[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] problem with server mode


  • Subject: Re: [Openvpn-users] problem with server mode
  • From: Canhua <dreameration@xxxxxxxxx>
  • Date: Mon, 10 Sep 2007 09:57:12 +0800

On 9/10/07, Daniel L. Miller <dmiller@xxxxxxxxx> wrote:
> Canhua wrote:
> > hi all, I set up openvpn in server mode. My configuration file for the
> > server is shown as follows:
> >
> > local *.*.*.*
> > port 1194
> > proto udp
> > dev tun
> > ca ca.crt
> > cert server.crt
> > key server.key
> > dh dh1024.pem
> > mode server
> > tls-server
> > ifconfig 10.137.0.1 10.137.0.2
> > ifconfig-pool 10.137.0.100 10.137.0.200
> > push "route 10.137.0.0 255.255.0.0"
> > client-to-client
> > keepalive 10 120
> > comp-lzo
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > status openvpn-status.log
> > verb 3
> >
> > And the following is the conf for client:
> >
> > client
> > dev tun
> > proto udp
> > resolv-retry infinite
> > nobind
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > ca ca.crt
> > cert client.crt
> > key client.key
> > comp-lzo
> > verb 3
> > keepalive 10 120
> >
> > Now, I start both the server and client, and succed as the verbose
> > output show:"Initialization Sequence Completed".
> > And I found that on the server there appears a new interface "tun0",
> > whose inet address is 10.137.0.1 and P-t-P address is 10.137.0.2,
> > while on the client side there appears a new interface "tun0" whose
> > inet addres is 10.137.0.102 while P-t-P address is 10.137.0.101. Then
> > I could not ping 10.137.0.1 or 10.137.0.101 from the client side and
> > neither could I ping 10.137.0.2 or 10.137.0.102 from the server side.
> >
> > Could any guy help me find out where the problem is ? Thanks a lot!
> >
> Were there any errors or warnings prior to the "Initialization
> completed"?  Any firewall on client?
Here comes the verbose output of the server:
Mon Sep 10 09:11:17 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO]
[EPOLL] built on Jan 21 2007
Mon Sep 10 09:11:17 2007 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Sep 10 09:11:17 2007 WARNING: No server certificate verification
method has been enabled.  See http://openvpn.net/howto.html#mitm for
more info.
Mon Sep 10 09:11:17 2007 LZO compression initialized
Mon Sep 10 09:11:17 2007 Control Channel MTU parms [ L:1542 D:138
EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 10 09:11:17 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 10 09:11:17 2007 Local Options hash (VER=V4): '41690919'
Mon Sep 10 09:11:17 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 10 09:11:17 2007 NOTE: UID/GID downgrade will be delayed
because of --client, --pull, or --up-delay
Mon Sep 10 09:11:17 2007 UDPv4 link local: [undef]
Mon Sep 10 09:11:17 2007 UDPv4 link remote:*.*.*.*:1194
Mon Sep 10 09:11:17 2007 TLS: Initial packet from *.*.*.*:1194,
sid=0dfdf7a9 dd45bb41
Mon Sep 10 09:11:17 2007 VERIFY OK: depth=1,
/C=CN/ST=SH/L=Shanghai/O=FD-University/CN=FD-University_CA/emailAddress=cch@xxb
Mon Sep 10 09:11:17 2007 VERIFY OK: depth=0,
/C=CN/ST=SH/L=Shanghai/O=FD-University/CN=xxbvpnserver/emailAddress=cch@xxb
Mon Sep 10 09:11:17 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Sep 10 09:11:17 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Sep 10 09:11:17 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Sep 10 09:11:17 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Sep 10 09:11:17 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Sep 10 09:11:17 2007 [xxbvpnserver] Peer Connection Initiated with
*.*.*.*:1194
Mon Sep 10 09:11:19 2007 SENT CONTROL [xxbvpnserver]: 'PUSH_REQUEST' (status=1)
Mon Sep 10 09:11:19 2007 PUSH: Received control message:
'PUSH_REPLY,route 10.137.0.0 255.255.0.0,ping 10,ping-restart
120,ifconfig 10.137.0.102 10.137.0.101'
Mon Sep 10 09:11:19 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 10 09:11:19 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 10 09:11:19 2007 OPTIONS IMPORT: route options modified
Mon Sep 10 09:11:19 2007 TUN/TAP device tun0 opened
Mon Sep 10 09:11:19 2007 /sbin/ifconfig tun0 10.137.0.102 pointopoint
10.137.0.101 mtu 1500
Mon Sep 10 09:11:19 2007 /sbin/route add -net 10.137.0.0 netmask
255.255.0.0 gw 10.137.0.101
Mon Sep 10 09:11:19 2007 GID set to nogroup
Mon Sep 10 09:11:19 2007 UID set to nobody
Mon Sep 10 09:11:19 2007 Initialization Sequence Completed
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users