[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN, Linux and uDev


  • Subject: Re: [Openvpn-users] OpenVPN, Linux and uDev
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Tue, 7 Dec 2004 14:41:18 -0700 (MST)

On Tue, 7 Dec 2004, Doug Lytle wrote:

> Aparently, that was a fluke.  I can not consistantly get OpenVPN to run 
> from a script.  Snip of the log below, along with the configuratino files:

> <snip>
> 
> cat openvpn.log
> 
> Tue Dec  7 14:26:08 2004 us=827974 OpenVPN 2.0_rc1 i686-pc-linux [SSL] 
> [LZO] [EPOLL] built on Dec  7 2004
> Tue Dec  7 14:26:08 2004 us=828153 PO_INIT maxevents=4 flags=0x00000002
> Tue Dec  7 14:26:08 2004 us=831499 Control Channel Authentication: using 
> 'certs/static.key' as a OpenVPN static key file
> Tue Dec  7 14:26:08 2004 us=831618 Outgoing Control Channel 
> Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
> Tue Dec  7 14:26:08 2004 us=831684 Outgoing Control Channel 
> Authentication: HMAC KEY: eb83431b 997abd11 cca7a92e 267945d6 83e51fef
> Tue Dec  7 14:26:08 2004 us=831734 Incoming Control Channel 
> Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
> Tue Dec  7 14:26:08 2004 us=831893 Incoming Control Channel 
> Authentication: HMAC KEY: eb83431b 997abd11 cca7a92e 267945d6 83e51fef
> Tue Dec  7 14:26:08 2004 us=831992 LZO compression initialized
> Tue Dec  7 14:26:08 2004 us=832066 MTU DYNAMIC mtu=0, flags=1, 0 -> 166
> Tue Dec  7 14:26:08 2004 us=832144 PID packet_id_init seq_backtrack=64 
> time_backtrack=15
> Tue Dec  7 14:26:08 2004 us=832387 PID packet_id_init seq_backtrack=64 
> time_backtrack=15
> Tue Dec  7 14:26:08 2004 us=832481 PID packet_id_init seq_backtrack=64 
> time_backtrack=15
> Tue Dec  7 14:26:08 2004 us=832627 PID packet_id_init seq_backtrack=64 
> time_backtrack=15
> Tue Dec  7 14:26:08 2004 us=832692 Control Channel MTU parms [ L:1542 
> D:166 EF:66 EB:0 ET:0 EL:0 ]
> Tue Dec  7 14:26:08 2004 us=832770 MTU DYNAMIC mtu=1450, flags=2, 1542 
> -> 1450
> Tue Dec  7 14:26:08 2004 us=832826 REMOTE_LIST len=1 current=0
> Tue Dec  7 14:26:08 2004 us=832866 [0] some.remote.ip.adress:5XXX
> Tue Dec  7 14:26:08 2004 us=833001 RESOLVE_REMOTE flags=0x0001 phase=1 
> rrs=0 sig=-1 status=1
> Tue Dec  7 14:26:08 2004 us=833158 Note: Cannot open TUN/TAP dev 
> /dev/net/tun: No such file or directory (errno=2)
> Tue Dec  7 14:26:08 2004 us=833215 Note: Attempting fallback to kernel 
> 2.2 TUN/TAP interface
> Tue Dec  7 14:26:08 2004 us=834184 Cannot allocate TUN/TAP dev dynamically
> Tue Dec  7 14:26:08 2004 us=834274 Exiting

You need a /dev/net/tun on your system.  On Linux, OpenVPN tries this 
first.  If it fails, it then tries to open a Linux 2.2-style tun/tap 
device, i.e. /dev/tun0, /dev/tun1, etc.

James

> 
> <<snip>>
> 
> cat start.sh
> 
> #!/bin/sh
> 
> 
> # openvpn config file directory
> dir=/etc/openvpn
> 
> # load TUN/TAP kernel module
> modprobe tun
> 
> # enable IP forwarding
> /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> 
> /usr/local/sbin/openvpn --cd $dir --daemon --config /etc/openvpn/client.conf
> 
> <<snip>>
> 
> cat server.conf
> 
> ## Device type
> dev tun
> 
> # 10.1.0.1 is our local VPN endpoint (office).
> # 10.1.0.2 is our remote VPN endpoint (home).
> ifconfig 192.168.110.25 192.168.104.14
> 
> # Our up script will establish routes
> # once the VPN is alive.
> #up ./office.up
> 
> ## Server or client
> tls-client
> 
> ## Addisonal HMAC authentication
> tls-auth certs/static.key
> 
> ## VPN.Server's Public Certificate Authority
> ca certs/master-ca.crt
> 
> ## Addison's Public Certificate
> cert certs/kmart.server.crt
> 
> ## Addison's Private Key
> key certs/kmart.server.key
> 
> ## OpenVPN uses UDP port 5011.
> port 5XXX
> 
> # Downgrade UID and GID to
> # "nobody" after initialization
> # for extra security.
> #chroot /etc/openvpn
> #user nobody
> #group nogroup
> 
> #  VPN Public Address
> remote some.remote.ip.address
> 
> # If you built OpenVPN with
> # LZO compression, uncomment
> # out the following line.
> comp-lzo
> 
> ## Restart Control
> ping 10
> ping-restart 45
> ping-timer-rem
> persist-tun
> persist-key
> 
> 
> # Verbosity level.
> # 0 -- quiet except for fatal errors.
> # 1 -- mostly quiet.
> # 5 -- medium output, good for normal operation.
> # 8 -- verbose, good for troubleshooting
> verb 8
> # mute 10
> 
> ## What to call the log
> log-append openvpn.log
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users