|
|
Hi, I have an openvpn server on a machine connected to the internet with public IP SERVERIP and I'm trying to make a Nokia N800 (running Linux) get all of its data through the openvpn server. When I connect the N800 via wifi my N800 to my home network everything works as expected: traceroute to another internet connected machine goes through SERVERIP (so NAT seems to be properly activated on SERVERIP). When I connect the N800 via a ppp connection to my bluetooth phone, and when I tell the openvpn client to use http-proxy of my provider (PROXYIP) then it doesn't work: traceroute goes through ppp and my ISP network and not SERVERIP. In the client logs in the ppp case I have a "cannot read current default gateway from system" message: Wed Dec 5 00:31:24 2007 [server] Peer Connection Initiated with PROXYIP:80 Wed Dec 5 00:31:25 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Dec 5 00:31:27 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.73.32.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.73.32.6 10.73.32.5' Wed Dec 5 00:31:27 2007 OPTIONS IMPORT: timers and/or timeouts modified Wed Dec 5 00:31:27 2007 OPTIONS IMPORT: --ifconfig/up options modified Wed Dec 5 00:31:27 2007 OPTIONS IMPORT: route options modified Wed Dec 5 00:31:27 2007 TUN/TAP device tun0 opened Wed Dec 5 00:31:27 2007 /sbin/ifconfig tun0 10.73.32.6 pointopoint 10.73.32.5 mtu 1500 Wed Dec 5 00:31:27 2007 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system Wed Dec 5 00:31:27 2007 /sbin/route add -net 10.73.32.0 netmask 255.255.255.0 gw 10.73.32.5 Wed Dec 5 00:31:27 2007 Initialization Sequence Completed On the server I have the following: Wed Dec 5 12:36:29 2007 us=727053 TCPv4_SERVER link local: [undef] Wed Dec 5 12:36:29 2007 us=727080 TCPv4_SERVER link remote: PROXYIP:1335 WRWed Dec 5 12:36:31 2007 us=101407 PROXYIP:1335 TLS: Initial packet from PROXYIP:1335, sid=5912e5ca d0aadb71 WRWRRWWWWRWRWRWWRWWRWWWRWWRWRRWRWRWRWWWRWWRWWRWWRWRWRWWWWWWWWWWWWWWWRRWRRWRRWWRRRWRRRWWRRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Dec 5 12:37:03 2007 us=548244 PROXYIP:1335 VERIFY OK: depth=1, /C=FR/ST=75002/L=PARIS/O=OpenVPN-GUERBY/CN=server/emailAddress=laurent@xxxxxxxxxx Wed Dec 5 12:37:03 2007 us=548766 PROXYIP:1335 VERIFY OK: depth=0, /C=FR/ST=75002/O=OpenVPN-GUERBY/CN=n800/emailAddress=laurent@xxxxxxxxxx WRWRWRWRWRWRWRWRWRWed Dec 5 12:37:06 2007 us=366857 PROXYIP:1335 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Dec 5 12:37:06 2007 us=366984 PROXYIP:1335 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Dec 5 12:37:06 2007 us=367082 PROXYIP:1335 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Dec 5 12:37:06 2007 us=367116 PROXYIP:1335 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication WWWRWWWRWed Dec 5 12:37:08 2007 us=922175 PROXYIP:1335 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Dec 5 12:37:08 2007 us=922293 PROXYIP:1335 [n800] Peer Connection Initiated with PROXYIP:1335 Wed Dec 5 12:37:08 2007 us=922429 n800/PROXYIP:1335 MULTI: Learn: 10.73.32.6 -> n800/PROXYIP:1335 Wed Dec 5 12:37:08 2007 us=922470 n800/PROXYIP:1335 MULTI: primary virtual IP for n800/PROXYIP:1335: 10.73.32.6 RWed Dec 5 12:37:09 2007 us=743831 n800/PROXYIP:1335 PUSH: Received control message: 'PUSH_REQUEST' Wed Dec 5 12:37:09 2007 us=743967 n800/PROXYIP:1335 SENT CONTROL [n800]: 'PUSH_REPLY,redirect-gateway def1,route 10.73.32.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.73.32.6 10.73.32.5' (sta tus=1) WWWRRRWRRWRWRWRWRWRWRWRWRRWWWWWWWWWWWWWWWWWWWWWWWWWed Dec 5 12:42:41 2007 us=95446 n800/PROXYIP:1335 [n800] Inactivity timeout (--ping-restart), restarting Wed Dec 5 12:42:41 2007 us=95576 n800/PROXYIP:1335 SIGUSR1[soft,ping-restart] received, client-instance restarting Wed Dec 5 12:42:41 2007 us=96114 TCP/UDP: Closing socket Wed Dec 5 12:47:28 2007 us=166556 TCP/UDP: Closing socket I have put below route -n / ifconfig before and after starting the openvpn client in the situation where it works and the situation where it doesn't work together with version and configuration on client and server. I'm probably missing something trivial but I'm not a specialist, please let me know if some useful information is missing from this report. Thanks in advance for your help, Laurent #server openvpn version Wed Dec 5 09:30:53 2007 us=289676 