[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] static ip ccd no effect


  • Subject: [Openvpn-users] static ip ccd no effect
  • From: "Pringles Original" <pringlesoriginal@xxxxxxxxx>
  • Date: Thu, 17 May 2007 21:54:24 -0700

Hi, i want to give a static ip to people who connect to my openvpn

this is my configuration file

---------------------------
[root@myServer openvpn]# cat server.conf | grep -v '#'

local 72.x.x.x
port 1194
proto tcp
dev tun

ca /etc/openvpn/examples/easy-rsa/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/keys/server.crt
key /etc/openvpn/examples/easy-rsa/keys/server.key

dh /etc/openvpn/examples/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0

client-config-dir ccd
route 10.9.0.0 255.255.255.255

push "redirect-gateway"

keepalive 10 120
comp-lzo
max-clients 10
user someuser
group users

persist-key
persist-tun

status openvpn-status.log

log         openvpn.log
log-append  openvpn.log

verb 9
mute 5
-----------------------------------------------------

contents of ccd:

[root@myServer openvpn]# ls ccd/
pg  pg-roommate

and content of the files:

[root@myServer openvpn]# cat ccd/pg
ifconfig-push 10.9.0.6 10.9.0.7
[root@myServerl openvpn]# cat ccd/pg-roommate
ifconfig-push 10.9.0.10 10.9.0.11

--------------------

and the list of files in the certificates:

[root@cl-t061-360cl openvpn]# ls /etc/openvpn/examples/easy-rsa/keys/
01.pem  03.pem  ca.key      index.txt       index.txt.attr.old  pg.crt  pg.key           pg-roommate.csr  serial      server.crt  server.key
02.pem  ca.crt  dh1024.pem  index.txt.attr  index.txt.old       pg.csr  pg-roommate.crt   pg-roommate.key  serial.old  server.csr

------------------------


and this is the conntent of my openvpn.log:

