[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Re: Mystery of Openvpn


  • Subject: RE: [Openvpn-users] Re: Mystery of Openvpn
  • From: "Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>
  • Date: Wed, 8 Dec 2004 18:22:51 -0500

Davis,
I tried your suggestion (redirect-gateway) on my wireless winxp laptop,
but to no avail. same situation, cant ping the other end of the tunnel
(10.1.1.1) and cant bring up a web page. No communication whatsoever.

I am beginning to believe that 2.0beta15 is incompatible with 1.6
fundamentally. I have disable-occ on the 1.6 machine.

I have no mac address filtering on the linksys AP, nor any firewall or
security agent running on the winxp box. Yet still nothing gets through.

On the firewall here are the relevant openvpn 1.6 messages in
daemon.log, followed by my interfaces and route table on winXP (openvpn
2.15beta). Note that we never get beyond initiating the peer connection.

Following that are configs for both machines.

If no-one can suggest anything further, I will have to give up on
openvpn.
Rick

============== openvpn 1.6 config

dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
disable-occ
local 192.168.1.254
remote 192.168.1.4

ifconfig 10.1.1.1 10.1.1.2
route 192.168.1.4 
secret static.key
verb 4
mute 10


============== openvpn 1.6 (192.168.1.254) daemon.log
Dec 8 19:01:41 firewall openvpn[23622]: OpenVPN 1.6.0 i686-pc-linux-gnu
[SSL] [LZO] built on Dec 1 2004
Dec 8 19:01:41 firewall openvpn[23622]: Static Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Dec 8 19:01:41 firewall openvpn[23622]: Static Encrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Dec 8 19:01:41 firewall openvpn[23622]: Static Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Dec 8 19:01:41 firewall openvpn[23622]: Static Decrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Dec 8 19:01:41 firewall openvpn[23622]: TUN/TAP device tun0 opened
Dec 8 19:01:41 firewall openvpn[23622]: ip link set dev tun0 up mtu 1500
Dec 8 19:01:41 firewall openvpn[23622]: ip addr add dev tun0 local
10.1.1.1 peer 10.1.1.2
Dec 8 19:01:41 firewall openvpn[23622]: ip route add 192.168.1.4/32 via
10.1.1.2
Dec 8 19:01:41 firewall openvpn[23622]: Data Channel MTU parms [ L:1576
D:1450 EF:44 EB:0 ET:32 EL:0 ]
Dec 8 19:01:41 firewall openvpn[23622]: Local Options String:
'V3,dev-type tun,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig
10.1.1.2 10.1.1.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Dec 8 19:01:41 firewall openvpn[23622]: Expected Remote Options String:
'V3,dev-type tun,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig
10.1.1.1 10.1.1.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Dec 8 19:01:41 firewall openvpn[23622]: Local Options hash (VER=V3):
'839efbe9'
Dec 8 19:01:41 firewall openvpn[23622]: Expected Remote Options hash
(VER=V3): '437d064a'
Dec 8 19:01:41 firewall openvpn[18048]: UDPv4 link local (bound):
192.168.1.254:5000
Dec 8 19:01:41 firewall openvpn[18048]: UDPv4 link remote:
192.168.1.4:5000
Dec 8 19:01:58 firewall openvpn[18048]: Peer Connection Initiated with
192.168.1.4:5000
Dec 8 19:03:57 firewall openvpn[18048]: MSS: 1460 -> 1334
Dec 8 19:04:07 firewall last message repeated 2 times
Dec 8 19:05:28 firewall last message repeated 2 times
Dec 8 19:06:39 firewall openvpn[18048]: MSS: 1460 -> 1334
Dec 8 19:06:49 firewall last message repeated 2 times

=============== ipconfig -all and route print on WINxp
Ethernet adapter Local Area Connection 4:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Win32 Adapter V8
        Physical Address. . . . . . . . . : 00-FF-48-43-61-8D
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.1.1.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.252
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.1.1.1
        Lease Obtained. . . . . . . . . . : Wednesday, December 08, 2004
5:46:

        Connection-specific DNS Suffix  . : private.network
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
Netwo
 Connection
        Physical Address. . . . . . . . . : 00-0E-35-15-24-F3
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.4
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254
        DHCP Server . . . . . . . . . . . : 192.168.1.254
        DNS Servers . . . . . . . . . . . : 192.168.1.254