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007 #client openvpn version Wed Dec 5 12:36:34 2007 OpenVPN 2.0.9 arm-unknown-linux-gnueabi [SSL] [LZO] [EPOLL] built on Nov 17 2007 #server config port 443 proto tcp-server dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.73.32.0 255.255.255.0 ifconfig-pool-persist ipp443.txt push "redirect-gateway def1" client-to-client duplicate-cn keepalive 10 120 float comp-lzo persist-key persist-tun status xopenvpn-status.log log-append xopenvpn.log verb 5 #client config client dev tun proto tcp-client remote SERVERIP 443 resolv-retry infinite nobind persist-key persist-tun http-proxy-retry # retry on connection failures http-proxy PROXYIP 80 ca ca.crt cert n800.crt key n800.key ns-cert-type server comp-lzo verb 3 log-append x.log #working as expected when connected on my home wifi without http-proxy-* lines in the client config: situation before starting openvpn # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 #ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:187 errors:0 dropped:0 overruns:0 frame:0 TX packets:187 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:13062 (12.7 KiB) TX bytes:13062 (12.7 KiB) wlan0 Link encap:Ethernet HWaddr 00:19:4F:9E:97:6D inet addr:192.168.1.108 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29074 errors:0 dropped:0 overruns:0 frame:0 TX packets:11182 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2249426 (2.1 MiB) TX bytes:1798664 (1.7 MiB) after openvpn is started # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface SERVERIP 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0 10.73.32.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 10.73.32.0 10.73.32.5 255.255.255.0 UG 0 0 0 tun0 0.0.0.0 10.73.32.5 128.0.0.0 UG 0 0 0 tun0 128.0.0.0 10.73.32.5 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:187 errors:0 dropped:0 overruns:0 frame:0 TX packets:187 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:13062 (12.7 KiB) TX bytes:13062 (12.7 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.73.32.6 P-t-P:10.73.32.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:17 errors:0 dropped:0 overruns:0 frame:0 TX packets:28 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1080 (1.0 KiB) TX bytes:1456 (1.4 KiB) wlan0 Link encap:Ethernet HWaddr 00:19:4F:9E:97:6D inet addr:192.168.1.108 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28938 errors:0 dropped:0 overruns:0 frame:0 TX packets:11103 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2238347 (2.1 MiB) TX bytes:1787384 (1.7 MiB) Traceroute shows going through SERVERIP and then going out to the internet. #not working when the same device is connected via PPP instead of wifi. before starting openvpn #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.6.6.6 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 #ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:247 errors:0 dropped:0 overruns:0 frame:0 TX packets:247 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:17142 (16.7 KiB) TX bytes:17142 (16.7 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:10.13.104.75 P-t-P:10.6.6.6 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:47 errors:0 dropped:0 overruns:0 frame:0 TX packets:52 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:8137 (7.9 KiB) TX bytes:7166 (6.9 KiB) after openvpn has started # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.73.32.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.6.6.6 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.73.32.0 10.73.32.5 255.255.255.0 UG 0 0 0 tun0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:217 errors:0 dropped:0 overruns:0 frame:0 TX packets:217 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:15012 (14.6 KiB) TX bytes:15012 (14.6 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:10.5.14.7 P-t-P:10.6.6.6 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:64 errors:0 dropped:0 overruns:0 frame:0 TX packets:74 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:12256 (11.9 KiB) TX bytes:8760 (8.5 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.73.32.6 P-t-P:10.73.32.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) and traceroute goes through ppp0 and internal ISP network instead of through SERVERIP ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |