Re: [gentoo-user] openvpn static ip
On 02/25/2010 11:21 PM, Joseph wrote: On 02/25/10 22:17, Xavier Parizet wrote: [snip] I added full path to the server for ccd: /etc/openvpn/ccd Now I'm getting consistent IP: 192.168.139.2 every-time I restart openvpn.client_clinic2 but I'm not getting what I requested in ccd/syscon9: ifconfig-push 192.168.139.15 255.255.255.0 retry ifconfig-push 192.168.139.15 192.168.139.1 . Also post /etc/openvpn/ipp.txt content and try removing it and restart openvpn server keep the full log level 4, and restart openvpn client, keep the full log level 4. I'm starting to be out of ideas ^^ The client runs openvpn as user root, the server runs openvpn as user openvpn. -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] openvpn static ip
On Friday 26 February 2010 01:39:55 Joseph wrote: On 02/25/10 22:17, Xavier Parizet wrote: From what i can see, please try to add full path to the ccd directory in client-config-dir directive on the server path. Also check permissions on that directory. On which user are you running openvpn on the server ? On the client ? On client: drwxr-xr-x 2 root root 4096 Feb 24 18:49 ccd -rw-r--r-- 1 root root 45 Feb 25 12:13 syscon9 so this looks OK, From this, it looks like the syscon9 file is not in the .../ccd/ directory? Also, isn't this file supposed to be on the server? Can you increase verbosity and see if there is no open fails on the server ? If it works, you should have the following line in server logs: OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 MULTI: Learn: [192.168.139.15] - syscon9/[ip source:port source] I've increased verbosity on server to 9 but I can not find any phrase in the serer log file: fails IMPORT but I've noticed this section on the server log: ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/syscon9' [0] ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/DEFAULT' [0] ...syscon9/68.148.245.78:56172 MULTI: Learn: 192.168.139.2 - syscon9/68.148.245.78:56172 If I change the directory to ccd the log just shows: ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/syscon9' [0] ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/DEFAULT' [0 This seems to indicate it can't actually find the file /etc/openvpn/ccd/syscon9 This file needs to be located on the server, not on the client, as it's the server that determines the IP-address for the client. -- Joost
Re: [gentoo-user] openvpn static ip
On 02/25/2010 02:32 AM, Joseph wrote: I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients My server.conf port 8458 proto udp dev tun mode server ca /usr/share/openvpn/easy-rsa/keys/ca.crt cert /usr/share/openvpn/easy-rsa/keys/server.crt key /usr/share/openvpn/easy-rsa/keys/server.key dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem server 192.168.139.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_my.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 On client in /etc/openvpn/ccd directory I've created a file syscon9 with: ifconfig-push 192.168.139.15 192.168.139.1 Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? man openvpn tell me the following for ifconfig-push: --ifconfig-push local remote-netmask so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line above in the ccd directory. If it doesn't work, then please post the openvpn.log of the client. This file suppose to have a name from client CN client.conf client dev tun proto udp remote 68.148.245.78 8458 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca /etc/openvpn/client/ca.crt cert /etc/openvpn/client/syscon9.crt key /etc/openvpn/client/syscon9.key tls-auth /etc/openvpn/client/vpn.key 1 comp-lzo log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] openvpn static ip
On Wed, 2010-02-24 at 20:37 -0700, Joseph wrote: The directory name shouldn't make any difference, I'm using directory name ccd; though I've tried the IP's you suggested, it makes no difference, still not getting static IP :-/ Thanks for suggestion, I've been on it all day and can not find the solution. Yeah I know the directory name is arbitrary, I was only giving you the example that works for me. Not sure why it doesn't work for you. Do the file names match up with the DNs (check the logs)? -a
Re: [gentoo-user] openvpn static ip
Le 25/02/2010 17:51, Joseph a écrit : On 02/25/10 08:40, Xavier Parizet wrote: On 02/25/2010 02:32 AM, Joseph wrote: I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients My server.conf port 8458 [SNIP] On client in /etc/openvpn/ccd directory I've created a file syscon9 with: ifconfig-push 192.168.139.15 192.168.139.1 Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? man openvpn tell me the following for ifconfig-push: --ifconfig-push local remote-netmask so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line above in the ccd directory. If it doesn't work, then please post the openvpn.log of the client. I've tried it many time, it doesn't work with the netmaks. File: syscon9 from ccd: cat syscon9 ifconfig-push 192.168.0.15 255.255.255.0 ^^^ this is wrong (or maybe a typing mistake?) If it's a typing mistake, then please post now server side log. [SNIP] -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] openvpn static ip
