[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Newbie help getting openvpn to work


  • Subject: [Openvpn-users] Newbie help getting openvpn to work
  • From: Howell Silverman <howells@xxxxxxxxxxxxxx>
  • Date: Fri, 17 Dec 2004 20:19:11 -0500

I'm hoping someone will take pitty on me and help me to get this working.
 
My environment is as follows:
 
Listener:
winxp prof. Sp1 in dmz port 1194 opened udp
static key generated, copied and saved in key.txt on both client and listener sides
interface connection bridged although i have a question on this:
     local connection shows active and I can talk to the machine on the local network (it is part of a domain)
     local connection 2 has an 'x' through it but Network Bridge is enabled everything seems to working normally
     Question: Is this correct??
 
 
The listen.opvn file is as follows:
All I really did was comment out the 'remote' comand and added some of the diagnostic commands at the very end.
------------------------------------------------------------------------- config.opvn -----------------------------------------------------------------------------------------
# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.
 
# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.
;remote myremote
 
# Uncomment this line to use a different
# port number than the default of 1194.
; port 1194
 
# Choose one of three protocols supported by
# OpenVPN.  If left commented out, defaults
# to udp.
; proto [tcp-server | tcp-client | udp]
 
# You must specify one of two possible network
# protocols, 'dev tap' or 'dev tun' to be used
# on both sides of the connection.  'tap' creates
# a VPN using the ethernet protocol while 'tun'
# uses the IP protocol.  You must use 'tap'
# if you are ethernet bridging or want to route
# broadcasts.  'tun' is somewhat more efficient
# but requires configuration of client software
# to not depend on broadcasts.  Some platforms
# such as Solaris, OpenBSD, and Mac OS X only
# support 'tun' interfaces, so if you are
# connecting to such a platform, you must also
# use a 'tun' interface on the Windows side.
 
# Enable 'dev tap' or 'dev tun' but not both!
dev tap
 
# This is a 'dev tap' ifconfig that creates
# a virtual ethernet subnet.
# 10.3.0.1 is the local VPN IP address
# and 255.255.255.0 is the VPN subnet.
# Only define this option for 'dev tap'.
ifconfig 10.3.0.1 255.255.255.0
 
# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address.
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
;tun-mtu 1500
;ifconfig 10.3.0.1 10.3.0.2
 
# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
;fragment 1300
;mssfix
 
# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
;dev-node my-tap
 
# You can generate a static OpenVPN key
# by selecting the Generate Key option
# in the start menu.
#
# You can also generate key.txt manually
# with the following command:
#   openvpn --genkey --secret key.txt
#
# key must match on both ends of the connection,
# so you should generate it on one machine and
# copy it to the other over a secure medium.
# Place key.txt in the same directory as this
# config file.
secret key.txt
 
# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400
 
# keep-alive ping
ping 10
 
# enable LZO compression
comp-lzo
 
# moderate verbosity
verb 4
mute 10
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
--------------------------------------------------------- end of config file --------------------------------------------------------------------------------
 
Now... on the Client Side:
I made sure the 1194 was opened..
I changed 'myremote' to my wan address and changed the ifconfig to 10.3.0.2
That's it.
 
I fire up the Listener side, the icons on the system tray are red and it does what I preseume to be correct..... sit and wait to be contacted by the cleint side. Although I would have thought that a status window would have opened to tell me what's going on.. but nothing happens.
I fire up the client side and a window opens with all sorts of status info.  I'm thinking all is well here.. but it doesn't connect to the listener side.
 
Here's the output of the window that comes up on the client side - THE WAN IP ADDRESS has been edited to protect the innocent and I highlight a message that says couldn't get adapter index and I assume that is something of a problem....:

Fri Dec 17 20:08:55 2004 us=724216 Current Parameter Settings:

Fri Dec 17 20:08:55 2004 us=724370 config = 'this.ovpn'

Fri Dec 17 20:08:55 2004 us=724388 mode = 0

Fri Dec 17 20:08:55 2004 us=724404 show_ciphers = DISABLED

Fri Dec 17 20:08:55 2004 us=724419 show_digests = DISABLED

Fri Dec 17 20:08:55 2004 us=724433 show_engines = DISABLED

Fri Dec 17 20:08:55 2004 us=724448 genkey = DISABLED

Fri Dec 17 20:08:55 2004 us=724463 key_pass_file = '[UNDEF]'

Fri Dec 17 20:08:55 2004 us=724480 show_tls_ciphers = DISABLED

Fri Dec 17 20:08:55 2004 us=724495 proto = 0

Fri Dec 17 20:08:55 2004 us=724510 NOTE: --mute triggered...

Fri Dec 17 20:08:55 2004 us=724563 181 variation(s) on previous 10 message(s) suppressed by --mute

Fri Dec 17 20:08:55 2004 us=724582 OpenVPN 2.0_rc1 Win32-MinGW [SSL] [LZO] built on Dec 6 2004

Fri Dec 17 20:08:55 2004 us=724702 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Fri Dec 17 20:08:55 2004 us=724723 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Fri Dec 17 20:08:55 2004 us=725214 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Fri Dec 17 20:08:55 2004 us=725269 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Dec 17 20:08:55 2004 us=725545 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Fri Dec 17 20:08:55 2004 us=725574 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Dec 17 20:08:55 2004 us=725619 LZO compression initialized

Fri Dec 17 20:08:55 2004 us=734420 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{A5FEC176-A3FE-4FCD-914A-9EF14747232E}.tap

Fri Dec 17 20:08:55 2004 us=734486 TAP-Win32 Driver Version 8.1

Fri Dec 17 20:08:55 2004 us=734504 TAP-Win32 MTU=1500

Fri Dec 17 20:08:55 2004 us=734531 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.3.0.2/255.255.255.0 on interface {A5FEC176-A3FE-4FCD-914A-9EF14747232E} [DHCP-serv: 10.3.0.0, lease-time: 31536000]

Fri Dec 17 20:08:55 2004 us=744935 NOTE: could not get adapter index for \DEVICE\TCPIP_{A5FEC176-A3FE-4FCD-914A-9EF14747232E}, status=55 : The specified network resource or device is no longer available.

Fri Dec 17 20:08:55 2004 us=762249 Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:19 ET:32 EL:0 ]

Fri Dec 17 20:08:55 2004 us=762349 Local Options String: 'V4,dev-type tap,link-mtu 1577,tun-mtu 1532,proto UDPv4,ifconfig 10.3.0.0 255.255.255.0,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'

Fri Dec 17 20:08:55 2004 us=762370 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1577,tun-mtu 1532,proto UDPv4,ifconfig 10.3.0.0 255.255.255.0,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'

Fri Dec 17 20:08:55 2004 us=762417 Local Options hash (VER=V4): 'e08453d7'

Fri Dec 17 20:08:55 2004 us=762448 Expected Remote Options hash (VER=V4): 'e08453d7'

Fri Dec 17 20:08:55 2004 us=762545 Socket Buffers: R=[8192->8192] S=[8192->8192]

Fri Dec 17 20:08:55 2004 us=762586 UDPv4 link local (bound): [undef]:1194

Fri Dec 17 20:08:55 2004 us=762604 UDPv4 link remote: xx.xxx.xxx.xxx:1194

---------------------------------------------------- end of output ------------------------------------------------------------------------------------

Any help will be very much appreciated.
Howell