[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Unexpected WARNINGS


  • Subject: Re: [Openvpn-users] Unexpected WARNINGS
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Thu, 06 Dec 2007 10:06:09 +0100

your client and server config files don't make sense. Try this for the 
server config:

local xxx.xxx.org <http://xxx.xxx.org>
port 8080
proto tcp-server
tls-server
server 192.168.10.0 255.255.255.0
dev tap0
cert X509/Server/server.crt
key X509/Server/server.key
dh X509/Server/dh1024.pem
ca X509/CA/ca.crt
keepalive 10 120
user nobody
group nobody
persist-key
persist-tun
comp-lzo
verb 4
mute 10

and this for the client

local abc
remote xxx.xxx.org <http://xxx.xxx.org> 8080
proto tcp-client
tls-client
dev tap
dev-node tap0
nobind
cert D:\\OpenVPN\\easy-rsa\\keys\\Tiger.crt
key D:\\OpenVPN\\easy-rsa\\keys\\Tiger.key
ca D:\\OpenVPN\\easy-rsa\\keys\\ca.crt
keepalive 10 120
comp-lzo
verb 4
mute 10

HTH,

JJK

Tiger Big wrote:
> Server Configuration (Linux):
> −−−−−−−−−−−−−−−−−−
> local xxx.xxx.org <http://xxx.xxx.org>
> port 8080
> proto tcp-server
> tls-server
> dev tap0
> cert X509/Server/server.crt
> key X509/Server/server.key
> dh X509/Server/dh1024.pem
> ca X509/CA/ca.crt
> ifconfig 192.168.10.11 <http://192.168.10.11> 255.255.255.0 
> <http://255.255.255.0>
> keepalive 10 120
> user nobody
> group nobody
> persist-key
> persist-tun
> comp-lzo
> verb 4
> mute 10
> −−−−−−−−−−−−−−−−−−
>
>
> Client Configuration (WinXP):
> ------------------------------------------
> local abc
> remote xxx.xxx.org <http://xxx.xxx.org> 8080
> proto tcp-client
> tls-client
> dev tap
> dev-node tap0
> nobind
> cert D:\\OpenVPN\\easy-rsa\\keys\\Tiger.crt
> key D:\\OpenVPN\\easy-rsa\\keys\\Tiger.key
> ca D:\\OpenVPN\\easy-rsa\\keys\\ca.crt
> ifconfig 192.168.10.11 <http://192.168.10.11> 255.255.255.0 
> <http://255.255.255.0>
> keepalive 10 120
> comp-lzo
> verb 4
> mute 10
> --------------------------------------------
>
> Output of Server:
> −−−−−−−−−−−−−−−−−−−−−−
> Wed Nov  7 22:46:52 2007 us=395451 OpenVPN 2.0.9 mipsel-unknown-linux 
> [SSL] [LZO] built on Oct  8 2007
> Wed Nov  7 22:46:53 2007 us=139174 Diffie-Hellman initialized with 
> 1024 bit key
> Wed Nov  7 22:46:53 2007 us=167393 LZO compression initialized
> Wed Nov  7 22:46:53 2007 us=177324 Control Channel MTU parms [ L:1576 
> D:140 EF:40 EB:0 ET:0 EL:0 ]
> Wed Nov  7 22:46:53 2007 us=207122 TUN/TAP device tap0 opened
> Wed Nov  7 22:46:53 2007 us=209204 TUN/TAP TX queue length set to 100
> Wed Nov  7 22:46:53 2007 us=211730 /sbin/ifconfig tap0 192.168.10.11 
> <http://192.168.10.11> netmask 255.255.255.0 <http://255.255.255.0> 
> mtu 1500 broadcast 192.168.10.255 <http://192.168.10.255>
> Wed Nov  7 22:46:53 2007 us=276813 Data Channel MTU parms [ L:1576 
> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> Wed Nov  7 22:46:53 2007 us=278702 GID set to nobody
> Wed Nov  7 22:46:53 2007 us=279692 UID set to nobody
> Wed Nov  7 22:46:53 2007 us=280933 Listening for incoming TCP 
> connection on 123.45.67.89:8080 <http://123.45.67.89:8080>
