[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Connection problems, but just me!


  • Subject: [Openvpn-users] Connection problems, but just me!
  • From: Fabio Esquivel <fabio@xxxxxxxxxxxx>
  • Date: Fri, 14 Jan 2005 22:55:37 +0000 (UTC)

I have RC6 server running on SuSE 9.1 and some Windows clients (road warriors) 
with RC6 too.
I'm using certificates for authentication as well.
 
The weird thing about the setup is that the tunnels are working just fine for 
everybody, except me!
The connection just fails to start and assign an IP address,
but I'm performing the same steps I perform for everybody else...
 
I'm including an extract of the log file in case anybody has a suggestion:
 
 [OpenVPNGUI] STARTING OPENVPN with galileo.ovpn
 Current Parameter Settings:
  config = 'galileo.ovpn'
  mode = 0
  show_ciphers = DISABLED
  show_digests = DISABLED
  show_engines = DISABLED
 Enter Private Key Pass
   genkey = DISABLED
   key_pass_file = '[UNDEF]'
   show_tls_ciphers = DISABLED
   proto = 0
   local = '[UNDEF]'
   remote_list[0] = {'<public-remote>', 1194}
   remote_random = DISABLED
   local_port = 1194
   remote_port = 1194
   remote_float = DISABLED
   ipchange = '[UNDEF]'
   bind_local = ENABLED
   dev = 'tun'
   dev_type = '[UNDEF]'
 NOTE: --mute triggered...
 167 variation(s) on previous 20 message(s) suppressed by --mute
 OpenVPN 2.0_rc6 Win32-MinGW [SSL] [LZO] built on Dec 20 2004

 IMPORTANT: OpenVPN's default port number is now 1194,
   based on an official port number assignment by IANA.
   OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

 us=278862 WARNING: No server certificate verification method has been enabled.
   See http://openvpn.sourceforge.net/howto.html#mitm for more info.

 Control Channel Authentication:
   using 'E:\32\OpenVPN\keys\ta.key' as a OpenVPN static key file
 Outgoing Control Channel Authentication:
   Using 160 bit message hash 'SHA1' for HMAC authentication
 Incoming Control Channel Authentication:
   Using 160 bit message hash 'SHA1' for HMAC authentication
 LZO compression initialized
 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:23 ET:32 EL:0 AF:3/1 ]

 Local Options String:
   'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,
    keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,
    key-method 2,tls-client'

 Expected Remote Options String:
   'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,
    keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,
    key-method 2,tls-server'

 Local Options hash (VER=V4): 'ec497616'
 Expected Remote Options hash (VER=V4): '7cd8ed90'
 Socket Buffers: R=[8192->8192] S=[8192->8192]
 UDPv4 link local (bound): [undef]:1194
 UDPv4 link remote: <public-remote>:1194
 TLS: Initial packet from <public-remote>:1194, sid=d0ac0153 9714ec68

 VERIFY OK: depth=1, /C=CR/ST=San_Jose/L=Escazu/O=Sistemas_Galileo/
OU=I_D/
   CN=vpn1.sistemasgalileo.com/emailAddress=secure@xxxxxxxxxxxxxxxxxxx
 VERIFY OK: depth=0, /C=CR/ST=San_Jose/O=Sistemas_Galileo/OU=I_D/
   CN=vpn1.sistemasgalileo.com/emailAddress=secure@xxxxxxxxxxxxxxxxxxx
 WARNING: Actual Remote Options (
   'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,
    keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,
    key-method 2,tls-server') are inconsistent with Expected Remote Options (
   'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,
    keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,
    key-method 2,tls-server')

 Data Channel Encrypt:
   Cipher 'BF-CBC' initialized with 128 bit key
 Data Channel Encrypt:
   Using 160 bit message hash 'SHA1' for HMAC authentication
 Data Channel Decrypt:
   Cipher 'BF-CBC' initialized with 128 bit key
 Data Channel Decrypt:
   Using 160 bit message hash 'SHA1' for HMAC authentication

 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
 [vpn1.sistemasgalileo.com] Peer Connection Initiated with <public-remote>:1194
 SENT CONTROL [vpn1.sistemasgalileo.com]: 'PUSH_REQUEST' (status=1)
 PUSH: Received control message:
   'PUSH_REPLY,route 10.0.0.0 255.0.0.0,route 100.134.66.0 255.255.255.0,
    route 192.168.100.0 255.255.255.0,route 208.205.130.0 255.255.255.0,
    route 10.3.2.1,ping 10,ping-restart 120,ifconfig 10.3.2.6 10.3.2.5'

 OPTIONS IMPORT: timers and/or timeouts modified
 OPTIONS IMPORT: --ifconfig/up options modified
 OPTIONS IMPORT: route options modified
 TAP-WIN32 device [VPN_Galileo] opened:
   \\.\Global\{22C036A4-3608-40B2-B0E8-CE79FB7C174B}.tap
 TAP-Win32 Driver Version 8.1
 TAP-Win32 MTU=1500
 Notified TAP-Win32 driver to set a DHCP IP/netmask of
   10.3.2.6/255.255.255.252 on interface
   {22C036A4-3608-40B2-B0E8-CE79FB7C174B}
   [DHCP-serv: 10.3.2.5, lease-time: 31536000]

 Successful ARP Flush on interface [327683]
   {22C036A4-3608-40B2-B0E8-CE79FB7C174B}

 TEST ROUTES: 0/0 succeeded len=5 ret=0 a=0 u/d=down
 Route: Waiting for TUN/TAP interface to come up...
...
 route ADD 10.0.0.0 MASK 255.0.0.0 10.3.2.5
 Warning: route gateway is not reachable on any active network adapters:
   10.3.2.5
 Route addition via IPAPI failed
...
 Initialization Sequence Completed With Errors
[OpenVPNGUI] Connected to remote server!
 
--
  Fabio
       //



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users