255.0> > > >>>>> keepalive 10 120 > > >>>>> comp-lzo > > >>>>> verb 4 > > >>>>> mute 10 > > >>>>> -------------------------------------------- > > >>>>> > > >>>>> Output of Server: > > >>>>> −−−−−−−−−−−−−−−−−−−−−− > > >>>>> Wed Nov 7 22:46:52 2007 us=395451 OpenVPN 2.0.9 > mipsel-unknown-linux > > >>>>> [SSL] [LZO] built on Oct 8 2007 > > >>>>> Wed Nov 7 22:46:53 2007 us=139174 Diffie-Hellman initialized with > > >>>>> 1024 bit key > > >>>>> Wed Nov 7 22:46:53 2007 us=167393 LZO compression initialized > > >>>>> Wed Nov 7 22:46:53 2007 us=177324 Control Channel MTU parms [ > L:1576 > > >>>>> D:140 EF:40 EB:0 ET:0 EL:0 ] > > >>>>> Wed Nov 7 22:46:53 2007 us=207122 TUN/TAP device tap0 opened > > >>>>> Wed Nov 7 22:46:53 2007 us=209204 TUN/TAP TX queue length set > to 100 > > >>>>> Wed Nov 7 22:46:53 2007 us=211730 /sbin/ifconfig tap0 > 192.168.10.11 <http://192.168.10.11> > > >>>>> netmask 255.255.255.0 <http://255.255.255.0> > > >>>>> mtu 1500 broadcast 192.168.10.255 <http://192.168.10.255> > > >>>>> > > >>>>> Wed Nov 7 22:46:53 2007 us=276813 Data Channel MTU parms [ L:1576 > > >>>>> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] > > >>>>> Wed Nov 7 22:46:53 2007 us=278702 GID set to nobody > > >>>>> Wed Nov 7 22:46:53 2007 us=279692 UID set to nobody > > >>>>> Wed Nov 7 22:46:53 2007 us=280933 Listening for incoming TCP > > >>>>> connection on 123.45.67.89:8080 <http://123.45.67.89:8080> > > >>>>> > > >>>>> Wed Nov 7 22:47:00 2007 us=344674 TCP connection established with > > >>>>> 98.76.54.32:48883 <http://98.76.54.32:48883> > > >>>>> > > >>>>> Wed Nov 7 22:47:00 2007 us=345622 Socket Buffers: > R=[43689->65534] > > >>>>> S=[16384->65534] > > >>>>> Wed Nov 7 22:47:00 2007 us=346587 TCPv4_SERVER link local > (bound): > > >>>>> 123.45.67.89:8080 <http://123.45.67.89:8080> > > >>>>> > > >>>>> Wed Nov 7 22:47:00 2007 us=347462 TCPv4_SERVER link remote: > > >>>>> 98.76.54.32:48883 <http://98.76.54.32:48883> > > >>>>> > > >>>>> Wed Nov 7 22:47:00 2007 us=354161 TLS: Initial packet from > > >>>>> 98.76.54.32:48883 <http://98.76.54.32:48883> sid=2e4d871b > 12ba58ca > > >>>>> > > >>>>> Wed Nov 7 22:47:02 2007 us=930794 VERIFY OK: depth=1, > > >>>>> > /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/Email=xxx@xxxxxxx > <mailto:xxx@xxxxxxx> > > >>>>> <mailto:xxx@xxxxxxx <mailto:xxx@xxxxxxx>> > > >>>>> > > >>>>> Wed Nov 7 22:47:02 2007 us=953126 VERIFY OK: depth=0, > > >>>>> /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Tiger/Email= > xxx@xxxxxxx <mailto:xxx@xxxxxxx> > > >>>>> <mailto:xxx@xxxxxxx <mailto:xxx@xxxxxxx>> > > >>>>> > > >>>>> Wed Nov 7 22:47:04 2007 us=189347 Data Channel Encrypt: Cipher > > >>>>> 'BF-CBC' initialized with 128 bit key > > >>>>> Wed Nov 7 22:47:04 2007 us=192065 Data Channel Encrypt: Using > 160 bit > > >>>>> message hash 'SHA1' for HMAC authentication > > >>>>> Wed Nov 7 22:47:04 2007 us=196237 Data Channel Decrypt: Cipher > > >>>>> 'BF-CBC' initialized with 128 bit key > > >>>>> Wed Nov 7 22:47:04 2007 us=198498 