[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] How to tell if openvpn is really authenticated/encrypting on tunnel?


  • Subject: RE: [Openvpn-users] How to tell if openvpn is really authenticated/encrypting on tunnel?
  • From: "Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>
  • Date: Thu, 9 Dec 2004 11:06:35 -0500

Dear list: Sorry for the volume, trying to give you the info you need...

OK, I changed to verb 5 on the LEAF firewall.
Then ping from WINXP box viz:
Pinging 10.1.1.1 with 32 bytes of data:

Reply from 10.1.1.1: bytes=32 time=14ms TTL=64
Reply from 10.1.1.1: bytes=32 time=34ms TTL=64
Reply from 10.1.1.1: bytes=32 time=5ms TTL=64
Reply from 10.1.1.1: bytes=32 time=5ms TTL=64

Ping statistics for 10.1.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 34ms, Average = 14ms
Did this about 10 times (should have generated 40 pings), but I get no r
w etc. messages.  Loaded a huge PDF from a web site, no R W messages...
(?)

On the Winxp box I have had verb 9 for a while (lots of disk space).  I
have my openvpn configs on the LEAF box (openvpn 1.6) and logs, followed
by my config on the WinXP (openvpn 2.0beta15) and logs.

Is openvpn actually communicating/encrypting/authenticating?

TIA, Rick.

========================= openvpn 1.6 LEAF box config
firewall: -root-
# more openvpn.conf
#
# Sample OpenVPN configuration file for
# using a pre-shared static key.
#
# ' or ';' may be used to delimit comments.

# Use a dynamic tun device.
dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
disable-occ
local 192.168.1.254
float
# 10.1.1.1 is our local VPN endpoint
# 10.1.1.2 is our remote VPN endpoint (home wlan)
# ifconfig command is for backward compat. even though ip(2) is
supported
ifconfig 10.1.1.1 10.1.1.2
route 216.x.y.z # public ip anonymized
#tls-server

# Our pre-shared static key
secret static.key
verb 5
mute 10  

========================= logs from LEAF box
firewall: -root-
# more daemon.log
Dec  9 12:04:08 firewall init: Entering runlevel: 2
Dec  9 12:04:08 firewall openvpn[30737]: Current Parameter Settings:
Dec  9 12:04:08 firewall openvpn[30737]:   config =
'/etc/openvpn/openvpn.conf'
Dec  9 12:04:08 firewall openvpn[30737]:   persist_config = DISABLED
Dec  9 12:04:08 firewall openvpn[30737]:   persist_mode = 1
Dec  9 12:04:08 firewall openvpn[30737]:   show_ciphers = DISABLED
Dec  9 12:04:08 firewall openvpn[30737]:   show_digests = DISABLED
Dec  9 12:04:08 firewall openvpn[30737]:   genkey = DISABLED
Dec  9 12:04:08 firewall openvpn[30737]:   askpass = DISABLED
Dec  9 12:04:08 firewall openvpn[30737]:   show_tls_ciphers = DISABLED
Dec  9 12:04:08 firewall openvpn[30737]:   proto = 0
Dec  9 12:04:08 firewall openvpn[30737]: 103 variation(s) on previous 10
message(s) suppressed by --mute
Dec  9 12:04:08 firewall openvpn[30737]: OpenVPN 1.6.0 i686-pc-linux-gnu
[SSL] [LZO] built on Dec  1 2004
Dec  9 12:04:08 firewall openvpn[30737]: Static Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Dec  9 12:04:08 firewall openvpn[30737]: Static Encrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Dec  9 12:04:08 firewall openvpn[30737]: Static Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Dec  9 12:04:08 firewall openvpn[30737]: Static Decrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Dec  9 12:04:08 firewall openvpn[30737]: TUN/TAP device tun0 opened
Dec  9 12:04:08 firewall openvpn[30737]: ip link set dev tun0 up mtu
1500
Dec  9 12:04:08 firewall openvpn[30737]: ip addr add dev tun0 local
10.1.1.1 peer 10.1.1.2
Dec  9 12:04:08 firewall openvpn[30737]: ip route add 216.12.22.89/32
via 10.1.1.2
Dec  9 12:04:09 firewall openvpn[30737]: Data Channel MTU parms [ L:1576
D:1450 EF:44 EB:0 ET:32 EL:0 ]
Dec  9 12:04:09 firewall openvpn[30737]: Local Options String:
'V3,dev-type tun,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig
10.1.1.2 10.1.1.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Dec  9 12:04:09 firewall openvpn[30737]: Expected Remote Options String:
'V3,dev-type tun,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig
10.1.1.1 10.1.1.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Dec  9 12:04:09 firewall openvpn[30737]: Local Options hash (VER=V3):
'839efbe9'
Dec  9 12:04:09 firewall openvpn[30737]: Expected Remote Options hash
(VER=V3): '437d064a'
Dec  9 12:04:09 firewall openvpn[21016]: UDPv4 link local (bound):
192.168.1.254:5000
Dec  9 12:04:09 firewall openvpn[21016]: UDPv4 link remote: [undef]
Dec  9 12:04:26 firewall openvpn[21016]: Peer Connection Initiated with
192.168.1.3:5000

