Re: [gentoo-user] openvpn static ip

Joseph Thu, 25 Feb 2010 12:02:50 -0800

On 02/25/10 18:12, Xavier Parizet wrote:

Le 25/02/2010 17:51, Joseph a ??crit :

On 02/25/10 08:40, Xavier Parizet wrote:

On 02/25/2010 02:32 AM, Joseph wrote:

I've configured OpenVPN and it works OK but I can not seems to figure it
out how to assign static IP to clients


My server.conf port 8458
[SNIP]

On client in /etc/openvpn/ccd directory I've created a file "syscon9"
with:
ifconfig-push 192.168.139.15 192.168.139.1


Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ?
man openvpn tell me the following for ifconfig-push:
--ifconfig-push local remote-netmask

so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line
above in the ccd directory.

If it doesn't work, then please post the openvpn.log of the client.


I've tried it many time, it doesn't work with the netmaks. File: syscon9
from ccd:
cat syscon9
ifconfig-push  192.168.0.15 255.255.255.0

                       ^^^
                        this is wrong (or maybe a typing mistake?)

If it's a typing mistake, then please post now server side log.


Yes, it was a typo :-/ I corrected it:
cat syscon9
ifconfig-push  192.168.139.15 255.255.255.0

but from log you can see it still didn't give me what I want, I got IP 
192.168.139.6 and was asking for: 192.168.139.15

log:
cat /var/log/openvpn.log
Thu Feb 25 12:14:04 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] 
[EPOLL] built on Jan 16 2010
Thu Feb 25 12:14:04 2010 NOTE: the current --script-security setting may allow 
this configuration to call user-defined scripts
Thu Feb 25 12:14:04 2010 Control Channel Authentication: using 
'/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file
Thu Feb 25 12:14:04 2010 Outgoing Control Channel Authentication: Using 160 bit 
message hash 'SHA1' for HMAC authentication
Thu Feb 25 12:14:04 2010 Incoming Control Channel Authentication: Using 160 bit 
message hash 'SHA1' for HMAC authentication
Thu Feb 25 12:14:04 2010 LZO compression initialized
Thu Feb 25 12:14:04 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 
ET:0 EL:0 ]
Thu Feb 25 12:14:04 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 
ET:32 EL:0 AF:3/1 ]
Thu Feb 25 12:14:04 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 12:14:04 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 12:14:04 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 12:14:04 2010 UDPv4 link local: [undef]
Thu Feb 25 12:14:04 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 12:15:04 2010 TLS Error: TLS key negotiation failed to occur within 
60 seconds (check your network connectivity)
Thu Feb 25 12:15:04 2010 TLS Error: TLS handshake failed
Thu Feb 25 12:15:04 2010 TCP/UDP: Closing socket
Thu Feb 25 12:15:04 2010 SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 25 12:15:04 2010 Restart pause, 2 second(s)
Thu Feb 25 12:15:06 2010 NOTE: the current --script-security setting may allow 
this configuration to call user-defined scripts
Thu Feb 25 12:15:06 2010 Re-using SSL/TLS context
Thu Feb 25 12:15:06 2010 LZO compression initialized
Thu Feb 25 12:15:06 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 
ET:0 EL:0 ]
Thu Feb 25 12:15:06 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 
ET:32 EL:0 AF:3/1 ]
Thu Feb 25 12:15:06 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 12:15:06 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 12:15:06 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 12:15:06 2010 UDPv4 link local: [undef]
Thu Feb 25 12:15:06 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 12:16:06 2010 TLS Error: TLS key negotiation failed to occur within 
60 seconds (check your network connectivity)
Thu Feb 25 12:16:06 2010 TLS Error: TLS handshake failed
Thu Feb 25 12:16:06 2010 TCP/UDP: Closing socket
Thu Feb 25 12:16:06 2010 SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 25 12:16:06 2010 Restart pause, 2 second(s)
Thu Feb 25 12:16:08 2010 NOTE: the current --script-security setting may allow 
this configuration to call user-defined scripts
Thu Feb 25 12:16:08 2010 Re-using SSL/TLS context
Thu Feb 25 12:16:08 2010 LZO compression initialized
Thu Feb 25 12:16:08 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 
ET:0 EL:0 ]
Thu Feb 25 12:16:08 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 
ET:32 EL:0 AF:3/1 ]
Thu Feb 25 12:16:08 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 12:16:08 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 12:16:08 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 12:16:08 2010 UDPv4 link local: [undef]
Thu Feb 25 12:16:08 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 12:16:25 2010 TLS: Initial packet from 208.38.31.237:9000, 
sid=9c654bbf 0689942b
Thu Feb 25 12:16:25 2010 VERIFY OK: depth=1, 
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailaddress...@myhost.mydomain
Thu Feb 25 12:16:25 2010 Validating certificate key usage
Thu Feb 25 12:16:25 2010 ++ Certificate has key usage  00a0, expects 00a0
Thu Feb 25 12:16:25 2010 VERIFY KU OK
Thu Feb 25 12:16:25 2010 Validating certificate extended key usage
Thu Feb 25 12:16:25 2010 ++ Certificate has EKU (str) TLS Web Server 
Authentication, expects TLS Web Server Authentication
Thu Feb 25 12:16:25 2010 VERIFY EKU OK
Thu Feb 25 12:16:25 2010 VERIFY OK: depth=0, 
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailaddress...@myhost.mydomain
Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 
128 bit key
Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 
128 bit key
Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Thu Feb 25 12:16:26 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 
DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 25 12:16:26 2010 [server] Peer Connection Initiated with 
208.38.31.237:9000
Thu Feb 25 12:16:27 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Thu Feb 25 12:16:27 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig192.168.139.6 192.168.139.5'

Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: route options modified
Thu Feb 25 12:16:27 2010 ROUTE default_gateway=10.0.0.1
Thu Feb 25 12:16:27 2010 TUN/TAP device tun0 opened
Thu Feb 25 12:16:27 2010 TUN/TAP TX queue length set to 100
Thu Feb 25 12:16:27 2010 /sbin/ifconfig tun0 192.168.139.6 pointopoint 
192.168.139.5 mtu 1500
Thu Feb 25 12:16:27 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.6 
192.168.139.5 init
Thu Feb 25 12:16:27 2010 /sbin/route add -net 192.168.139.0 netmask 
255.255.255.0 gw 192.168.139.5
Thu Feb 25 12:16:27 2010 Initialization Sequence Completed

--
Joseph

Re: [gentoo-user] openvpn static ip

Reply via email to