On 02/25/10 18:12, Xavier Parizet wrote: Le 25/02/2010 17:51, Joseph a ??crit : On 02/25/10 08:40, Xavier Parizet wrote: On 02/25/2010 02:32 AM, Joseph wrote: I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients My server.conf port 8458 [SNIP] On client in /etc/openvpn/ccd directory I've created a file syscon9 with: ifconfig-push 192.168.139.15 192.168.139.1 Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? man openvpn tell me the following for ifconfig-push: --ifconfig-push local remote-netmask so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line above in the ccd directory. If it doesn't work, then please post the openvpn.log of the client. I've tried it many time, it doesn't work with the netmaks. File: syscon9 from ccd: cat syscon9 ifconfig-push 192.168.0.15 255.255.255.0 ^^^ this is wrong (or maybe a typing mistake?) If it's a typing mistake, then please post now server side log. Yes, it was a typo :-/ I corrected it: cat syscon9 ifconfig-push 192.168.139.15 255.255.255.0 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 log: cat /var/log/openvpn.log Thu Feb 25 12:14:04 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 12:14:04 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 12:14:04 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 12:14:04 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 12:14:04 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 12:14:04 2010 LZO compression initialized Thu Feb 25 12:14:04 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 12:14:04 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 12:14:04 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 12:14:04 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 12:14:04 2010 Socket Buffers: R=[114688-131072] S=[114688-131072] Thu Feb 25 12:14:04 2010 UDPv4 link local: [undef] Thu Feb 25 12:14:04 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 12:15:04 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Feb 25 12:15:04 2010 TLS Error: TLS handshake failed Thu Feb 25 12:15:04 2010 TCP/UDP: Closing socket Thu Feb 25 12:15:04 2010 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 25 12:15:04 2010 Restart pause, 2 second(s) Thu Feb 25 12:15:06 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 12:15:06 2010 Re-using SSL/TLS context Thu Feb 25 12:15:06 2010 LZO compression initialized Thu Feb 25 12:15:06 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 12:15:06 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 12:15:06 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 12:15:06 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 12:15:06 2010 Socket Buffers: R=[114688-131072] S=[114688-131072] Thu Feb 25 12:15:06 2010 UDPv4 link local: [undef] Thu Feb 25 12:15:06 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 12:16:06 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Feb 25 12:16:06 2010 TLS Error: TLS handshake failed Thu Feb 25 12:16:06 2010 TCP/UDP: Closing socket Thu Feb 25 12:16:06 2010 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 25 12:16:06 2010 Restart pause, 2 second(s) Thu Feb 25 12:16:08 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 12:16:08 2010 Re-using SSL/TLS context Thu Feb 25 12:16:08 2010 LZO compression initialized Thu Feb 25 12:16:08 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 12:16:08 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 12:16:08 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 12:16:08 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 12:16:08 2010 Socket Buffers: R=[114688-131072] S=[114688-131072] Thu Feb 25 12:16:08 2010 UDPv4 link local: [undef] Thu Feb 25 12:16:08 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 12:16:25 2010 TLS: Initial packet from 208.38.31.237:9000, sid=9c654bbf 0689942b Thu Feb 25 12:16:25 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailaddress...@myhost.mydomain Thu Feb 25 12:16:25 2010 Validating certificate key
Re: [gentoo-user] openvpn static ip
Le 25/02/2010 20:20, Joseph a écrit : On 02/25/10 18:12, Xavier Parizet wrote: Le 25/02/2010 17:51, Joseph a ??crit : On 02/25/10 08:40, Xavier Parizet wrote: On 02/25/2010 02:32 AM, Joseph wrote: I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients My server.conf port 8458 [SNIP] On client in /etc/openvpn/ccd directory I've created a file syscon9 with: ifconfig-push 192.168.139.15 192.168.139.1 Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? man openvpn tell me the following for ifconfig-push: --ifconfig-push local remote-netmask so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line above in the ccd directory. If it doesn't work, then please post the openvpn.log of the client. I've tried it many time, it doesn't work with the netmaks. File: syscon9 from ccd: cat syscon9 ifconfig-push 192.168.0.15 255.255.255.0 ^^^ this is wrong (or maybe a typing mistake?) If it's a typing mistake, then please post now server side log. Yes, it was a typo :-/ I corrected it: cat syscon9 ifconfig-push 192.168.139.15 255.255.255.0 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 log: cat /var/log/openvpn.log [SNIP] Ok. After re-re-reading the man page, try to add parameter topology subnet to server config. If it still don't work, then _please_ post the openvpn.log of the server side. -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] openvpn static ip
On Thursday 25 February 2010, Joseph wrote: Yes, it was a typo :-/ I corrected it: cat syscon9 ifconfig-push 192.168.139.15 255.255.255.0 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 Try adding topology subnet to both client and server config.