C:\Documents and Settings\rwtibbs>route print
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x20003 ...00 ff 48 43 61 8d ...... TAP-Win32 Adapter V8 - Deterministic
Netwo
 Enhancer Miniport
0x30002 ...00 0e 35 15 24 f3 ...... Intel(R) PRO/Wireless 2200BG Network
Conne
ion - Deterministic Network Enhancer Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.4
2
         10.1.1.0  255.255.255.252         10.1.1.2        10.1.1.2
30
         10.1.1.2  255.255.255.255        127.0.0.1       127.0.0.1
30
   10.255.255.255  255.255.255.255         10.1.1.2        10.1.1.2
30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
      192.168.1.0    255.255.255.0      192.168.1.4     192.168.1.4
2
      192.168.1.4  255.255.255.255        127.0.0.1       127.0.0.1
2
    192.168.1.255  255.255.255.255      192.168.1.4     192.168.1.4
2
        224.0.0.0        240.0.0.0         10.1.1.2        10.1.1.2
30
        224.0.0.0        240.0.0.0      192.168.1.4     192.168.1.4
2
  255.255.255.255  255.255.255.255         10.1.1.2        10.1.1.2
1
  255.255.255.255  255.255.255.255      192.168.1.4     192.168.1.4
1
Default Gateway:     192.168.1.254
========================================================================
===
Persistent Routes:
  None

======================== winxp openvpn 215beta config
local 192.168.1.4
remote 192.168.1.254
port 5000
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ifconfig 10.1.1.2 10.1.1.1
redirect-gateway
#route 192.168.1.254
 

-----Original Message-----
From: Davis Goodman [mailto:davis.goodman@xxxxxxxxxxxx] 
Sent: Wednesday, December 08, 2004 10:32 AM
To: Tibbs, Richard
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Re: Mystery of Openvpn

Hi Rick,

I have basically the same setup here and looking at your routing table 
one thing seems strange. On my setup, when I connect to the openvpn 
server the address for my default gateway is the address assigned by the

openvpn server and not the default gateway of my firewall. Try using the

"redirect-gateway" option in your client instead of route . Here is my 
config file which I use for the wireless connection. Of course, my 
server is 2.0beta15 as well as my client. But I think this is one of the

problem you are seeing. I've also included a "route print" of my laptop 
once connected with openvpn on my wireless. As you can see I only have 
one default route which is the IP assigned from the server.

Let me know if this make sense.

Davis

#########################################
# Sample client-side OpenVPN config file
# for connecting to multi-client server.
#
# The server can be pinged at 10.XX.21.1.
#
# This configuration can be used by multiple
# clients, however each client should have
# its own cert and key files.
#
# tun-style tunnel

port 1194
proto tcp-client
dev tun
tun-mtu 1500
mssfix 1400
remote my.vpn.server
comp-lzo

# TLS parms

tls-client
ca ca.crt
cert my.crt
key my.key

# This parm is required for connecting
# to a multi-client server. It tells
# the client to accept options which
# the server pushes to us.
pull
redirect-gateway
verb 4



$ route print
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 e9 4d 4a ...... Broadcom 440x 10/100 Integrated 
Controller - Packet Scheduler Miniport
0x3 ...00 ff e1 05 f7 1f ...... TAP-Win32 Adapter V8 - Packet Scheduler 
Miniport
0x4 ...00 04 23 a4 38 58 ...... Intel(R) PRO/Wireless LAN 2100 3A Mini 
PCI Adapter - Packet Scheduler Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.51.21.17 10.51.21.18 1
10.16.0.0 255.255.0.0 10.51.21.17 10.51.21.18 1
10.16.0.1 255.255.255.255 10.20.0.1 10.20.0.21 1
10.20.0.0 255.255.255.0 10.20.0.21 10.20.0.21 30
10.20.0.21 255.255.255.255 127.0.0.1 127.0.0.1 30
10.51.21.1 255.255.255.255 10.51.21.17 10.51.21.18 1
10.51.21.16 255.255.255.252 10.51.21.18 10.51.21.18 30
10.51.21.18 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.20.0.21 10.20.0.21 30
10.255.255.255 255.255.255.255 10.51.21.18 10.51.21.18 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.0.0 255.255.0.0 10.51.21.17 10.51.21.18 1
224.0.0.0 240.0.0.0 10.20.0.21 10.20.0.21 30
224.0.0.0 240.0.0.0 10.51.21.18 10.51.21.18 30
255.255.255.255 255.255.255.255 10.20.0.21 10.20.0.21 1
255.255.255.255 255.255.255.255 10.20.0.21 2 1
255.255.255.255 255.255.255.255 10.51.21.18 10.51.21.18 1
Default Gateway: 10.51.21.17
========================================================================
===
Persistent Routes:
None
Tibbs, Richard wrote:



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users