On 02/25/10 21:09, Xavier Parizet wrote:
[snip]
Yes, it was a typo :-/ I corrected it:
cat syscon9
ifconfig-push 192.168.139.15 255.255.255.0
but from log you can see it still didn't give me what I want, I got IP
192.168.139.6 and was asking for: 192.168.139.15
log:
cat /var/log/openvpn.log
[SNIP]
Ok. After re-re-reading the man page, try to add parameter topology
subnet to server config. If it still don't work, then _please_ post the
openvpn.log of the server side.
--
Xavier Parizet
YaGB : http://gentooist.com
GPG : C7DC B10E FC21 63BE
B453 D239 F6E6 DF65 1569 91BF
I've added: topology subnet to both client and server conf but now when I try
to disconnect and connect I'm getting consecutive IP's:
192.168.139.2
192.168.139.3
192.168.139.4
...
cat server.conf
port 9000
proto udp
dev tun
mode server
ca /usr/share/openvpn/easy-rsa/keys/ca.crt
cert /usr/share/openvpn/easy-rsa/keys/server.crt
key /usr/share/openvpn/easy-rsa/keys/server.key
dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem
topology subnet
server 192.168.139.0 255.255.255.0
client-to-client
ifconfig-pool-persist ipp.txt
client-config-dir ccd
keepalive 10 120
tls-auth vpn_my.key 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1200
duplicate-cn
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
cat client_clinic2.conf
client
dev tun
proto udp
topology subnet
remote 208.38.31.237 9000
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1200
persist-key
persist-tun
remote-cert-tls server
ca "/etc/openvpn/client_clinic2/ca.crt"
cert "/etc/openvpn/client_clinic2/syscon9.crt"
key "/etc/openvpn/client_clinic2/syscon9.key"
tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1
comp-lzo
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
log file from client:
cat /var/log/openvpn.log
Thu Feb 25 13:50:30 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2]
[EPOLL] built on Jan 16 2010
Thu Feb 25 13:50:30 2010 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Feb 25 13:50:30 2010 Control Channel Authentication: using
'/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file
Thu Feb 25 13:50:30 2010 Outgoing Control Channel Authentication: Using 160 bit
message hash 'SHA1' for HMAC authentication
Thu Feb 25 13:50:30 2010 Incoming Control Channel Authentication: Using 160 bit
message hash 'SHA1' for HMAC authentication
Thu Feb 25 13:50:30 2010 LZO compression initialized
Thu Feb 25 13:50:30 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0
ET:0 EL:0 ]
Thu Feb 25 13:50:30 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135
ET:32 EL:0 AF:3/1 ]
Thu Feb 25 13:50:30 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 13:50:30 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 13:50:30 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 13:50:30 2010 UDPv4 link local: [undef]
Thu Feb 25 13:50:30 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 13:50:30 2010 TLS: Initial packet from 208.38.31.237:9000,
sid=766f3e2f 0cf96857
Thu Feb 25 13:50:30 2010 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailaddress...@myhost.mydomain
Thu Feb 25 13:50:30 2010 Validating certificate key usage
Thu Feb 25 13:50:30 2010 ++ Certificate has key usage 00a0, expects 00a0
Thu Feb 25 13:50:30 2010 VERIFY KU OK
Thu Feb 25 13:50:30 2010 Validating certificate extended key usage
Thu Feb 25 13:50:30 2010 ++ Certificate has EKU (str) TLS Web Server
Authentication, expects TLS Web Server Authentication
Thu Feb 25 13:50:30 2010 VERIFY EKU OK
Thu Feb 25 13:50:30 2010 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailaddress...@myhost.mydomain
Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Feb 25 13:50:31 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 25 13:50:31 2010 [server] Peer Connection Initiated with
208.38.31.237:9000
Thu Feb 25 13:50:32 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Feb 25 13:50:32 2010 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig
192.168.139.2 255.255.255.0'
Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: route-related options modified
Thu Feb 25 13:50:32 2010 TUN/TAP device tun0 opened
Thu Feb 25 13:50:32 2010 TUN/TAP TX queue length set to 100
Thu Feb 25 13:50:32 2010 /sbin/ifconfig tun0 192.168.139.2 netmask
255.255.255.0 mtu 1500 broadcast 192.168.139.255
Thu Feb 25 13:50:32 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.2
255.255.255.0 init
Thu Feb 25 13:50:32 2010 Initialization Sequence Completed
log file from server:
Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 [syscon9] Inactivity
timeout (--ping-restart), restarting
Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 SIGUSR1[soft,ping-restart]
received, client-instance restarting
Thu Feb 25 13:56:57 2010 MULTI: multi_create_instance called
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Re-using SSL/TLS context
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 LZO compression initialized
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Control Channel MTU parms [ L:1574
D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Data Channel MTU parms [ L:1574
D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Local Options hash (VER=V4):
'7cd8ed90'
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Expected Remote Options hash
(VER=V4): 'ec497616'
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 TLS: Initial packet from
68.148.245.78:55868, sid=57c549f4 702a73f4
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailaddress...@myhost.mydomain
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=syscon9/emailaddress...@myhost.mydomain
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Cipher
'BF-CBC' initialized with 128 bit key
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Using 160
bit message hash 'SHA1' for HMAC authentication
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Cipher
'BF-CBC' initialized with 128 bit key
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Using 160
bit message hash 'SHA1' for HMAC authentication
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Control Channel: TLSv1, cipher
TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 [syscon9] Peer Connection
Initiated with 68.148.245.78:55868
Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: Learn: 192.168.139.3
-> syscon9/68.148.245.78:55868
Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: primary virtual IP
for syscon9/68.148.245.78:55868: 192.168.139.3
Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 PUSH: Received control
message: 'PUSH_REQUEST'
Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 SENT CONTROL [syscon9]: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart
120,ifconfig 192.168.139.3 255.255.255.0' (status=1)
Thu Feb 25 13:57:02 2010 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
Thu Feb 25 13:57:12 2010 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
Whey sever log is always showing this message: [ECONNREFUSED]: Connection
refused (code=111
--
Joseph
