[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Win2k setup question


  • Subject: Re: [Openvpn-users] Win2k setup question
  • From: Andrew Clarke <andrew@xxxxxxxxx>
  • Date: Mon, 26 Jul 2004 10:27:54 -0700

Thank you again for your help.  Here's my server config file:

########################################
# Sample OpenVPN config file for
# multi-client udp server
#
# tun-style tunnel

port 5000
dev tun
local 71.218.70.69
# nobind
status c:\\Program\ Files\\OpenVPN\\config\\tun.log 10
comp-lzo

# TLS parms

tls-server
ca c:\\Program\ Files\\OpenVPN\\my-openvpn-keys\\ca.crt
cert c:\\Program\ Files\\OpenVPN\\my-openvpn-keys\\deception.crt
key c:\\Program\ Files\\OpenVPN\\my-openvpn-keys\\deception.key
dh c:\\Program\ Files\\OpenVPN\\my-openvpn-keys\\dh1024.pem

# Tell OpenVPN to be a multi-client udp server
mode server

# The server's virtual endpoints
ifconfig 10.8.0.1 10.8.0.2

# Pool of /30 subnets to be allocated to clients.
# When a client connects, an --ifconfig command
# will be automatically generated and pushed back to
# the client.
ifconfig-pool 10.8.0.4 10.8.0.255

# Push route to client to bind it to our local
# virtual endpoint.
push "route 10.8.0.1 255.255.255.255"

# Client should attempt reconnection on link
# failure.
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"

# Route the --ifconfig pool range into the
# OpenVPN server.
route 10.8.0.0 255.255.255.0

# The server doesn't need privileges
#user nobody
#group nobody

verb 4

I can get my sample client working with pretty much the same server file on a Windows XP test computer so I don't THINK it's a problem with my Mac OS X client. I'm including the file here anyway for your reference:

#########################################
# Sample client-side OpenVPN config file
# for connecting to multi-client server.
#
# The server can be pinged at 10.8.0.1.
#
# This configuration can be used by multiple
# clients, however each client should have
# its own cert and key files.
#
# tun-style tunnel

port 5000
dev tun
remote 71.218.70.69

# TLS parms
tls-client
ca /usr/local/openvpn-2.0_beta7/sample-config-files/ca.crt
cert /usr/local/openvpn-2.0_beta7/sample-config-files/deception.crt
key /usr/local/openvpn-2.0_beta7/sample-config-files/deception.key
dh /usr/local/openvpn-2.0_beta7/sample-config-files/dh1024.pem

# This parm is required for connecting
# to a multi-client server.  It tells
# the client to accept options which
# the server pushes to us.
pull

verb 4
comp-lzo

Thanks again,
- Andrew.

On Jul 24, 2004, at 14:35, James Yonan wrote:

Andrew Clarke <andrew@xxxxxxxxx> said:

Thank you very much for your response, James.  I've added "local
71.218.70.69" to my .ovpn file (I also tried .65) but am still having
the same problems.  The ipconfig /all output I've included below has
local 71.218.70.69 in the .ovpn file.

I also tried adding nobind and got the following line repeating several
hundred times per second:


Wed Jul 21 17:58:20 2004 read UDPv4: Invalid argument (WSAEINVAL)
(code=10022)

So all in all I'm still having trouble! When I fire up my client, the
two computers "see" each other on the VPN and I see packets being
transferred via RWRWRWRWRRW etc. showing up in the output, but I can't
ping or do anything actually useful. I guess because my server virtual
adapter doesn't have an IP address assigned to it!

The main problem here seems to be that the DHCP handshake to set the TAP-Win32
adapter properties is not working correctly. It would help to be able to look
at your config files.


The repeating "Invalid argument (WSAEINVAL)" messages may well be an unrelated
issue, but I will log it as a possible bug.


James

Thanks again,
- Andrew.

(p.s.  IP addresses changed to protect the innocent)

C:\Documents and Settings\andrew>ipconfig /all

Windows 2000 IP Configuration

         Host Name . . . . . . . . . . . . : TESTSERVER
         Primary DNS Suffix  . . . . . . . : somecompany.com.local
         Node Type . . . . . . . . . . . . : Hybrid
         IP Routing Enabled. . . . . . . . : No
         WINS Proxy Enabled. . . . . . . . : No
         DNS Suffix Search List. . . . . . : somecompany.com.local
                                             com.local

Ethernet adapter Local Area Connection 3:

         Connection-specific DNS Suffix  . :
         Description . . . . . . . . . . . : TAP-Win32 Adapter V8
         Physical Address. . . . . . . . . : 00-FF-3E-B3-7E-D8
         DHCP Enabled. . . . . . . . . . . : Yes
         Autoconfiguration Enabled . . . . : Yes
         IP Address. . . . . . . . . . . . : 0.0.0.0
         Subnet Mask . . . . . . . . . . . : 0.0.0.0
         Default Gateway . . . . . . . . . :
         DHCP Server . . . . . . . . . . . :
         DNS Servers . . . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-B0-D0-F0-2F-D6
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 71.218.70.69
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 71.218.70.68
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 71.218.70.67
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 71.218.70.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 71.218.70.65
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 71.218.70.1
DNS Servers . . . . . . . . . . . : 71.218.70.75
71.218.71.100
71.218.71.200
Primary WINS Server . . . . . . . : 71.218.70.75


Ethernet adapter Local Area Connection 2:

         Media State . . . . . . . . . . . : Cable Disconnected
         Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
         Physical Address. . . . . . . . . : 00-B0-D0-F0-2F-D5


On Jul 21, 2004, at 13:28, James Yonan wrote:

On Wednesday 21 July 2004 11:21, Andrew Clarke wrote:
I'm trying to set up OpenVPN 2.0b7 on a Win2k Advanced Server with 5
IPs on the first ethernet adapter.  It has a second adapter with no
ethernet cable plugged into it.

I'm not sure why I'm getting the errors I'm getting, but I'm wondering
if maybe OpenVPN is confused by the multiple IPs, or is trying to find
traffic on the wrong NIC, or something like that. I have OpenVPN
2.0b7
working on my Mac OS X, Linux and WinXP computers but can't get it
working on this one. If anybody has any suggestions, I'd really
appreciate it. I'm also including what I think are the appropriate
lines from a verb 5 test.

Are you using --local to bind to a particular adapter?

Also consider --nobind to avoid binding at all.


Thanks, - Andrew Clarke.


Wed Jul 21 08:43:38 2004 TAP-WIN32 device [Local Area Connection 3]
opened: \\.\Global\{3EB37ED8-DE88-449A-95DC-815A25829995}.tap
Wed Jul 21 08:43:38 2004 TAP-Win32 Driver Version 8.1
Wed Jul 21 08:43:38 2004 TAP-Win32 MTU=1500
Wed Jul 21 08:43:38 2004 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 10.8.0.1/255.255.255.252 on interface
{3EB37ED8-DE88-449A-95DC-815A25829995} [DHCP-serv: 10.8.0.2,
lease-time: 31536000]
Wed Jul 21 08:43:38 2004 Sleeping for 10 seconds...
Wed Jul 21 08:43:48 2004 Successful ARP Flush on interface [2]
{3EB37ED8-DE88-449A-95DC-815A25829995}
Wed Jul 21 08:43:48 2004 Attempting to lock Win32 semaphore
'openvpn_netcmd' prior to net shell command (timeout = 600 sec)
Wed Jul 21 08:43:48 2004 route ADD 10.8.0.0 MASK 255.255.255.0
10.8.0.2
The route addition failed: Either the interface index is wrong or the
gateway does not lie on the same network as the interface. Check the
IP
Address Table for the machine.

This probably means that the system couldn't find 10.8.0.2 in an active
interface. An "ipconfig /all" would be useful at this point to
diagnose
further.


James


------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users



------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users




--





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users