Data Channel Decrypt: Using > 160 bit > > >>>>> message hash 'SHA1' for HMAC authentication > > >>>>> Wed Nov 7 22:47:04 2007 us=388832 Control Channel: TLSv1, cipher > > >>>>> TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA > > >>>>> Wed Nov 7 22:47:04 2007 us=392021 [Tiger] Peer Connection > Initiated > > >>>>> with 98.76.54.32:48883 <http://98.76.54.32:48883> > > >>>>> > > >>>>> > > >>>> > > >>>>> Wed Nov 7 22:47:05 2007 us=629230 Initialization Sequence > Completed > > >>>>> −−−−−−−−−−−−−−−−−−−−−− > > >>>>> > > >>>>> Output of Client: > > >>>>> ----------------------------------------------------- > > >>>>> Thu Nov 08 14:46:58 2007 us=24485 Current Parameter Settings: > > >>>>> Thu Nov 08 14:46:58 2007 us=24531 config = 'client.ovpn' > > >>>>> Thu Nov 08 14:46:58 2007 us=24541 mode = 0 > > >>>>> Thu Nov 08 14:46:58 2007 us=24552 show_ciphers = DISABLED > > >>>>> Thu Nov 08 14:46:58 2007 us=24562 show_digests = DISABLED > > >>>>> Thu Nov 08 14:46:58 2007 us=24572 show_engines = DISABLED > > >>>>> Thu Nov 08 14:46:58 2007 us=24582 genkey = DISABLED > > >>>>> Thu Nov 08 14:46:58 2007 us=24593 key_pass_file = '[UNDEF]' > > >>>>> Thu Nov 08 14:46:58 2007 us=24603 show_tls_ciphers = DISABLED > > >>>>> Thu Nov 08 14:46:58 2007 us=24614 proto = 2 > > >>>>> Thu Nov 08 14:46:58 2007 us=24624 NOTE: --mute triggered... > > >>>>> Thu Nov 08 14:46:58 2007 us=24651 188 variation(s) on previous 10 > > >>>>> message(s) suppressed by --mute > > >>>>> Thu Nov 08 14:46:58 2007 us=24666 OpenVPN 2.0.9 Win32-MinGW [SSL] > > >>>>> [LZO] built on Oct 1 2006 > > >>>>> Thu Nov 08 14:46:58 2007 us=24748 IMPORTANT: OpenVPN's default > port > > >>>>> number is now 1194, based on an official port number > assignment by > > >>>>> IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default > port. > > >>>>> Thu Nov 08 14:46:58 2007 us=24763 WARNING: No server certificate > > >>>>> verification method has been enabled. See > > >>>>> http://openvpn.net/howto.html#mitm for more info. > > >>>>> Thu Nov 08 14:46:58 2007 us=26495 LZO compression initialized > > >>>>> Thu Nov 08 14:46:58 2007 us=26589 Control Channel MTU parms [ > L:1576 > > >>>>> D:140 EF:40 EB:0 ET:0 EL:0 ] > > >>>>> Thu Nov 08 14:46:58 2007 us=46092 TAP-WIN32 device [tap0] opened: > > >>>>> \\.\Global\{B45A907D-B030-4F6F-9FE1-001F6C3AEB48}.tap > > >>>>> Thu Nov 08 14:46:58 2007 us=46122 TAP-Win32 Driver Version 8.4 > > >>>>> Thu Nov 08 14:46:58 2007 us=46135 TAP-Win32 MTU=1500 > > >>>>> Thu Nov 08 14:46:58 2007 us=46156 Notified TAP-Win32 driver to > set a > > >>>>> DHCP IP/netmask of 192.168.10.11/255.255.255.0 > <http://192.168.10.11/255.255.255.0> > > >>>>> on interface > > >>>>> > > >>>>> {B45A907D-B030-4F6F-9FE1-001F6C3AEB48} [DHCP-serv: > 192.168.10.0 <http://192.168.10.0> > > >>>>> lease-time: 31536000] > > >>>>> > > >>>>> Thu Nov 08 14:46:58 2007 us=53796 Successful ARP Flush on > interface > > >>>>> [3] {B45A907D-B030-4F6F-9FE1-001F6C3AEB48} > > >>>>> Thu Nov 08 14:46:58 2007 us=55539 Data Channel MTU parms [ L:1576 > > >>>>> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] > > >>>>> Thu Nov 08 14:46:58 2007 us=55586 Local Options String: > 'V4,dev-type > > >>>>> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,ifconfig > > >>>>> 192.168.10.0 <http://192.168.10.0> 255.255.255.0 > <http://255.255.255.0> > > >>>>> ,comp-lzo,cipher BF-CBC,auth SHA1,keysize > > >>>>> > > >>>>> 128,key-method 2,tls-client' > > >>>>> Thu Nov 08 14:46:58 2007 us=55602 Expected Remote Options String: > > >>>>> 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto > > >>>>> TCPv4_SERVER,ifconfig 192.168.10.0 <http://192.168.10.0> > 255.255.255.0 <http://255.255.255.0> > > >>>>> ,comp-lzo,cipher BF-CBC,auth SHA1,keysize > > >>>>> > > >>>>> 128,key-method 2,tls-server' > > >>>>> Thu Nov 08 14:46:58 2007 us=55634 Local Options hash (VER=V4): > '1b763cc3' > > >>>>> Thu Nov 08 14:46:58 2007 us=55652 Expected Remote Options hash > > >>>>> (VER=V4): '2f5a5592' > > >>>>> Thu Nov 08 14:46:58 2007 us=55680 Attempting to establish TCP > > >>>>> connection with 127.0.0.1:3128 <http://127.0.0.1:3128> > > >>>>> > > >>>>> Thu Nov 08 14:46:58 2007 us=63009 TCP connection established with > > >>>>> 127.0.0.1:3128 <http://127.0.0.1:3128> > > >>>>> > > >>>>> Thu Nov 08 14:46:58 2007 us=63039 Send to HTTP proxy: 'CONNECT > > >>>>> xxx.xxx.org:8080 <http://xxx.xxx.org:8080> HTTP/1.0' > > >>>>> > > >>>>> Thu Nov 08 14:46:59 2007 us=159521 HTTP proxy returned: > 'HTTP/1.1 200 > > >>>>> Connection established' > > >>>>> Thu Nov 08 14:47:01 2007 us=158850 Socket Buffers: R=[8192->8192] > > >>>>> S=[8192->8192] > > >>>>> Thu Nov 08 14:47:01 2007 us=159020 TCPv4_CLIENT link local: > > >>>>> 172.24.201.50 <http://172.24.201.50> > > >>>>> > > >>>>> Thu Nov 08 14:47:01 2007 us=159037 TCPv4_CLIENT link remote: > > >>>>> 127.0.0.1:3128 <http://127.0.0.1:3128> > > >>>>> > > >>>>> Thu Nov 08 14:47:01 2007 us=390961 TLS: Initial packet from > > >>>>> 127.0.0.1:3128 <http://127.0.0.1:3128> , sid=9696962b 6944c74a > > >>>>> > > >>>>> Thu Nov 08 14:47:03 2007 us=206615 VERIFY OK: depth=1, > > >>>>> /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/emailAddress= > > >>>>> xxx@xxxxxxx <mailto:xxx@xxxxxxx> <mailto:xxx@xxxxxxx > <mailto:xxx@xxxxxxx>> > > >>>>> > > >>>>> Thu Nov 08 14:47:03 2007 us=208774 VERIFY OK: depth=0, > > >>>>> > /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Server/emailAddress=xxx@xxxxxxx > <mailto:xxx@xxxxxxx> > > >>>>> <mailto:xxx@xxxxxxx <mailto:xxx@xxxxxxx>> > > >>>>> > > >>>>> Thu Nov 08 14:47:05 2007 us=389449 NOTE: Options consistency > check may > > >>>>> be skewed by version differences > > >>>>> Thu Nov 08 14:47:05 2007 us=389494 WARNING: 'version' is used > > >>>>> inconsistently, local='version V4', remote='version V0 UNDEF' > > >>>>> Thu Nov 08 14:47:05 2007 us=389513 WARNING: 'dev-type' is > present in > > >>>>> local config but missing in remote config, local='dev-type tap' > > >>>>> Thu Nov 08 14:47:05 2007 us=389531 WARNING: 'link-mtu' is > present in > > >>>>> local config but missing in remote config, local='link-mtu 1576' > > >>>>> Thu Nov 08 14:47:05 2007 us=389549 WARNING: 'tun-mtu' is > present in > > >>>>> local config but missing in remote config, local='tun-mtu 1532' > > >>>>> Thu Nov 08 14:47:05 2007 us=389571 WARNING: 'proto' is present in > > >>>>> local config but missing in remote config, local='proto > TCPv4_SERVER' > > >>>>> Thu Nov 08 14:47:05 2007 us=389607 WARNING: 'ifconfig' is > present in > > >>>>> local config but missing in remote config, local='ifconfig > > >>>>> 192.168.10.0 <http://192.168.10.0> 255.255.255.0 > <http://255.255.255.0> ' > > >>>>> > > >>>>> Thu Nov 08 14:47:05 2007 us=389625 WARNING: 'comp-lzo' is > present in > > >>>>> local config but missing in remote config, local='comp-lzo' > > >>>>> Thu Nov 08 14:47:05 2007 us=389643 WARNING: 'cipher' is > present in > > >>>>> local config but missing in remote config, local='cipher BF-CBC' > > >>>>> Thu Nov 08 14:47:05 2007 us=389659 WARNING: 'auth' is present > in local > > >>>>> config but missing in remote config, local='auth SHA1' > > >>>>> Thu Nov 08 14:47:05 2007 us=389673 NOTE: --mute triggered... > > >>>>> Thu Nov 08 14:47:05 2007 us=389977 3 variation(s) on previous 10 > > >>>>> message(s) suppressed by --mute > > >>>>> Thu Nov 08 14:47:05 2007 us=389991 Data Channel Encrypt: Cipher > > >>>>> 'BF-CBC' initialized with 128 bit key > > >>>>> Thu Nov 08 14:47:05 2007 us=390009 Data Channel Encrypt: Using > 160 bit > > >>>>> message hash 'SHA1' for HMAC authentication > > >>>>> Thu Nov 08 14:47:05 2007 us=390090 Data Channel Decrypt: Cipher > > >>>>> 'BF-CBC' initialized with 128 bit key > > >>>>> Thu Nov 08 14:47:05 2007 us=390106 Data Channel Decrypt: Using > 160 bit > > >>>>> message hash 'SHA1' for HMAC authentication > > >>>>> Thu Nov 08 14:47:05 2007 us=390453 Control Channel: TLSv1, cipher > > >>>>> TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA > > >>>>> Thu Nov 08 14:47:05 2007 us=390487 [Server] Peer Connection > Initiated > > >>>>> with 127.0.0.1:3128 <http://127.0.0.1:3128> > > >>>>> > > >>>>> Thu Nov 08 14:47:06 2007 us=630508 TEST ROUTES: 0/0 succeeded > len=-1 > > >>>>> ret=1 a=0 u/d=up > > >>>>> Thu Nov 08 14:47:06 2007 us=630535 Initialization Sequence > Completed > > >>>>> ---------------------------------------------------------- > > >>>>> > > >>>>> > > >>>>> Why there're so many WARNINGS: > > >>>>> > > >>>>> 1.Both client and server use same version - 2.0.9,why does > the client > > >>>>> say: "NOTE: Options consistency check may be skewed by version > > >>>>> differences" > > >>>>> 2.Many options (like 'comp-lzo') have been enabled in both > client and > > >>>>> server's configuration, why does client say " WARNING: > 'comp-lzo' is > > >>>>> present in local config but missing in remote config, > local='comp-lzo'"? > > >>>>> > ------------------------------------------------------------------------ > > >>>>> > > >>>>> > > >>>>> > > >> > > > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |