[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and QEMU


  • Subject: Re: [Openvpn-users] OpenVPN and QEMU
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Wed, 16 Jan 2008 01:42:24 +0100

Hi Carlos,

the statement
  push "redirect-gateway...."
is an openvpn 2 client/server directive that does not mix with your 
openvpn 1.x style config . Try it without the 'redirect-gateway' statement.

HTH,

JJK

Carlos Baiget Orts wrote:
> server.conf:
>
> 	dev tun
> 	ifconfig 10.8.0.1	10.8.0.2
> 	secret static.key
> 	push "redirect-gateway local def1"
> 	no-replay
>
> client.conf:
> 	
> 	dev tun
> 	ifconfig 10.8.0.2	10.8.0.1
> 	secret static.key
> 	
>
> server messages:
>
> Tue Jan 15 23:50:33 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] 
> built on Sep 20 2007
> Tue Jan 15 23:50:33 2008 IMPORTANT: OpenVPN's default port number is now 1194, 
> based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and 
> earlier used 5000 as the default port.
> Tue Jan 15 23:50:33 2008 WARNING: You have disabled Replay Protection 
> (--no-replay) which may make OpenVPN less secure
> Tue Jan 15 23:50:33 2008 TUN/TAP device tun0 opened
> Tue Jan 15 23:50:33 2008 ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
> Tue Jan 15 23:50:33 2008 UDPv4 link local (bound): [undef]:1194
> Tue Jan 15 23:50:33 2008 UDPv4 link remote: [undef]
> Tue Jan 15 23:50:45 2008 Peer Connection Initiated with 10.0.2.2:1194
> Tue Jan 15 23:50:45 2008 Initialization Sequence Completed
> Tue Jan 15 23:50:54 2008 WARNING: 'ifconfig' is used inconsistently, 
> local='ifconfig 10.8.0.1 10.8.0.2', remote='ifconfig 10.8.0.2 10.8.0.1'
> Tue Jan 15 23:50:57 2008 event_wait : Interrupted system call (code=4)
> Tue Jan 15 23:50:57 2008 SIGINT[hard,] received, process exiting
>
> (at this moment I made Ctrl-C on the client)
>
> client messages:
>
> Tue Jan 15 23:50:45 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] 
> built on May 21 2007
> Tue Jan 15 23:50:45 2008 IMPORTANT: OpenVPN's default port number is now 1194, 
> based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and 
> earlier used 5000 as the default port.
> Tue Jan 15 23:50:45 2008 WARNING: file 'static.key' is group or others 
> accessible
> Tue Jan 15 23:50:45 2008 TUN/TAP device tun0 opened
> Tue Jan 15 23:50:45 2008 ifconfig tun0 10.8.0.2 pointopoint 10.8.0.1 mtu 1500
> Tue Jan 15 23:50:45 2008 UDPv4 link local (bound): [undef]:1194
> Tue Jan 15 23:50:45 2008 UDPv4 link remote: 192.168.1.100:1194
> Tue Jan 15 23:57:07 2008 event_wait : Interrupted system call (code=4)
> Tue Jan 15 23:57:07 2008 SIGINT[hard,] received, process exiting
>
> (Ctrl-C)
>
> If I remove 'no-replay' directive, then I get a lot of warnings about 
> duplicate packets. This configuration works if I run the server on the host 
> machine instead the emulated one.
>
> thanks.
>
>
> El Monday 14 January 2008 12:49:17 David Balazic escribió:
>   
>> Config files ?
>> logs ?
>>
>>
>> ________________________________
>>
>> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Carlos
>> Baiget Orts Sent: pon 14-jan-08 10:38
>> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> Subject: [Openvpn-users] OpenVPN and QEMU
>>
>>
>>
>> Hello all.
>>
>> I need some advice on how to make OpenVPN work in the following
>> configuration:
>>
>> I've installed Debian 4.0 and OpenVPN 2.0.9 in a qemu virtual machine,
>> running in 'user network stack' mode (1). I launch the virtual machine with
>> command:
>>
>> qemu -hda disk_image.img -redir udp:1194::1194
>>
>> which redirects all connections to host machine on port udp 1194 to guest
>> machine and viceversa. The problem is, it doesn't work, and Openvpn
>> complains about replay attacks, and if I ignore that, 'about an
>> inconsistent ifconfig configuration'.
>> The openvpn configuration file is them most simple, the one explained in
>> the quick how-to, and it works if I run it in the host machine, with the
>> same Openvpn version.
>> The client machine is in the same LAN with no firewall between them.
>>
>> Hope someone can give a hint, thanks a lot.
>>
>> (1): http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC30
>>
>>     

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users