[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] error: invalid source address / FRAG_IN error flags=0x2a187bf3: FRAG_TEST not implemented


  • Subject: [Openvpn-users] error: invalid source address / FRAG_IN error flags=0x2a187bf3: FRAG_TEST not implemented
  • From: Jan Luehr <openvpn-list@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 13 Aug 2007 10:35:33 +0200

Hello,

I've some trouble establishing a VPN connection between a server (running 
Debian Etch) an a linksys-router (running dd-wrt).
In this scenario, both participants are in a common unsecure network 
(192.168.1.0/24). (Wan port on linksys-router, ethernet NIC on Server). 
Also both have another interface (linksys: switch-wlan-bridge; server second 
nic) runnig in 172.16.0.0/24 - a secure private network.
I'd like to use OpenVPN to connect these private networks on OSI-2.

My server config is:
port 2195
dev tap0 #is bridged with my private nic
ca /etc/ssl/certs/ca.pem
cert /etc/ssl/certs/wlan.pem
key /etc/ssl/certs/wlan.key  # This file should be kept secret
dh /etc/ssl/certs/dh1024.pem
client-to-client
keepalive 10 120
persist-key
persist-tun
mode server
tls-server

My client config is:
remote 192.168.1.208
port 2195
dev tap0 #added to the lan/wlan bridge
tun-mtu 1500
fragment 1300
mssfix
tls-client
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/client.crt
key /tmp/openvpn/client.key
ping-restart 60
ping-timer-rem
persist-tun
persist-key
resolv-retry 86400
ping 10

The client logs:
Mon Aug 13 10:09:17 2007 OpenVPN 2.0.7 mipsel-unknown-linux [SSL] [LZO] 
[EPOLL] built on Sep 15 2006
Mon Aug 13 10:09:17 2007 WARNING: No server certificate verification method 
has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Aug 13 10:09:17 2007 WARNING: file '/tmp/openvpn/client.key' is group or 
others accessible
Mon Aug 13 10:09:17 2007 TUN/TAP device tap0 opened
Mon Aug 13 10:09:17 2007 UDPv4 link local (bound): [undef]:2195
Mon Aug 13 10:09:17 2007 UDPv4 link remote: 192.168.1.208:2195
Mon Aug 13 10:09:22 2007 [wlan.schule] Peer Connection Initiated with 
192.168.1.208:2195
Mon Aug 13 10:09:23 2007 Initialization Sequence Completed
Mon Aug 13 10:09:32 2007 FRAG_IN error flags=0x2a187bf3: FRAG_TEST not 
implemented
##This continues until I hit CTRL+C
Mon Aug 13 10:09:41 2007 event_wait : Interrupted system call (code=4)
Mon Aug 13 10:09:41 2007 SIGINT[hard,] received, process exiting

The server logs:
Mon Aug 13 10:07:35 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] 
built on Jan 21 2007
Mon Aug 13 10:07:35 2007 Diffie-Hellman initialized with 1024 bit key
Mon Aug 13 10:07:35 2007 WARNING: file '/etc/ssl/certs/wlan.key' is group or 
others accessible
Mon Aug 13 10:07:35 2007 TLS-Auth MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 
EL:0 ]
Mon Aug 13 10:07:35 2007 TUN/TAP device tap0 opened
Mon Aug 13 10:07:35 2007 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 
ET:32 EL:0 ]
Mon Aug 13 10:07:35 2007 UDPv4 link local (bound): [undef]:2195
Mon Aug 13 10:07:35 2007 UDPv4 link remote: [undef]
Mon Aug 13 10:07:35 2007 MULTI: multi_init called, r=256 v=256
Mon Aug 13 10:07:35 2007 Initialization Sequence Completed
Mon Aug 13 10:07:39 2007 MULTI: multi_create_instance called
Mon Aug 13 10:07:39 2007 192.168.1.245:2195 Re-using SSL/TLS context
Mon Aug 13 10:07:39 2007 192.168.1.245:2195 Control Channel MTU parms [ L:1573 
D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Aug 13 10:07:39 2007 192.168.1.245:2195 Data Channel MTU parms [ L:1573 
D:1450 EF:41 EB:4 ET:32 EL:0 ]
Mon Aug 13 10:07:39 2007 192.168.1.245:2195 Local Options hash 
(VER=V4): '0ddbb6e3'
Mon Aug 13 10:07:39 2007 192.168.1.245:2195 Expected Remote Options hash 
(VER=V4): '2c50bd2c'
Mon Aug 13 10:07:39 2007 192.168.1.245:2195 TLS: Initial packet from 
192.168.1.245:2195, sid=ddf90abd 963887c8
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 VERIFY OK: 
depth=1, /C=DE/ST=NRW/L=Koeln/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX@xxxxxx
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 VERIFY OK: 
depth=0, /C=DE/ST=NRW/L=Koeln/O=XXX/OU=XXX/CN=ap/emailAddress=XXX@xxxxxx
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 Data Channel Encrypt: 
Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 Data Channel Encrypt: Using 160 
bit message hash 'SHA1' for HMAC authentication
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 Data Channel Decrypt: 
Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 Data Channel Decrypt: Using 160 
bit message hash 'SHA1' for HMAC authentication
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 Control Channel: TLSv1, cipher 
TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Aug 13 10:07:44 2007 192.168.1.245:2195 [ap] Peer Connection Initiated 
with 192.168.1.245:2195
Mon Aug 13 10:07:44 2007 ap/192.168.1.245:2195 MULTI: no dynamic or static 
remote --ifconfig address is available for ap/192.168.1.245:2195
Mon Aug 13 10:07:54 2007 ap192.168.1.245:2195 MULTI: bad source address from 
client [7b:f3:64:1e:b4:cb], packet dropped
# this continius until I hit CTRL+C
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users