> Wed Nov  7 22:47:00 2007 us=344674 TCP connection established with 
> 98.76.54.32:48883 <http://98.76.54.32:48883>
> Wed Nov  7 22:47:00 2007 us=345622 Socket Buffers: R=[43689->65534] 
> S=[16384->65534]
> Wed Nov  7 22:47:00 2007 us=346587 TCPv4_SERVER link local (bound): 
> 123.45.67.89:8080 <http://123.45.67.89:8080>
> Wed Nov  7 22:47:00 2007 us=347462 TCPv4_SERVER link remote: 
> 98.76.54.32:48883 <http://98.76.54.32:48883>
> Wed Nov  7 22:47:00 2007 us=354161 TLS: Initial packet from 
> 98.76.54.32:48883 <http://98.76.54.32:48883>, sid=2e4d871b 12ba58ca
> Wed Nov  7 22:47:02 2007 us=930794 VERIFY OK: depth=1, 
> /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/Email=xxx@xxxxxxx 
> <mailto:xxx@xxxxxxx>
> Wed Nov  7 22:47:02 2007 us=953126 VERIFY OK: depth=0, 
> /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Tiger/Email= xxx@xxxxxxx 
> <mailto:xxx@xxxxxxx>
> Wed Nov  7 22:47:04 2007 us=189347 Data Channel Encrypt: Cipher 
> 'BF-CBC' initialized with 128 bit key
> Wed Nov  7 22:47:04 2007 us=192065 Data Channel Encrypt: Using 160 bit 
> message hash 'SHA1' for HMAC authentication
> Wed Nov  7 22:47:04 2007 us=196237 Data Channel Decrypt: Cipher 
> 'BF-CBC' initialized with 128 bit key
> Wed Nov  7 22:47:04 2007 us=198498 Data Channel Decrypt: Using 160 bit 
> message hash 'SHA1' for HMAC authentication
> Wed Nov  7 22:47:04 2007 us=388832 Control Channel: TLSv1, cipher 
> TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
> Wed Nov  7 22:47:04 2007 us=392021 [Tiger] Peer Connection Initiated 
> with 98.76.54.32:48883 <http://98.76.54.32:48883>
> Wed Nov  7 22:47:05 2007 us=629230 Initialization Sequence Completed
> −−−−−−−−−−−−−−−−−−−−−−
>
> Output of Client:
> -----------------------------------------------------
> Thu Nov 08 14:46:58 2007 us=24485 Current Parameter Settings:
> Thu Nov 08 14:46:58 2007 us=24531   config = 'client.ovpn'
> Thu Nov 08 14:46:58 2007 us=24541   mode = 0
> Thu Nov 08 14:46:58 2007 us=24552   show_ciphers = DISABLED
> Thu Nov 08 14:46:58 2007 us=24562   show_digests = DISABLED
> Thu Nov 08 14:46:58 2007 us=24572   show_engines = DISABLED
> Thu Nov 08 14:46:58 2007 us=24582   genkey = DISABLED
> Thu Nov 08 14:46:58 2007 us=24593   key_pass_file = '[UNDEF]'
> Thu Nov 08 14:46:58 2007 us=24603   show_tls_ciphers = DISABLED
> Thu Nov 08 14:46:58 2007 us=24614   proto = 2
> Thu Nov 08 14:46:58 2007 us=24624 NOTE: --mute triggered...
> Thu Nov 08 14:46:58 2007 us=24651 188 variation(s) on previous 10 
> message(s) suppressed by --mute
> Thu Nov 08 14:46:58 2007 us=24666 OpenVPN 2.0.9 Win32-MinGW [SSL] 
> [LZO] built on Oct  1 2006
> Thu Nov 08 14:46:58 2007 us=24748 IMPORTANT: OpenVPN's default port 
> number is now 1194, based on an official port number assignment by 
> IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
> Thu Nov 08 14:46:58 2007 us=24763 WARNING: No server certificate 
> verification method has been enabled.  See 
> http://openvpn.net/howto.html#mitm for more info.
> Thu Nov 08 14:46:58 2007 us=26495 LZO compression initialized