[root@myServer openvpn]# cat openvpn.log
Fri May 18 00:43:53 2007 us=555734 Current Parameter Settings:
Fri May 18 00:43:53 2007 us=555853   config = 'server.conf'
Fri May 18 00:43:53 2007 us=555870   mode = 1
Fri May 18 00:43:53 2007 us=555884   persist_config = DISABLED
Fri May 18 00:43:53 2007 us=555898   persist_mode = 1
Fri May 18 00:43:53 2007 us=555910 NOTE: --mute triggered...
Fri May 18 00:43:53 2007 us=555953 238 variation(s) on previous 5 message(s) suppressed by --mute
Fri May 18 00:43:53 2007 us=555969 OpenVPN 2.1_rc2 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Mar  3 2007
Fri May 18 00:43:53 2007 us=556014 PKCS#11: pkcs11_initialize - entered
Fri May 18 00:43:53 2007 us=556033 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Fri May 18 00:43:53 2007 us=564797 Diffie-Hellman initialized with 1024 bit key
Fri May 18 00:43:53 2007 us=565693 WARNING: file '/etc/openvpn/examples/easy-rsa/ta.key' is group or others accessible
Fri May 18 00:43:53 2007 us=565719 Control Channel Authentication: using '/etc/openvpn/examples/easy-rsa/ta.key' as a OpenVPN static key file
Fri May 18 00:43:53 2007 us=565744 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 18 00:43:53 2007 us=565768 Outgoing Control Channel Authentication: HMAC KEY: 2f2eddf2 00ac642a c2e94fdc ffe5b86f 924641f6
Fri May 18 00:43:53 2007 us=565780 Outgoing Control Channel Authentication: HMAC size=20 block_size=64
Fri May 18 00:43:53 2007 us=565795 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 18 00:43:53 2007 us=565816 Incoming Control Channel Authentication: HMAC KEY: 68b0b784 86c3dc8e 836c64c2 fcb24a40 d6ba24f1
Fri May 18 00:43:53 2007 us=565827 Incoming Control Channel Authentication: HMAC size=20 block_size=64
Fri May 18 00:43:53 2007 us=565857 MTU DYNAMIC mtu=0, flags=1, 0 -> 168
Fri May 18 00:43:53 2007 us=565874 TLS-Auth MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri May 18 00:43:53 2007 us=565886 MTU DYNAMIC mtu=1450, flags=2, 1544 -> 1450
Fri May 18 00:43:53 2007 us=566075 GDG: route[1] 192.168.2.102/255.255.255.255/0.0.0.0 m=0
Fri May 18 00:43:53 2007 us=566104 GDG: route[2] 192.168.2.103/255.255.255.255/0.0.0.0 m=0
Fri May 18 00:43:53 2007 us=566124 GDG: route[3] 192.168.2.101/255.255.255.255/0.0.0.0 m=0
Fri May 18 00:43:53 2007 us=566144 GDG: route[4] 72.xx.xx.128/255.255.255.224/0.0.0.0 m=0
Fri May 18 00:43:53 2007 us=566159 NOTE: --mute triggered...
Fri May 18 00:43:53 2007 us=566812 4 variation(s) on previous 5 message(s) suppressed by --mute
Fri May 18 00:43:53 2007 us=566860 TUN/TAP device tun0 opened
Fri May 18 00:43:53 2007 us=566897 TUN/TAP TX queue length set to 100
Fri May 18 00:43:53 2007 us=566951 /sbin/ip link set dev tun0 up mtu 1500
Fri May 18 00:43:53 2007 us=566968 SYSTEM[2] '/sbin/ip link set dev tun0 up mtu 1500'
Fri May 18 00:43:53 2007 us=569525 SYSTEM return=0
Fri May 18 00:43:53 2007 us=569583 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Fri May 18 00:43:53 2007 us=569597 SYSTEM[2] '/sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2'
Fri May 18 00:43:53 2007 us=573174 SYSTEM return=0
Fri May 18 00:43:53 2007 us=573284 /sbin/ip route add 10.9.0.0/32 via 10.8.0.2
Fri May 18 00:43:53 2007 us=573298 SYSTEM[0] '/sbin/ip route add 10.9.0.0/32 via 10.8.0.2'
Fri May 18 00:43:53 2007 us=575646 SYSTEM return=0
Fri May 18 00:43:53 2007 us=575732 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Fri May 18 00:43:53 2007 us=575746 SYSTEM[0] '/sbin/ip route add 10.8.0.0/24 via 10.8.0.2'
Fri May 18 00:43:53 2007 us=578079 SYSTEM return=0
Fri May 18 00:43:53 2007 us=578158 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri May 18 00:43:53 2007 us=578654 GID set to users
Fri May 18 00:43:53 2007 us=578689 UID set to someuser
Fri May 18 00:43:53 2007 us=578709 STREAM: RESET
Fri May 18 00:43:53 2007 us=578722 STREAM: INIT maxlen=1544
Fri May 18 00:43:53 2007 us=578739 Listening for incoming TCP connection on 72.xx.xx.xx:1194
Fri May 18 00:43:53 2007 us=578772 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri May 18 00:43:53 2007 us=578793 TCPv4_SERVER link local (bound): 72.xx.xx.xx:1194
Fri May 18 00:43:53 2007 us=578833 TCPv4_SERVER link remote: [undef]
Fri May 18 00:43:53 2007 us=578856 MULTI: multi_init called, r=256 v=256
Fri May 18 00:43:53 2007 us=578896 IFCONFIG POOL: base= 10.8.0.4 size=62
Fri May 18 00:43:53 2007 us=578912 EP_INIT maxevents=14 flags=0x00000000
Fri May 18 00:43:53 2007 us=578950 MULTI: TCP INIT maxclients=10 maxevents=14
Fri May 18 00:43:53 2007 us=578981 Initialization Sequence Completed
Fri May 18 00:43:53 2007 us=578993 SCHEDULE: schedule_find_least NULL
Fri May 18 00:43:53 2007 us=579006 EP_CTL fd=4 rwflags=0x0001 ev=0x00000001 arg=0x00000001
Fri May 18 00:43:53 2007 us=579027 EP_CTL fd=5 rwflags=0x0001 ev=0x00000001 arg=0x00000002
Fri May 18 00:44:02 2007 us=254212 MULTI: REAP range 0 -> 256
Fri May 18 00:44:02 2007 us=254392 TCP/UDP: Closing socket
Fri May 18 00:44:02 2007 us=254450 /sbin/ip route del 10.8.0.0/24
Fri May 18 00:44:02 2007 us=254464 SYSTEM[0] '/sbin/ip route del 10.8.0.0/24'
RTNETLINK answers: Operation not permitted
Fri May 18 00:44:02 2007 us=257060 SYSTEM return=512
Fri May 18 00:44:02 2007 us=257103 ERROR: Linux route delete command failed: shell command exited with error status: 2
Fri May 18 00:44:02 2007 us=257138 /sbin/ip route del 10.9.0.0/32
Fri May 18 00:44:02 2007 us=257150 SYSTEM[0] '/sbin/ip route del 10.9.0.0/32'
RTNETLINK answers: Operation not permitted
Fri May 18 00:44:02 2007 us=259548 SYSTEM return=512
Fri May 18 00:44:02 2007 us=259593 ERROR: Linux route delete command failed: shell command exited with error status: 2
Fri May 18 00:44:02 2007 us=259614 Closing TUN/TAP interface
Fri May 18 00:44:02 2007 us=292265 PID packet_id_free
Fri May 18 00:44:02 2007 us=292335 SIGINT[hard,] received, process exiting
Fri May 18 00:44:02 2007 us=292623 PKCS#11: pkcs11_terminate - entered
Fri May 18 00:44:02 2007 us=292653 PKCS#11: pkcs11h_terminate entry
Fri May 18 00:44:02 2007 us=292666 PKCS#11: Removing providers
Fri May 18 00:44:02 2007 us=292677 PKCS#11: Releasing sessions
Fri May 18 00:44:02 2007 us=292689 PKCS#11: Marking as uninitialized
Fri May 18 00:44:02 2007 us=292699 NOTE: --mute triggered...

-------------------------------


So what am i doing wrong and why arent clients receiving static ips such as 10.9.0.10 ?