[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Can not get openvpn client working


  • Subject: Re: [Openvpn-users] Can not get openvpn client working
  • From: "Gert Koning" <gjk@xxxxxxxxx>
  • Date: Mon, 10 Dec 2007 00:24:28 +0100 (CET)
  • Importance: Normal

Thanks guys, for you help! It is working now, the problem was a firewall
setting on the server side.

Regards,
Gert Koning

> Hi Gert,
>
> the line
>
> Dec  8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link remote:
> 212.45.32.70:1194
>
> does *not* imply that your link is working. Even more so, if this is the
> last line you're seeing when your openvpn client starts then I am almost
> positive that it is NOT working as it should. Use a simpler config file
> for debugging purposes, e.g.
>
> client
> nobind
> proto udp
> dev tun
> remote <ip address of our server>
> persist-key
> persist-tun
> ca /etc/openvpn/ca.crt
> cert /etc/openvpn/client19.crt
> key /etc/openvpn/client19.key
> ns-cert-type server
> tls-remote office
> tls-auth ta.key 1
> tls-client
> comp-lzo
> keepalive 10 60
> verb 5
>
>
> and then run openvpn on the command line : all output will be sent to
> stdout/stderr.
> If that works then proceed to including the other config statements again.
> I am still not sure what the 'route-up' command is supposed to achieve
> that a
>   route 10.12.0.0 255.255.0.0 vpn_gateway
> or
>
>   route 10.12.0.0 255.255.0.0 net_gateway
> couldn't do.
>
> HTH and groetjes,
>
> JJK
>
> Gert Koning wrote:
>> Hi all,
>>
>> I have been struggling for days now to get a straight forward openvpn
>> client setup to work - to no avail. I am trying to connect to our office
>> where they run an openvpn server. Different colleagues succesfully
>> connect
>> to the office this way.
>>
>> I am running Ubuntu 7.04 with kernel 2.6.20-16-generic on a laptop,
>> connected wireless (device eth1) to a DSL modem. IP address is provided
>> by
>> DHCP and is mostly 192.168.1.102.  The internal network at the office is
>> in the 10.12.0.0 range.
>>
>> This is my openvpn configuration, supplied by our network guys:
>>
>> client
>> nobind
>> proto udp
>> dev tun
>> remote <ip address of our server>
>> user nobody
>> group nobody
>> persist-key
>> persist-tun
>> ca /etc/openvpn/ca.crt
>> cert /etc/openvpn/client19.crt
>> key /etc/openvpn/client19.key
>> ns-cert-type server
>> tls-remote office
>> tls-auth ta.key 1
>> tls-client
>> route-up "route add -net 10.12.0.0/16 gw `route -n |grep 10.11 | head
>> -n1|
>> awk '{ print$2 }'`"
>> comp-lzo
>> keepalive 10 60
>> daemon
>>
>> I do have the tun device:
>> root@sjert-laptop:~# lsmod|grep tun
>> tun                    12032  0
>>
>> When I start openvpn:
>> root@sjert-laptop:~# /etc/init.d/openvpn start
>> Starting virtual private network daemon: clientEnter Private Key
>> Password:
>> (OK).
>>
>> So my password is accepted. The daemon is running:
>> root@sjert-laptop:/etc/openvpn# ps -ef|grep vpn
>> root      5524     1  0 15:04 ?        00:00:00 /usr/sbin/openvpn
>> --writepid /var/run/openvpn.client.pid --status
>> /var/run/openvpn.client.status 10 --cd /etc/openvpn --config
>> /etc/openvpn/client.conf
>>
>> Looking at /var/log/daemon:
>> Dec  8 15:03:59 sjert-laptop openvpn[5523]: OpenVPN 2.0.9
>> i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar  2 2007
>> Dec  8 15:03:59 sjert-laptop openvpn[5523]: IMPORTANT: OpenVPN's default
>> port number is now 1194, based on an official port number assignm
>> ent by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default
>> port.
>> Dec  8 15:04:03 sjert-laptop openvpn[5523]: Control Channel
>> Authentication: using 'ta.key' as a OpenVPN static key file
>> Dec  8 15:04:03 sjert-laptop openvpn[5523]: LZO compression initialized
>> Dec  8 15:04:03 sjert-laptop openvpn[5524]: NOTE: UID/GID downgrade will
>> be delayed because of --client, --pull, or --up-delay
>> Dec  8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link local: [undef]
>> Dec  8 15:04:03 sjert-laptop openvpn[5524]: UDPv4 link remote:
>> 212.45.32.70:1194
>>
>> So everything looks OK, except its not working. The tun device is not
>> shown in ifconfig:
>>
>> root@sjert-laptop:/etc/openvpn# ifconfig -a
>> eth0      Link encap:Ethernet  HWaddr 00:12:3F:D7:49:11
>>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>>           Interrupt:19
>>
>> eth1      Link encap:Ethernet  HWaddr 00:13:CE:13:91:3C
>>           inet addr:192.168.1.102  Bcast:192.168.1.255
>> Mask:255.255.255.0
>>           inet6 addr: fe80::213:ceff:fe13:913c/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:3849 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:3774 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:2924710 (2.7 MiB)  TX bytes:449634 (439.0 KiB)
>>           Interrupt:18 Base address:0xc000 Memory:dfcfd000-dfcfdfff
>>
>> lo        Link encap:Local Loopback
>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>           inet6 addr: ::1/128 Scope:Host
>>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>>           RX packets:190 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:78165 (76.3 KiB)  TX bytes:78165 (76.3 KiB)
>>
>> And no route has been added:
>>
>> root@sjert-laptop:/etc/openvpn# route -n
>> Kernel IP routeing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0
>> eth1
>> 169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0
>> eth1
>> 0.0.0.0         192.168.1.101   0.0.0.0         UG    0      0        0
>> eth1
>>
>>
>> The network guys at the office seem to have run out of ideas. Is there
>> anybody out there that can point me into the right direction?
>>
>>
>
>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users