[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Configuration problems


  • Subject: [Openvpn-users] Configuration problems
  • From: Koen Vermeer <koen@xxxxxxxxxx>
  • Date: Mon, 17 Dec 2007 16:52:34 +0100

Hi,

I'm trying to set up a system where people can use openvpn to pretend
like they're part of the server's network. OpenVPN on the server is
running in a local network, connected through a NAT. The local network
is 172.17.145.0 and the server has unlimited access to the outside
world. Incoming UDP connections on the OpenVPN port are routed to the
server. The client is also in a NAT, with it's local network at
192.168.1.0. Unfortunately, my setup doesn't seem to work. Any help is
appreciated! If more information on my setup is useful, please let me
know what else I should provide you with.


The server's config is:

port 1194
proto udp
dev tap
ca ca.cer
cert server.cer
key server.key
dh DH.pem
ifconfig-pool-persist ipp.txt
server-bridge 172.17.145.20 255.255.255.0 172.17.145.70 172.17.145.90
push "redirect-gateway"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3

The client's config is:

client
dev tap
proto udp
remote 192.87.167.62 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.cer
cert client.cer
key client.key
ns-cert-type server
comp-lzo
verb 3

The server's log is:
Mon Dec 17 15:56:59 2007 OpenVPN 2.0.9 x86_64-pc-linux-gnu [SSL] [LZO]
[EPOLL] built on May 19 2007
Mon Dec 17 15:56:59 2007 Diffie-Hellman initialized with 1024 bit key
Mon Dec 17 15:56:59 2007 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0
ET:0 EL:0 ]
Mon Dec 17 15:56:59 2007 TUN/TAP device tap0 opened
Mon Dec 17 15:56:59 2007 Data Channel MTU parms [ L:1574 D:1450 EF:42
EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 17 15:56:59 2007 GID set to nogroup
Mon Dec 17 15:56:59 2007 UID set to nobody
Mon Dec 17 15:56:59 2007 UDPv4 link local (bound): [undef]:1194
Mon Dec 17 15:56:59 2007 UDPv4 link remote: [undef]
Mon Dec 17 15:56:59 2007 MULTI: multi_init called, r=256 v=256
Mon Dec 17 15:56:59 2007 IFCONFIG POOL: base=172.17.145.70 size=21
Mon Dec 17 15:56:59 2007 IFCONFIG POOL LIST
Mon Dec 17 15:56:59 2007 Test_client,172.17.145.70
Mon Dec 17 15:56:59 2007 Initialization Sequence Completed
Mon Dec 17 15:57:07 2007 MULTI: multi_create_instance called
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Re-using SSL/TLS context
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 LZO compression initialized
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Control Channel MTU parms
[ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Data Channel MTU parms
[ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Local Options hash (VER=V4):
'f7df56b8'
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Expected Remote Options hash
(VER=V4): 'd79ca330'
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 TLS: Initial packet from
87.212.14.143:1563, sid=541fef01 fda297ed
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 VERIFY OK:
depth=1, /C=NL/L=Delft/O=qwerty/CN=Koen_Vermeer/emailAddress=t@xxx
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 VERIFY OK:
depth=0, /C=NL/O=i-Optics_Nederland_BV/CN=Test_client
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Data Channel Encrypt: Cipher
'BF-CBC' initialized with 128 bit key
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Data Channel Encrypt: Using
160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Data Channel Decrypt: Cipher
'BF-CBC' initialized with 128 bit key
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Data Channel Decrypt: Using
160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 17 15:57:07 2007 87.212.14.143:1563 [Test_client] Peer
Connection Initiated with 87.212.14.143:1563
Mon Dec 17 15:57:08 2007 Test_client/87.212.14.143:1563 PUSH: Received
control message: 'PUSH_REQUEST'
Mon Dec 17 15:57:08 2007 Test_client/87.212.14.143:1563 SENT CONTROL
[Test_client]: 'PUSH_REPLY,redirect-gateway,route-gateway
172.17.145.20,ping 10,ping-restart 120,ifconfig 172.17.145.70
255.255.255.0' (status=1)
Mon Dec 17 15:57:09 2007 Test_client/87.212.14.143:1563 MULTI: Learn:
00:ff:d0:52:4d:87 -> Test_client/87.212.14.143:1563
Mon Dec 17 15:59:41 2007 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
[Some more of these]
Mon Dec 17 16:03:29 2007 Test_client/87.212.14.143:1563 [Test_client]
Inactivity timeout (--ping-restart), restarting
Mon Dec 17 16:03:29 2007 Test_client/87.212.14.143:1563
SIGUSR1[soft,ping-restart] received, client-instance restarting

At the client, the log shows:

Mon Dec 17 15:54:15 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built
on Apr 25 2007
Mon Dec 17 15:54:15 2007 LZO compression initialized
Mon Dec 17 15:54:15 2007 Control Channel MTU parms [ L:1574 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Dec 17 15:54:15 2007 Data Channel MTU parms [ L:1574 D:1450 EF:42
EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 17 15:54:15 2007 Local Options hash (VER=V4): 'd79ca330'
Mon Dec 17 15:54:15 2007 Expected Remote Options hash (VER=V4):
'f7df56b8'
Mon Dec 17 15:54:15 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 17 15:54:15 2007 UDPv4 link local: [undef]
Mon Dec 17 15:54:15 2007 UDPv4 link remote: 192.87.167.62:1194
Mon Dec 17 15:54:15 2007 TLS: Initial packet from 192.87.167.62:1194,
sid=08aa98d9 04667673
Mon Dec 17 15:54:16 2007 VERIFY OK:
depth=1, /C=NL/L=Delft/O=qwerty/CN=Koen_Vermeer/emailAddress=t@xxx
Mon Dec 17 15:54:16 2007 VERIFY OK: nsCertType=SERVER
Mon Dec 17 15:54:16 2007 VERIFY OK:
depth=0, /C=NL/O=i-Optics_Nederland_BV/CN=tst
Mon Dec 17 15:54:17 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Dec 17 15:54:17 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Dec 17 15:54:17 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Dec 17 15:54:17 2007 [tst] Peer Connection Initiated with
192.87.167.62:1194
Mon Dec 17 15:54:18 2007 SENT CONTROL [tst]: 'PUSH_REQUEST' (status=1)
Mon Dec 17 15:54:18 2007 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway,route-gateway 172.17.145.20,ping
10,ping-restart 120,ifconfig 172.17.145.70 255.255.255.0'
Mon Dec 17 15:54:18 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 17 15:54:18 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 17 15:54:18 2007 OPTIONS IMPORT: route options modified
Mon Dec 17 15:54:18 2007 OPTIONS IMPORT: route-related options modified
Mon Dec 17 15:54:19 2007 TAP-WIN32 device [Local Area Connection 2]
opened: \\.\Global\{D0524D87-70C1-457B-899A-E02B2879DB6E}.tap
Mon Dec 17 15:54:19 2007 TAP-Win32 Driver Version 9.3 
Mon Dec 17 15:54:19 2007 TAP-Win32 MTU=1500
Mon Dec 17 15:54:19 2007 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 172.17.145.70/255.255.255.0 on interface
{D0524D87-70C1-457B-899A-E02B2879DB6E} [DHCP-serv: 172.17.145.0,
lease-time: 31536000]
Mon Dec 17 15:54:19 2007 Successful ARP Flush on interface [196610]
{D0524D87-70C1-457B-899A-E02B2879DB6E}
Mon Dec 17 15:54:24 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0
u/d=up
Mon Dec 17 15:54:24 2007 route ADD 192.87.167.62 MASK 255.255.255.255
192.168.1.1
Mon Dec 17 15:54:24 2007 Route addition via IPAPI succeeded [adaptive]
Mon Dec 17 15:54:24 2007 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1
Mon Dec 17 15:54:24 2007 Route deletion via IPAPI succeeded [adaptive]
Mon Dec 17 15:54:24 2007 route ADD 0.0.0.0 MASK 0.0.0.0 172.17.145.20
Mon Dec 17 15:54:24 2007 Route addition via IPAPI succeeded [adaptive]
Mon Dec 17 15:54:24 2007 Initialization Sequence Completed

On the client, even a 'ping 172.17.145.20' doesn't work. Likewise,
browsing the internet fails (server not found).


Thanks for any help!

Koen

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users