[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and QEMU


  • Subject: Re: [Openvpn-users] OpenVPN and QEMU
  • From: Carlos Baiget Orts <carlos.baiget@xxxxx>
  • Date: Wed, 16 Jan 2008 00:00:48 +0100

server.conf:

	dev tun
	ifconfig 10.8.0.1	10.8.0.2
	secret static.key
	push "redirect-gateway local def1"
	no-replay

client.conf:
	
	dev tun
	ifconfig 10.8.0.2	10.8.0.1
	secret static.key
	

server messages:

Tue Jan 15 23:50:33 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] 
built on Sep 20 2007
Tue Jan 15 23:50:33 2008 IMPORTANT: OpenVPN's default port number is now 1194, 
based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and 
earlier used 5000 as the default port.
Tue Jan 15 23:50:33 2008 WARNING: You have disabled Replay Protection 
(--no-replay) which may make OpenVPN less secure
Tue Jan 15 23:50:33 2008 TUN/TAP device tun0 opened
Tue Jan 15 23:50:33 2008 ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Tue Jan 15 23:50:33 2008 UDPv4 link local (bound): [undef]:1194
Tue Jan 15 23:50:33 2008 UDPv4 link remote: [undef]
Tue Jan 15 23:50:45 2008 Peer Connection Initiated with 10.0.2.2:1194
Tue Jan 15 23:50:45 2008 Initialization Sequence Completed
Tue Jan 15 23:50:54 2008 WARNING: 'ifconfig' is used inconsistently, 
local='ifconfig 10.8.0.1 10.8.0.2', remote='ifconfig 10.8.0.2 10.8.0.1'
Tue Jan 15 23:50:57 2008 event_wait : Interrupted system call (code=4)
Tue Jan 15 23:50:57 2008 SIGINT[hard,] received, process exiting

(at this moment I made Ctrl-C on the client)

client messages:

Tue Jan 15 23:50:45 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] 
built on May 21 2007
Tue Jan 15 23:50:45 2008 IMPORTANT: OpenVPN's default port number is now 1194, 
based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and 
earlier used 5000 as the default port.
Tue Jan 15 23:50:45 2008 WARNING: file 'static.key' is group or others 
accessible
Tue Jan 15 23:50:45 2008 TUN/TAP device tun0 opened
Tue Jan 15 23:50:45 2008 ifconfig tun0 10.8.0.2 pointopoint 10.8.0.1 mtu 1500
Tue Jan 15 23:50:45 2008 UDPv4 link local (bound): [undef]:1194
Tue Jan 15 23:50:45 2008 UDPv4 link remote: 192.168.1.100:1194
Tue Jan 15 23:57:07 2008 event_wait : Interrupted system call (code=4)
Tue Jan 15 23:57:07 2008 SIGINT[hard,] received, process exiting

(Ctrl-C)

If I remove 'no-replay' directive, then I get a lot of warnings about 
duplicate packets. This configuration works if I run the server on the host 
machine instead the emulated one.

thanks.


El Monday 14 January 2008 12:49:17 David Balazic escribió:
> Config files ?
> logs ?
>
>
> ________________________________
>
> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Carlos
> Baiget Orts Sent: pon 14-jan-08 10:38
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: [Openvpn-users] OpenVPN and QEMU
>
>
>
> Hello all.
>
> I need some advice on how to make OpenVPN work in the following
> configuration:
>
> I've installed Debian 4.0 and OpenVPN 2.0.9 in a qemu virtual machine,
> running in 'user network stack' mode (1). I launch the virtual machine with
> command:
>
> qemu -hda disk_image.img -redir udp:1194::1194
>
> which redirects all connections to host machine on port udp 1194 to guest
> machine and viceversa. The problem is, it doesn't work, and Openvpn
> complains about replay attacks, and if I ignore that, 'about an
> inconsistent ifconfig configuration'.
> The openvpn configuration file is them most simple, the one explained in
> the quick how-to, and it works if I run it in the host machine, with the
> same Openvpn version.
> The client machine is in the same LAN with no firewall between them.
>
> Hope someone can give a hint, thanks a lot.
>
> (1): http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC30
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplac
>e _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users