============================= WINXP config

remote 192.168.1.254
port 5000
disable-occ
dev tun

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ifconfig 10.1.1.2 10.1.1.1
route 216.z.y.x
secret secret.txt

ping-restart 60
 ping-timer-rem
 persist-tun
# keep-alive ping
ping 10
verb 9
mute 10

============================= WINXP logs
Thu Dec 09 11:01:53 2004 us=528802 SIGUSR1[soft,ping-restart] received,
process restarting
Thu Dec 09 11:01:53 2004 us=528830 Restart pause, 2 second(s)
Thu Dec 09 11:01:55 2004 us=528325 WE_INIT maxevents=3 flags=0x00000004
Thu Dec 09 11:01:55 2004 us=528398 WE_INIT maxevents=3 capacity=6
Thu Dec 09 11:01:55 2004 us=528432 PID packet_id_init seq_backtrack=64
time_backtrack=15
Thu Dec 09 11:01:55 2004 us=529206 CRYPTO INFO: n_DES_cblocks=0
Thu Dec 09 11:01:55 2004 us=529241 CRYPTO INFO: n_DES_cblocks=0
Thu Dec 09 11:01:55 2004 us=529469 Static Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Thu Dec 09 11:01:55 2004 us=529518 Static Encrypt: CIPHER KEY: b267482e
60b9dc38 8a4d4c18 6f8fb390
Thu Dec 09 11:01:55 2004 us=529546 Static Encrypt: CIPHER block_size=8
iv_size=8
Thu Dec 09 11:01:55 2004 us=529597 Static Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Thu Dec 09 11:01:55 2004 us=529649 Static Encrypt: HMAC KEY: 4e03c3a5
dc6ea07b 2a57c041 ccb64d25 c16b6630
Thu Dec 09 11:01:55 2004 us=529677 Static Encrypt: HMAC size=20
block_size=64
Thu Dec 09 11:01:55 2004 us=529893 Static Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Thu Dec 09 11:01:55 2004 us=529938 Static Decrypt: CIPHER KEY: b267482e
60b9dc38 8a4d4c18 6f8fb390
Thu Dec 09 11:01:55 2004 us=529965 Static Decrypt: CIPHER block_size=8
iv_size=8
Thu Dec 09 11:01:55 2004 us=530004 Static Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Thu Dec 09 11:01:55 2004 us=530054 Static Decrypt: HMAC KEY: 4e03c3a5
dc6ea07b 2a57c041 ccb64d25 c16b6630
Thu Dec 09 11:01:55 2004 us=530081 Static Decrypt: HMAC size=20
block_size=64
Thu Dec 09 11:01:55 2004 us=530121 MTU DYNAMIC mtu=1450, flags=2, 1576
-> 1450
Thu Dec 09 11:01:55 2004 us=530149 REMOTE_LIST len=1 current=0
Thu Dec 09 11:01:55 2004 us=530174 [0] 192.168.1.254:5000
Thu Dec 09 11:01:55 2004 us=531014 Preserving previous TUN/TAP instance:
Local Area Connection 5
Thu Dec 09 11:01:55 2004 us=531066 Data Channel MTU parms [ L:1576
D:1450 EF:44 EB:0 ET:32 EL:0 ]
Thu Dec 09 11:01:55 2004 us=531148 Local Options String: 'V4,dev-type
tun,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig 10.1.1.1
10.1.1.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Dec 09 11:01:55 2004 us=531184 Expected Remote Options String:
'V4,dev-type tun,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig
10.1.1.2 10.1.1.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Dec 09 11:01:55 2004 us=531246 Local Options hash (VER=V4):
'22576e62'
Thu Dec 09 11:01:55 2004 us=531300 Expected Remote Options hash
(VER=V4): '01d0f48d'
Thu Dec 09 11:01:55 2004 us=531355 Socket Buffers: R=[8192->8192]
S=[8192->8192]
Thu Dec 09 11:01:55 2004 us=531394 UDPv4 link local (bound):
[undef]:5000
Thu Dec 09 11:01:55 2004 us=531424 UDPv4 link remote: 192.168.1.254:5000
Thu Dec 09 11:01:55 2004 us=531500 ENCRYPT IV: 4edc2808 48e07e0a
Thu Dec 09 11:01:55 2004 us=531555 ENCRYPT FROM: 00000001 41b876f3
2a187bf3 641eb4cb 07ed2d0a 981fc748
Thu Dec 09 11:01:55 2004 us=531635 ENCRYPT TO: 4edc2808 48e07e0a
2bcb8071 b78a25e4 0ce79593 e393c624 2466e88a b1f401c[more...]
Thu Dec 09 11:01:55 2004 us=531670 SENT PING
Thu Dec 09 11:01:55 2004 us=531696 TIMER: coarse timer wakeup 1 seconds
Thu Dec 09 11:01:55 2004 us=531725 RANDOM USEC=142836
Thu Dec 09 11:01:55 2004 us=531756 WE_CTL n=0 ev=0x0045b824
rwflags=0x0001 arg=0x0040d624
Thu Dec 09 11:01:55 2004 us=531801 WIN32 I/O: Socket Receive queued
[1576]
Thu Dec 09 11:01:55 2004 us=531834 WE_CTL n=1 ev=0x00722ee0
rwflags=0x0003 arg=0x0040d61c
Thu Dec 09 11:01:55 2004 us=531879 WE_CTL n=3 ev=0x00727f4c
rwflags=0x0000 arg=0x0040d620
Thu Dec 09 11:01:55 2004 us=531905 NOTE: --mute triggered...
Thu Dec 09 11:01:55 2004 us=531946 8 variation(s) on previous 10
message(s) suppressed by --mute
Thu Dec 09 11:01:55 2004 us=532051 UDPv4 WRITE [60] to
192.168.1.254:5000:  DATA 724be2b9 4bb4c1bc e230709c 411aea80 c9805a37
4edc2808 48e07e0a 2bcb807[more...]
Thu Dec 09 11:01:55 2004 us=532236 WIN32 I/O: Socket Send immediate
return [60,60]
Thu Dec 09 11:01:55 2004 us=532269 UDPv4 write returned 60
Thu Dec 09 11:01:55 2004 us=532315 WE_CTL n=0 ev=0x0045b824
rwflags=0x0001 arg=0x0040d624
Thu Dec 09 11:01:55 2004 us=532348 WE_CTL n=1 ev=0x00722ee0
rwflags=0x0001 arg=0x0040d61c
Thu Dec 09 11:01:55 2004 us=532379 WE_CTL n=2 ev=0x00727f4c
rwflags=0x0001 arg=0x0040d620
Thu Dec 09 11:01:55 2004 us=532420 I/O WAIT TRQ|Tw1|SRQ|Sw1 [1/142836]
Thu Dec 09 11:01:55 2004 us=532448 WE_WAIT enter n=3 to=1143
Thu Dec 09 11:01:55 2004 us=532476 [0] ev=0x00000750 rwflags=0x0001
arg=0x0040d624
Thu Dec 09 11:01:55 2004 us=532505 [1] ev=0x00000714 rwflags=0x0001
arg=0x0040d61c
Thu Dec 09 11:01:55 2004 us=532615 [2] ev=0x00000748 rwflags=0x0001
arg=0x0040d620
Thu Dec 09 11:01:56 2004 us=680173 NOTE: --mute triggered...