[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and QEMU


  • Subject: Re: [Openvpn-users] OpenVPN and QEMU
  • From: Carlos Baiget Orts <carlos.baiget@xxxxx>
  • Date: Wed, 16 Jan 2008 02:28:22 +0100

Possible cause:

When I run ovpn server in the qemu guest, it says:

> Tue Jan 15 23:50:45 2008 Peer Connection Initiated with 10.0.2.2:1194

This is the ip of the host system, not the ovpn client. I mean that the port 
redireccion works, but somehow makes the server think the client is the host 
system. This must be causing the client not receiving any packet... is there 
any workaround possible?

Thanks,
Carlos


> Carlos Baiget Orts wrote:
> > server.conf:
> >
> > 	dev tun
> > 	ifconfig 10.8.0.1	10.8.0.2
> > 	secret static.key
> > 	push "redirect-gateway local def1"
> > 	no-replay
> >
> > client.conf:
> >
> > 	dev tun
> > 	ifconfig 10.8.0.2	10.8.0.1
> > 	secret static.key
> >
> >
> > server messages:
> >
> > Tue Jan 15 23:50:33 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO]
> > [EPOLL] built on Sep 20 2007
> > Tue Jan 15 23:50:33 2008 IMPORTANT: OpenVPN's default port number is now
> > 1194, based on an official port number assignment by IANA.  OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Tue Jan 15 23:50:33 2008 WARNING: You have disabled Replay Protection
> > (--no-replay) which may make OpenVPN less secure
> > Tue Jan 15 23:50:33 2008 TUN/TAP device tun0 opened
> > Tue Jan 15 23:50:33 2008 ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu
> > 1500 Tue Jan 15 23:50:33 2008 UDPv4 link local (bound): [undef]:1194
> > Tue Jan 15 23:50:33 2008 UDPv4 link remote: [undef]
> > Tue Jan 15 23:50:45 2008 Peer Connection Initiated with 10.0.2.2:1194
> > Tue Jan 15 23:50:45 2008 Initialization Sequence Completed
> > Tue Jan 15 23:50:54 2008 WARNING: 'ifconfig' is used inconsistently,
> > local='ifconfig 10.8.0.1 10.8.0.2', remote='ifconfig 10.8.0.2 10.8.0.1'
> > Tue Jan 15 23:50:57 2008 event_wait : Interrupted system call (code=4)
> > Tue Jan 15 23:50:57 2008 SIGINT[hard,] received, process exiting
> >
> > (at this moment I made Ctrl-C on the client)
> >
> > client messages:
> >
> > Tue Jan 15 23:50:45 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO]
> > [EPOLL] built on May 21 2007
> > Tue Jan 15 23:50:45 2008 IMPORTANT: OpenVPN's default port number is now
> > 1194, based on an official port number assignment by IANA.  OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Tue Jan 15 23:50:45 2008 WARNING: file 'static.key' is group or others
> > accessible
> > Tue Jan 15 23:50:45 2008 TUN/TAP device tun0 opened
> > Tue Jan 15 23:50:45 2008 ifconfig tun0 10.8.0.2 pointopoint 10.8.0.1 mtu
> > 1500 Tue Jan 15 23:50:45 2008 UDPv4 link local (bound): [undef]:1194
> > Tue Jan 15 23:50:45 2008 UDPv4 link remote: 192.168.1.100:1194
> > Tue Jan 15 23:57:07 2008 event_wait : Interrupted system call (code=4)
> > Tue Jan 15 23:57:07 2008 SIGINT[hard,] received, process exiting
> >
> > (Ctrl-C)
> >
> > If I remove 'no-replay' directive, then I get a lot of warnings about
> > duplicate packets. This configuration works if I run the server on the
> > host machine instead the emulated one.
> >
> > thanks.
> >
> > El Monday 14 January 2008 12:49:17 David Balazic escribió:
> >> Config files ?
> >> logs ?
> >>
> >>
> >> ________________________________
> >>
> >> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Carlos
> >> Baiget Orts Sent: pon 14-jan-08 10:38
> >> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> >> Subject: [Openvpn-users] OpenVPN and QEMU
> >>
> >>
> >>
> >> Hello all.
> >>
> >> I need some advice on how to make OpenVPN work in the following
> >> configuration:
> >>
> >> I've installed Debian 4.0 and OpenVPN 2.0.9 in a qemu virtual machine,
> >> running in 'user network stack' mode (1). I launch the virtual machine
> >> with command:
> >>
> >> qemu -hda disk_image.img -redir udp:1194::1194
> >>
> >> which redirects all connections to host machine on port udp 1194 to
> >> guest machine and viceversa. The problem is, it doesn't work, and
> >> Openvpn complains about replay attacks, and if I ignore that, 'about an
> >> inconsistent ifconfig configuration'.
> >> The openvpn configuration file is them most simple, the one explained in
> >> the quick how-to, and it works if I run it in the host machine, with the
> >> same Openvpn version.
> >> The client machine is in the same LAN with no firewall between them.
> >>
> >> Hope someone can give a hint, thanks a lot.
> >>
> >> (1): http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC30


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users