Re: [gentoo-user] openvpn static ip
On 02/25/10 21:09, Xavier Parizet wrote: [snip] Yes, it was a typo :-/ I corrected it: cat syscon9 ifconfig-push 192.168.139.15 255.255.255.0 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 log: cat /var/log/openvpn.log [SNIP] Ok. After re-re-reading the man page, try to add parameter topology subnet to server config. If it still don't work, then _please_ post the openvpn.log of the server side. -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF I've added: topology subnet to both client and server conf but now when I try to disconnect and connect I'm getting consecutive IP's: 192.168.139.2 192.168.139.3 192.168.139.4 ... cat server.conf port 9000 proto udp dev tun mode server ca /usr/share/openvpn/easy-rsa/keys/ca.crt cert /usr/share/openvpn/easy-rsa/keys/server.crt key /usr/share/openvpn/easy-rsa/keys/server.key dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem topology subnet server 192.168.139.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_my.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 cat client_clinic2.conf client dev tun proto udp topology subnet remote 208.38.31.237 9000 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca /etc/openvpn/client_clinic2/ca.crt cert /etc/openvpn/client_clinic2/syscon9.crt key /etc/openvpn/client_clinic2/syscon9.key tls-auth /etc/openvpn/client_clinic2/vpn_my.key 1 comp-lzo log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 log file from client: cat /var/log/openvpn.log Thu Feb 25 13:50:30 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 13:50:30 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 13:50:30 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 13:50:30 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:30 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:30 2010 LZO compression initialized Thu Feb 25 13:50:30 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 13:50:30 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 13:50:30 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 13:50:30 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 13:50:30 2010 Socket Buffers: R=[114688-131072] S=[114688-131072] Thu Feb 25 13:50:30 2010 UDPv4 link local: [undef] Thu Feb 25 13:50:30 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 13:50:30 2010 TLS: Initial packet from 208.38.31.237:9000, sid=766f3e2f 0cf96857 Thu Feb 25 13:50:30 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailaddress...@myhost.mydomain Thu Feb 25 13:50:30 2010 Validating certificate key usage Thu Feb 25 13:50:30 2010 ++ Certificate has key usage 00a0, expects 00a0 Thu Feb 25 13:50:30 2010 VERIFY KU OK Thu Feb 25 13:50:30 2010 Validating certificate extended key usage Thu Feb 25 13:50:30 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Feb 25 13:50:30 2010 VERIFY EKU OK Thu Feb 25 13:50:30 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailaddress...@myhost.mydomain Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:31 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 13:50:31 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 Thu Feb 25 13:50:32 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 25 13:50:32 2010 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.139.2 255.255.255.0' Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: route-related options modified Thu Feb 25 13:50:32 2010 TUN/TAP device tun0 opened Thu Feb 25 13:50:32 2010 TUN/TAP TX queue
Re: [gentoo-user] openvpn static ip
Le 25/02/2010 22:01, Joseph a écrit : On 02/25/10 21:09, Xavier Parizet wrote: [snip] Yes, it was a typo :-/ I corrected it: cat syscon9 ifconfig-push 192.168.139.15 255.255.255.0 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 log: cat /var/log/openvpn.log [SNIP] Ok. After re-re-reading the man page, try to add parameter topology subnet to server config. If it still don't work, then _please_ post the openvpn.log of the server side. I've added: topology subnet to both client and server conf but now when I try to disconnect and connect I'm getting consecutive IP's: 192.168.139.2 192.168.139.3 192.168.139.4 ... cat server.conf port 9000 proto udp dev tun mode server ca /usr/share/openvpn/easy-rsa/keys/ca.crt cert /usr/share/openvpn/easy-rsa/keys/server.crt key /usr/share/openvpn/easy-rsa/keys/server.key dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem topology subnet server 192.168.139.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_my.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 cat client_clinic2.conf client dev tun proto udp topology subnet remote 208.38.31.237 9000 resolv-retry infinite nobind ^^ you should remove this line to avoid connection refused messages from the server. As you are in udp, client should bind on udp source port to get messages from the server. tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca /etc/openvpn/client_clinic2/ca.crt cert /etc/openvpn/client_clinic2/syscon9.crt key /etc/openvpn/client_clinic2/syscon9.key tls-auth /etc/openvpn/client_clinic2/vpn_my.key 1 comp-lzo log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 log file from client: cat /var/log/openvpn.log [SNIP] Whey sever log is always showing this message: [ECONNREFUSED]: Connection refused (code=111 From what i can see, please try to add full path to the ccd directory in client-config-dir directive on the server path. Also check permissions on that directory. On which user are you running openvpn on the server ? On the client ? Can you increase verbosity and see if there is no open fails on the server ? If it works, you should have the following line in server logs: OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 MULTI: Learn: [192.168.139.15] - syscon9/[ip source:port source] -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] openvpn static ip
On 02/25/10 22:17, Xavier Parizet wrote: [snip] topology subnet remote 208.38.31.237 9000 resolv-retry infinite nobind ^^ you should remove this line to avoid connection refused messages from the server. As you are in udp, client should bind on udp source port to get messages from the server. I remove this one from client.conf tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca /etc/openvpn/client_clinic2/ca.crt cert /etc/openvpn/client_clinic2/syscon9.crt key /etc/openvpn/client_clinic2/syscon9.key tls-auth /etc/openvpn/client_clinic2/vpn_my.key 1 comp-lzo log/var/log/openvpn.log log-append /var/log/openvpn.log verb 3 log file from client: cat /var/log/openvpn.log [SNIP] Whey sever log is always showing this message: [ECONNREFUSED]: Connection refused (code=111 From what i can see, please try to add full path to the ccd directory in client-config-dir directive on the server path. Also check permissions on that directory. On which user are you running openvpn on the server ? On the client ? Can you increase verbosity and see if there is no open fails on the server ? If it works, you should have the following line in server logs: OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 MULTI: Learn: [192.168.139.15] - syscon9/[ip source:port source] -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF I added full path to the server for ccd: /etc/openvpn/ccd Now I'm getting consistent IP: 192.168.139.2 every-time I restart openvpn.client_clinic2 but I'm not getting what I requested in ccd/syscon9: ifconfig-push 192.168.139.15 255.255.255.0 The client runs openvpn as user root, the server runs openvpn as user openvpn. -- Joseph
Re: [gentoo-user] openvpn static ip
On 02/25/10 22:17, Xavier Parizet wrote: From what i can see, please try to add full path to the ccd directory in client-config-dir directive on the server path. Also check permissions on that directory. On which user are you running openvpn on the server ? On the client ? On client: drwxr-xr-x 2 root root 4096 Feb 24 18:49 ccd -rw-r--r-- 1 root root 45 Feb 25 12:13 syscon9 so this looks OK, Can you increase verbosity and see if there is no open fails on the server ? If it works, you should have the following line in server logs: OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 MULTI: Learn: [192.168.139.15] - syscon9/[ip source:port source] I've increased verbosity on server to 9 but I can not find any phrase in the serer log file: fails IMPORT but I've noticed this section on the server log: ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/syscon9' [0] ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/DEFAULT' [0] ...syscon9/68.148.245.78:56172 MULTI: Learn: 192.168.139.2 - syscon9/68.148.245.78:56172 If I change the directory to ccd the log just shows: ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/syscon9' [0] ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/DEFAULT' [0 -- Joseph
Re: [gentoo-user] openvpn static ip
On Wed, 2010-02-24 at 18:32 -0700, Joseph wrote: I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients Put this your config config: client-config-dir client.d And then in client.d/ have a file for each client, e.g. # cat client.d/client ifconfig-push 192.168.0.4 192.168.0.1
Re: [gentoo-user] openvpn static ip
On 02/24/10 21:51, Albert Hopkins wrote: On Wed, 2010-02-24 at 18:32 -0700, Joseph wrote: I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients Put this your config config: client-config-dir client.d And then in client.d/ have a file for each client, e.g. # cat client.d/client ifconfig-push 192.168.0.4 192.168.0.1 The directory name shouldn't make any difference, I'm using directory name ccd; though I've tried the IP's you suggested, it makes no difference, still not getting static IP :-/ Thanks for suggestion, I've been on it all day and can not find the solution. -- Joseph
