[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and QEMU


  • Subject: Re: [Openvpn-users] OpenVPN and QEMU
  • From: Carlos Baiget Orts <carlos.baiget@xxxxx>
  • Date: Wed, 16 Jan 2008 09:10:13 +0100

I forgot to send this reply to the list:.


>Thanks for your advice, sadly i get the same behaviour, not working with
> lots of replay warnings or 'ifconfig used inconsistently' if no-replay
>directive is given.
>As the same configuration is working if the server is run in the host
> rather than the qemu guest, i'm sure that this is what is causing the
> problem, but dont know why...

 As stated in my previous message I'm pretty sure now that the problem is the 
server not using the right ip for the client.
I want to point that 10.0.2.2 is the ip of the host machine for the qemu 
server, buy only from the perspective of the emulated machine, (detailed 
explanation of the set up here: 
http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC30)

the true server address is 192.168.1.x, the same as the client. But I can not 
state a fixed ip for the client in the server configuration, as it is going 
to connect from several places.

Thanks,
Carlos

El Wednesday 16 January 2008 01:42:24 Jan Just Keijser escribió:
> Hi Carlos,
>
> the statement
>   push "redirect-gateway...."
> is an openvpn 2 client/server directive that does not mix with your
> openvpn 1.x style config . Try it without the 'redirect-gateway' statement.
>
> HTH,
>
> JJK
>
> Carlos Baiget Orts wrote:
> > server.conf:
> >
> > 	dev tun
> > 	ifconfig 10.8.0.1	10.8.0.2
> > 	secret static.key
> > 	push "redirect-gateway local def1"
> > 	no-replay
> >
> > client.conf:
> >
> > 	dev tun
> > 	ifconfig 10.8.0.2	10.8.0.1
> > 	secret static.key
> >
> >
> > server messages:
> >
> > Tue Jan 15 23:50:33 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO]
> > [EPOLL] built on Sep 20 2007
> > Tue Jan 15 23:50:33 2008 IMPORTANT: OpenVPN's default port number is now
> > 1194, based on an official port number assignment by IANA.  OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Tue Jan 15 23:50:33 2008 WARNING: You have disabled Replay Protection
> > (--no-replay) which may make OpenVPN less secure
> > Tue Jan 15 23:50:33 2008 TUN/TAP device tun0 opened
> > Tue Jan 15 23:50:33 2008 ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu
> > 1500 Tue Jan 15 23:50:33 2008 UDPv4 link local (bound): [undef]:1194
> > Tue Jan 15 23:50:33 2008 UDPv4 link remote: [undef]
> > Tue Jan 15 23:50:45 2008 Peer Connection Initiated with 10.0.2.2:1194
> > Tue Jan 15 23:50:45 2008 Initialization Sequence Completed
> > Tue Jan 15 23:50:54 2008 WARNING: 'ifconfig' is used inconsistently,
> > local='ifconfig 10.8.0.1 10.8.0.2', remote='ifconfig 10.8.0.2 10.8.0.1'
> > Tue Jan 15 23:50:57 2008 event_wait : Interrupted system call (code=4)
> > Tue Jan 15 23:50:57 2008 SIGINT[hard,] received, process exiting
> >
> > (at this moment I made Ctrl-C on the client)
> >
> > client messages:
> >
> > Tue Jan 15 23:50:45 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO]
> > [EPOLL] built on May 21 2007
> > Tue Jan 15 23:50:45 2008 IMPORTANT: OpenVPN's default port number is now
> > 1194, based on an official port number assignment by IANA.  OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Tue Jan 15 23:50:45 2008 WARNING: file 'static.key' is group or others
> > accessible
> > Tue Jan 15 23:50:45 2008 TUN/TAP device tun0 opened
> > Tue Jan 15 23:50:45 2008 ifconfig tun0 10.8.0.2 pointopoint 10.8.0.1 mtu
> > 1500 Tue Jan 15 23:50:45 2008 UDPv4 link local (bound): [undef]:1194
> > Tue Jan 15 23:50:45 2008 UDPv4 link remote: 192.168.1.100:1194
> > Tue Jan 15 23:57:07 2008 event_wait : Interrupted system call (code=4)
> > Tue Jan 15 23:57:07 2008 SIGINT[hard,] received, process exiting
> >
> > (Ctrl-C)
> >
> > If I remove 'no-replay' directive, then I get a lot of warnings about
> > duplicate packets. This configuration works if I run the server on the
> > host machine instead the emulated one.
> >
> > thanks.
> >
> > El Monday 14 January 2008 12:49:17 David Balazic escribió:
> >> Config files ?
> >> logs ?
> >>
> >>
> >> ________________________________
> >>
> >> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Carlos
> >> Baiget Orts Sent: pon 14-jan-08 10:38
> >> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> >> Subject: [Openvpn-users] OpenVPN and QEMU
> >>
> >>
> >>
> >> Hello all.
> >>
> >> I need some advice on how to make OpenVPN work in the following
> >> configuration:
> >>
> >> I've installed Debian 4.0 and OpenVPN 2.0.9 in a qemu virtual machine,
> >> running in 'user network stack' mode (1). I launch the virtual machine
> >> with command:
> >>
> >> qemu -hda disk_image.img -redir udp:1194::1194
> >>
> >> which redirects all connections to host machine on port udp 1194 to
> >> guest machine and viceversa. The problem is, it doesn't work, and
> >> Openvpn complains about replay attacks, and if I ignore that, 'about an
> >> inconsistent ifconfig configuration'.
> >> The openvpn configuration file is them most simple, the one explained in
> >> the quick how-to, and it works if I run it in the host machine, with the
> >> same Openvpn version.
> >> The client machine is in the same LAN with no firewall between them.
> >>
> >> Hope someone can give a hint, thanks a lot.
> >>
> >> (1): http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC30


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users