Hi Samuel,
On Wed, Oct 27, 2010 at 02:05:49AM +0200, Samuel Ortiz wrote:
> Hi Daniel,
>
> On Tue, Oct 26, 2010 at 03:54:23PM +0200, Daniel Wagner wrote:
> > Hi,
> >
> > yet another update on this patch. OpenVPN is now running, but I'm
> > struggling with the settings. The OpenVPN server settings seems
> > broken. I can ping the server address (10.1.0.1) from my client
> > (10.1.0.6). But everything else doesn't work yet. Some more debugging
> > needed here :)
> >
> > Another thing I found out is that if there is no netmask set on the
> > provider, connman does not setup the route. Don't know if this a bug
> > in connman or in my setup.
> Although your OpenVPN server should probably provide you with a proper
> netmask, I just pushed a patch to have ConnMan being less pedantic about the
> netmask. So your routes should be set now (Which might also fix the problem
> you're describing in the first paragraph), could you please try ?
The netmask problem is solved.
I fixed my server setup, so all the traffic is routed to the openvpn
server and the server acts as default gateway. On the server I have
following configuration:
dev tun0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.1.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 85.25.128.10"
push "dhcp-option DNS 85.25.255.10"
On the client side I have:
client
dev tun
remote hotel311.server4you.de
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert freakazoid.crt
key freakazoid.key
The def1 flag does:
def1 -- Use this flag to override the default gateway by using
0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This
has the benefit of overriding but not wiping out the
original default gateway
So starting openvpn without connman (just fetch local IP address with
dhclient), the routing table looks like this:
$ ip r
85.25.146.15 via 192.168.0.254 dev eth0
10.1.0.5 dev tun0 proto kernel scope link src 10.1.0.6
10.1.0.1 via 10.1.0.5 dev tun0
192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.101.14
0.0.0.0/1 via 10.1.0.5 dev tun0
128.0.0.0/1 via 10.1.0.5 dev tun0
default via 192.168.0.254 dev eth0
and everthing works fine. I have to admit I haven't really understood
the 0.0.0.0/1 and 128.0.0.0/1 magic but it helped in my case :)
If I use connman with openvpn together then the routing looks like
this:
$ ip r
10.1.0.5 via 192.168.0.254 dev eth0
10.1.0.5 dev vpn0 scope link
192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.101.14
default via 10.1.0.6 dev vpn0 scope link
and openvpn complains about not finding the openvpn server:
connmand[10724]: vpn0 {create} index 17 type 65534 <NONE>
connmand[10724]: vpn0 {update} flags 4240 <DOWN>
connmand[10724]: vpn0 {newlink} index 17 operstate 2 <DOWN>
openvpn[10730]: OpenVPN 2.1.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL]
[PKCS11] built on Jan 5 2010
openvpn[10730]: WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
openvpn[10730]: NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
openvpn[10730]: UDPv4 link local: [undef]
openvpn[10730]: UDPv4 link remote: 85.25.146.15:1194
openvpn[10730]: [toronto053.server4you.de] Peer Connection Initiated with
85.25.146.15:1194
openvpn[10730]: TUN/TAP device vpn0 opened
openvpn[10730]: /home/wagi/src/connman/scripts/openvpn-script vpn0 1500 1541
10.1.0.6 10.1.0.5 init
openvpn[10730]: Initialization Sequence Completed
connmand[10724]: vpn0 {newlink} index 17 operstate 2 <DOWN>
connmand[10724]: vpn0 {update} flags 69841 <UP,RUNNING,LOWER_UP>
connmand[10724]: vpn0 {newlink} index 17 operstate 0 <UNKNOWN>
connmand[10724]: vpn0 up
connmand[10724]: vpn0 lower up
connmand[10724]: Deleting host route failed (No such process)
connmand[10724]: Removing default gateway route failed (No such process)
connmand[10724]: Enabling DNS server 192.168.100.4
connmand[10724]: Deleting host route failed (No such process)
connmand[10724]: Removing default gateway route failed (No such process)
connmand[10724]: Adding DNS server 85.25.128.10
connmand[10724]: vpn0 {add} address 10.1.0.6/32 label vpn0
connmand[10724]: vpn0 ip bound
openvpn[10730]: write UDPv4 []: Network is unreachable (code=101)
connmand[10724]: vpn0 {add} route 10.1.0.5 gw 0.0.0.0 scope 253 <LINK>
connmand[10724]: eth0 {add} route 10.1.0.5 gw 192.168.0.254 scope 0 <UNIVERSE>
connmand[10724]: eth0 {del} route 192.168.0.254 gw 0.0.0.0 scope 253 <LINK>
connmand[10724]: eth0 ip release
connmand[10724]: eth0 {del} route 0.0.0.0 gw 192.168.0.254 scope 0 <UNIVERSE>
connmand[10724]: Enabling DNS server 192.168.100.4
connmand[10724]: Disabling DNS server 85.25.128.10
connmand[10724]: Disabling DNS server 192.168.100.4
connmand[10724]: Enabling DNS server 85.25.128.10
connmand[10724]: vpn0 {add} route 0.0.0.0 gw 10.1.0.6 scope 253 <LINK>
ntpd[1488]: Listening on interface #41 vpn0, 10.1.0.6#123 Enabled
connmand[10724]: Disabling DNS server 192.168.100.4
connmand[10724]: Disabling DNS server 85.25.128.10
connmand[10724]: Removing DNS server 85.25.128.10
openvpn[10730]: event_wait : Interrupted system call (code=4)
openvpn[10730]: SIGTERM[hard,] received, process exiting
connmand[10724]: Deleting host route failed (No such process)
connmand[10724]: Enabling DNS server 192.168.100.4
connmand[10724]: wlan0 initiating scan
connmand[10724]: vpn0 {RX} 0 packets 0 bytes
connmand[10724]: vpn0 {TX} 673 packets 442683 bytes
connmand[10724]: vpn0 {update} flags 4240 <DOWN>
connmand[10724]: vpn0 {newlink} index 17 operstate 2 <DOWN>
I have tried to add some of the 'missing' routes listed in the pure
openvpn version without avail. Any ideas?
cheers,
daniel
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
