[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Can not get openvpn client working


  • Subject: Re: [Openvpn-users] Can not get openvpn client working
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Sun, 09 Dec 2007 23:11:10 +0100

Hi Gert,

the line

Dec  8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link remote:
212.45.32.70:1194

does *not* imply that your link is working. Even more so, if this is the 
last line you're seeing when your openvpn client starts then I am almost 
positive that it is NOT working as it should. Use a simpler config file 
for debugging purposes, e.g.

client
nobind
proto udp
dev tun
remote <ip address of our server>
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client19.crt
key /etc/openvpn/client19.key
ns-cert-type server
tls-remote office
tls-auth ta.key 1
tls-client
comp-lzo
keepalive 10 60
verb 5


and then run openvpn on the command line : all output will be sent to stdout/stderr.
If that works then proceed to including the other config statements again. I am still not sure what the 'route-up' command is supposed to achieve that a
  route 10.12.0.0 255.255.0.0 vpn_gateway
or 

  route 10.12.0.0 255.255.0.0 net_gateway
couldn't do.

HTH and groetjes,

JJK

Gert Koning wrote:
> Hi all,
>
> I have been struggling for days now to get a straight forward openvpn
> client setup to work - to no avail. I am trying to connect to our office
> where they run an openvpn server. Different colleagues succesfully connect
> to the office this way.
>
> I am running Ubuntu 7.04 with kernel 2.6.20-16-generic on a laptop,
> connected wireless (device eth1) to a DSL modem. IP address is provided by
> DHCP and is mostly 192.168.1.102.  The internal network at the office is
> in the 10.12.0.0 range.
>
> This is my openvpn configuration, supplied by our network guys:
>
> client
> nobind
> proto udp
> dev tun
> remote <ip address of our server>
> user nobody
> group nobody
> persist-key
> persist-tun
> ca /etc/openvpn/ca.crt
> cert /etc/openvpn/client19.crt
> key /etc/openvpn/client19.key
> ns-cert-type server
> tls-remote office
> tls-auth ta.key 1
> tls-client
> route-up "route add -net 10.12.0.0/16 gw `route -n |grep 10.11 | head -n1|
> awk '{ print$2 }'`"
> comp-lzo
> keepalive 10 60
> daemon
>
> I do have the tun device:
> root@sjert-laptop:~# lsmod|grep tun
> tun                    12032  0
>
> When I start openvpn:
> root@sjert-laptop:~# /etc/init.d/openvpn start
> Starting virtual private network daemon: clientEnter Private Key Password:
> (OK).
>
> So my password is accepted. The daemon is running:
> root@sjert-laptop:/etc/openvpn# ps -ef|grep vpn
> root      5524     1  0 15:04 ?        00:00:00 /usr/sbin/openvpn
> --writepid /var/run/openvpn.client.pid --status
> /var/run/openvpn.client.status 10 --cd /etc/openvpn --config
> /etc/openvpn/client.conf
>
> Looking at /var/log/daemon:
> Dec  8 15:03:59 sjert-laptop openvpn[5523]: OpenVPN 2.0.9
> i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar  2 2007
> Dec  8 15:03:59 sjert-laptop openvpn[5523]: IMPORTANT: OpenVPN's default
> port number is now 1194, based on an official port number assignm
> ent by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
> Dec  8 15:04:03 sjert-laptop openvpn[5523]: Control Channel
> Authentication: using 'ta.key' as a OpenVPN static key file
> Dec  8 15:04:03 sjert-laptop openvpn[5523]: LZO compression initialized
> Dec  8 15:04:03 sjert-laptop openvpn[5524]: NOTE: UID/GID downgrade will
> be delayed because of --client, --pull, or --up-delay
> Dec  8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link local: [undef]
> Dec  8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link remote:
> 212.45.32.70:1194
>
> So everything looks OK, except its not working. The tun device is not
> shown in ifconfig:
>
> root@sjert-laptop:/etc/openvpn# ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:12:3F:D7:49:11
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Interrupt:19
>
> eth1      Link encap:Ethernet  HWaddr 00:13:CE:13:91:3C
>           inet addr:192.168.1.102  Bcast:192.168.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::213:ceff:fe13:913c/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:3849 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:3774 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2924710 (2.7 MiB)  TX bytes:449634 (439.0 KiB)
>           Interrupt:18 Base address:0xc000 Memory:dfcfd000-dfcfdfff
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:190 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:78165 (76.3 KiB)  TX bytes:78165 (76.3 KiB)
>
> And no route has been added:
>
> root@sjert-laptop:/etc/openvpn# route -n
> Kernel IP routeing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1
> 0.0.0.0         192.168.1.101   0.0.0.0         UG    0      0        0 eth1
>
>
> The network guys at the office seem to have run out of ideas. Is there
> anybody out there that can point me into the right direction?
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users