> Thu Nov 08 14:46:58 2007 us=26589 Control Channel MTU parms [ L:1576 
> D:140 EF:40 EB:0 ET:0 EL:0 ]
> Thu Nov 08 14:46:58 2007 us=46092 TAP-WIN32 device [tap0] opened: 
> \\.\Global\{B45A907D-B030-4F6F-9FE1-001F6C3AEB48}.tap
> Thu Nov 08 14:46:58 2007 us=46122 TAP-Win32 Driver Version 8.4
> Thu Nov 08 14:46:58 2007 us=46135 TAP-Win32 MTU=1500
> Thu Nov 08 14:46:58 2007 us=46156 Notified TAP-Win32 driver to set a 
> DHCP IP/netmask of 192.168.10.11/255.255.255.0 
> <http://192.168.10.11/255.255.255.0> on interface 
> {B45A907D-B030-4F6F-9FE1-001F6C3AEB48} [DHCP-serv: 192.168.10.0 
> <http://192.168.10.0>, lease-time: 31536000]
> Thu Nov 08 14:46:58 2007 us=53796 Successful ARP Flush on interface 
> [3] {B45A907D-B030-4F6F-9FE1-001F6C3AEB48}
> Thu Nov 08 14:46:58 2007 us=55539 Data Channel MTU parms [ L:1576 
> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> Thu Nov 08 14:46:58 2007 us=55586 Local Options String: 'V4,dev-type 
> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,ifconfig 
> 192.168.10.0 <http://192.168.10.0> 255.255.255.0 
> <http://255.255.255.0>,comp-lzo,cipher BF-CBC,auth SHA1,keysize 
> 128,key-method 2,tls-client'
> Thu Nov 08 14:46:58 2007 us=55602 Expected Remote Options String: 
> 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto 
> TCPv4_SERVER,ifconfig 192.168.10.0 <http://192.168.10.0> 255.255.255.0 
> <http://255.255.255.0>,comp-lzo,cipher BF-CBC,auth SHA1,keysize 
> 128,key-method 2,tls-server'
> Thu Nov 08 14:46:58 2007 us=55634 Local Options hash (VER=V4): '1b763cc3'
> Thu Nov 08 14:46:58 2007 us=55652 Expected Remote Options hash 
> (VER=V4): '2f5a5592'
> Thu Nov 08 14:46:58 2007 us=55680 Attempting to establish TCP 
> connection with 127.0.0.1:3128 <http://127.0.0.1:3128>
> Thu Nov 08 14:46:58 2007 us=63009 TCP connection established with 
> 127.0.0.1:3128 <http://127.0.0.1:3128>
> Thu Nov 08 14:46:58 2007 us=63039 Send to HTTP proxy: 'CONNECT 
> xxx.xxx.org:8080 <http://xxx.xxx.org:8080> HTTP/1.0'
> Thu Nov 08 14:46:59 2007 us=159521 HTTP proxy returned: 'HTTP/1.1 200 
> Connection established'
> Thu Nov 08 14:47:01 2007 us=158850 Socket Buffers: R=[8192->8192] 
> S=[8192->8192]
> Thu Nov 08 14:47:01 2007 us=159020 TCPv4_CLIENT link local: 
> 172.24.201.50 <http://172.24.201.50>
> Thu Nov 08 14:47:01 2007 us=159037 TCPv4_CLIENT link remote: 
> 127.0.0.1:3128 <http://127.0.0.1:3128>
> Thu Nov 08 14:47:01 2007 us=390961 TLS: Initial packet from 
> 127.0.0.1:3128 <http://127.0.0.1:3128>, sid=9696962b 6944c74a
> Thu Nov 08 14:47:03 2007 us=206615 VERIFY OK: depth=1, 
> /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/emailAddress= 
> xxx@xxxxxxx <mailto:xxx@xxxxxxx>
> Thu Nov 08 14:47:03 2007 us=208774 VERIFY OK: depth=0, 
> /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Server/emailAddress=xxx@xxxxxxx 
> <mailto:xxx@xxxxxxx>
> Thu Nov 08 14:47:05 2007 us=389449 NOTE: Options consistency check may 
> be skewed by version differences
> Thu Nov 08 14:47:05 2007 us=389494 WARNING: 'version' is used 
> inconsistently, local='version V4', remote='version V0 UNDEF'
> Thu Nov 08 14:47:05 2007 us=389513 WARNING: 'dev-type' is present in 
> local config but missing in remote config, local='dev-type tap'
> Thu Nov 08 14:47:05 2007 us=389531 WARNING: 'link-mtu' is present in 
> local config but missing in remote config, local='link-mtu 1576'
> Thu Nov 08 14:47:05 2007 us=389549 WARNING: 'tun-mtu' is present in 
> local config but missing in remote config, local='tun-mtu 1532'
> Thu Nov 08 14:47:05 2007 us=389571 WARNING: 'proto' is present in 
> local config but missing in remote config, local='proto TCPv4_SERVER'
> Thu Nov 08 14:47:05 2007 us=389607 WARNING: 'ifconfig' is present in 
> local config but missing in remote config, local='ifconfig 
> 192.168.10.0 <http://192.168.10.0> 255.255.255.0 <http://255.255.255.0>'
> Thu Nov 08 14:47:05 2007 us=389625 WARNING: 'comp-lzo' is present in 
> local config but missing in remote config, local='comp-lzo'
> Thu Nov 08 14:47:05 2007 us=389643 WARNING: 'cipher' is present in 
> local config but missing in remote config, local='cipher BF-CBC'
> Thu Nov 08 14:47:05 2007 us=389659 WARNING: 'auth' is present in local 
> config but missing in remote config, local='auth SHA1'
> Thu Nov 08 14:47:05 2007 us=389673 NOTE: --mute triggered...
> Thu Nov 08 14:47:05 2007 us=389977 3 variation(s) on previous 10 
> message(s) suppressed by --mute
> Thu Nov 08 14:47:05 2007 us=389991 Data Channel Encrypt: Cipher 
> 'BF-CBC' initialized with 128 bit key
> Thu Nov 08 14:47:05 2007 us=390009 Data Channel Encrypt: Using 160 bit 
> message hash 'SHA1' for HMAC authentication
> Thu Nov 08 14:47:05 2007 us=390090 Data Channel Decrypt: Cipher 
> 'BF-CBC' initialized with 128 bit key
> Thu Nov 08 14:47:05 2007 us=390106 Data Channel Decrypt: Using 160 bit 
> message hash 'SHA1' for HMAC authentication
> Thu Nov 08 14:47:05 2007 us=390453 Control Channel: TLSv1, cipher 
> TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
> Thu Nov 08 14:47:05 2007 us=390487 [Server] Peer Connection Initiated 
> with 127.0.0.1:3128 <http://127.0.0.1:3128>
> Thu Nov 08 14:47:06 2007 us=630508 TEST ROUTES: 0/0 succeeded len=-1 
> ret=1 a=0 u/d=up
> Thu Nov 08 14:47:06 2007 us=630535 Initialization Sequence Completed
> ----------------------------------------------------------
>
>
> Why there're so many WARNINGS:
>
> 1.Both client and server use same version - 2.0.9,why does the client 
> say: "NOTE: Options consistency check may be skewed by version 
> differences"
> 2.Many options (like 'comp-lzo')  have been enabled in both client and 
> server's configuration, why does client say " WARNING: 'comp-lzo' is 
> present in local config but missing in remote config, local='comp-lzo'"?
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by: The Future of Linux Business White Paper
> from Novell.  From the desktop to the data center, Linux is going
> mainstream.  Let it simplify your IT future.
> http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> ------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users