Hi Samuel, On Wed, Oct 27, 2010 at 02:05:49AM +0200, Samuel Ortiz wrote: > Hi Daniel, > > On Tue, Oct 26, 2010 at 03:54:23PM +0200, Daniel Wagner wrote: > > Hi, > > > > yet another update on this patch. OpenVPN is now running, but I'm > > struggling with the settings. The OpenVPN server settings seems > > broken. I can ping the server address (10.1.0.1) from my client > > (10.1.0.6). But everything else doesn't work yet. Some more debugging > > needed here :) > > > > Another thing I found out is that if there is no netmask set on the > > provider, connman does not setup the route. Don't know if this a bug > > in connman or in my setup. > Although your OpenVPN server should probably provide you with a proper > netmask, I just pushed a patch to have ConnMan being less pedantic about the > netmask. So your routes should be set now (Which might also fix the problem > you're describing in the first paragraph), could you please try ?
The netmask problem is solved. I fixed my server setup, so all the traffic is routed to the openvpn server and the server acts as default gateway. On the server I have following configuration: dev tun0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem server 10.1.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 85.25.128.10" push "dhcp-option DNS 85.25.255.10" On the client side I have: client dev tun remote hotel311.server4you.de resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert freakazoid.crt key freakazoid.key The def1 flag does: def1 -- Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway So starting openvpn without connman (just fetch local IP address with dhclient), the routing table looks like this: $ ip r 85.25.146.15 via 192.168.0.254 dev eth0 10.1.0.5 dev tun0 proto kernel scope link src 10.1.0.6 10.1.0.1 via 10.1.0.5 dev tun0 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.101.14 0.0.0.0/1 via 10.1.0.5 dev tun0 128.0.0.0/1 via 10.1.0.5 dev tun0 default via 192.168.0.254 dev eth0 and everthing works fine. I have to admit I haven't really understood the 0.0.0.0/1 and 128.0.0.0/1 magic but it helped in my case :) If I use connman with openvpn together then the routing looks like this: $ ip r 10.1.0.5 via 192.168.0.254 dev eth0 10.1.0.5 dev vpn0 scope link 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.101.14 default via 10.1.0.6 dev vpn0 scope link and openvpn complains about not finding the openvpn server: connmand[10724]: vpn0 {create} index 17 type 65534 <NONE> connmand[10724]: vpn0 {update} flags 4240 <DOWN> connmand[10724]: vpn0 {newlink} index 17 operstate 2 <DOWN> openvpn[10730]: OpenVPN 2.1.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 5 2010 openvpn[10730]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. openvpn[10730]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts openvpn[10730]: UDPv4 link local: [undef] openvpn[10730]: UDPv4 link remote: 85.25.146.15:1194 openvpn[10730]: [toronto053.server4you.de] Peer Connection Initiated with 85.25.146.15:1194 openvpn[10730]: TUN/TAP device vpn0 opened openvpn[10730]: /home/wagi/src/connman/scripts/openvpn-script vpn0 1500 1541 10.1.0.6 10.1.0.5 init openvpn[10730]: Initialization Sequence Completed connmand[10724]: vpn0 {newlink} index 17 operstate 2 <DOWN> connmand[10724]: vpn0 {update} flags 69841 <UP,RUNNING,LOWER_UP> connmand[10724]: vpn0 {newlink} index 17 operstate 0 <UNKNOWN> connmand[10724]: vpn0 up connmand[10724]: vpn0 lower up connmand[10724]: Deleting host route failed (No such process) connmand[10724]: Removing default gateway route failed (No such process) connmand[10724]: Enabling DNS server 192.168.100.4 connmand[10724]: Deleting host route failed (No such process) connmand[10724]: Removing default gateway route failed (No such process) connmand[10724]: Adding DNS server 85.25.128.10 connmand[10724]: vpn0 {add} address 10.1.0.6/32 label vpn0 connmand[10724]: vpn0 ip bound openvpn[10730]: write UDPv4 []: Network is unreachable (code=101) connmand[10724]: vpn0 {add} route 10.1.0.5 gw 0.0.0.0 scope 253 <LINK> connmand[10724]: eth0 {add} route 10.1.0.5 gw 192.168.0.254 scope 0 <UNIVERSE> connmand[10724]: eth0 {del} route 192.168.0.254 gw 0.0.0.0 scope 253 <LINK> connmand[10724]: eth0 ip release connmand[10724]: eth0 {del} route 0.0.0.0 gw 192.168.0.254 scope 0 <UNIVERSE> connmand[10724]: Enabling DNS server 192.168.100.4 connmand[10724]: Disabling DNS server 85.25.128.10 connmand[10724]: Disabling DNS server 192.168.100.4 connmand[10724]: Enabling DNS server 85.25.128.10 connmand[10724]: vpn0 {add} route 0.0.0.0 gw 10.1.0.6 scope 253 <LINK> ntpd[1488]: Listening on interface #41 vpn0, 10.1.0.6#123 Enabled connmand[10724]: Disabling DNS server 192.168.100.4 connmand[10724]: Disabling DNS server 85.25.128.10 connmand[10724]: Removing DNS server 85.25.128.10 openvpn[10730]: event_wait : Interrupted system call (code=4) openvpn[10730]: SIGTERM[hard,] received, process exiting connmand[10724]: Deleting host route failed (No such process) connmand[10724]: Enabling DNS server 192.168.100.4 connmand[10724]: wlan0 initiating scan connmand[10724]: vpn0 {RX} 0 packets 0 bytes connmand[10724]: vpn0 {TX} 673 packets 442683 bytes connmand[10724]: vpn0 {update} flags 4240 <DOWN> connmand[10724]: vpn0 {newlink} index 17 operstate 2 <DOWN> I have tried to add some of the 'missing' routes listed in the pure openvpn version without avail. Any ideas? cheers, daniel _______________________________________________ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman