i changed both the client and server to tcp and it looks like
similiar errors. here is part of the client logs...
Sep 3 00:54:22 UNIXBOX openvpn[4112]: Local Options String: 'V4,dev-
type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-
CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sep 3 00:54:22 UNIXBOX openvpn[4112]: Expected Remote Options
String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto
TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-
server'
Sep 3 00:54:22 UNIXBOX openvpn[4112]: Local Options hash (VER=V4):
'db02a8f8'
Sep 3 00:54:22 UNIXBOX openvpn[4112]: Expected Remote Options hash
(VER=V4): '7e068940'
Sep 3 00:54:22 UNIXBOX openvpn[4112]: Attempting to establish TCP
connection with xx.xx.xx.xx:1194
Sep 3 00:54:22 UNIXBOX openvpn[4112]: TCP connection established
with xx.xx.xx.xx:1194
Sep 3 00:54:22 UNIXBOX openvpn[4112]: Socket Buffers: R=[66240-
>65536] S=[66240->65536]
Sep 3 00:54:22 UNIXBOX openvpn[4112]: TCPv4_CLIENT link local: [undef]
Sep 3 00:54:22 UNIXBOX openvpn[4112]: TCPv4_CLIENT link remote:
xx.xx.xx.xx:1194
Sep 3 00:54:22 UNIXBOX openvpn[4112]: TLS: Initial packet from
xx.xx.xx.xx:1194, sid=e83182b1 39b6b14d
Sep 3 00:54:22 UNIXBOX openvpn[4112]: VERIFY OK: depth=1, /C=US/
ST=NA/L=Milwaukee/O=VPN/CN=fw-bsd-1/
[EMAIL PROTECTED]
Sep 3 00:54:22 UNIXBOX openvpn[4112]: VERIFY OK: nsCertType=SERVER
Sep 3 00:54:22 UNIXBOX openvpn[4112]: VERIFY OK: depth=0, /C=US/
ST=NA/O=VPN/CN=server/[EMAIL PROTECTED]
Sep 3 00:54:23 UNIXBOX openvpn[4112]: Data Channel Encrypt: Cipher
'BF-CBC' initialized with 128 bit key
Sep 3 00:54:23 UNIXBOX openvpn[4112]: Data Channel Encrypt: Using
160 bit message hash 'SHA1' for HMAC authentication
Sep 3 00:54:23 UNIXBOX openvpn[4112]: Data Channel Decrypt: Cipher
'BF-CBC' initialized with 128 bit key
Sep 3 00:54:23 UNIXBOX openvpn[4112]: Data Channel Decrypt: Using
160 bit message hash 'SHA1' for HMAC authentication
Sep 3 00:54:23 UNIXBOX openvpn[4112]: Control Channel: TLSv1, cipher
TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sep 3 00:54:23 UNIXBOX openvpn[4112]: [server] Peer Connection
Initiated with xx.xx.xx.xx:1194
Sep 3 00:54:24 UNIXBOX openvpn[4112]: SENT CONTROL [server]:
'PUSH_REQUEST' (status=1)
Sep 3 00:54:24 UNIXBOX openvpn[4112]: PUSH: Received control
message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route
192.168.2.1,ping 10,ping-restart 60,ifconfig 192.168.2.6 192.168.2.5'
Sep 3 00:54:24 UNIXBOX openvpn[4112]: OPTIONS IMPORT: timers and/or
timeouts modified
Sep 3 00:54:24 UNIXBOX openvpn[4112]: OPTIONS IMPORT: --ifconfig/up
options modified
Sep 3 00:54:24 UNIXBOX openvpn[4112]: OPTIONS IMPORT: route options
modified
Sep 3 00:54:24 UNIXBOX openvpn[4112]: gw 172.16.0.1
Sep 3 00:54:24 UNIXBOX openvpn[4112]: TUN/TAP device /sbin/ifconfig
opened
Sep 3 00:54:24 UNIXBOX openvpn[4112]: /sbin/ifconfig tun delete
Sep 3 00:54:24 UNIXBOX openvpn[4112]: NOTE: Tried to delete pre-
existing tun/tap instance -- No Problem if failure
Sep 3 00:54:24 UNIXBOX openvpn[4112]: /sbin/ifconfig tun 192.168.2.6
192.168.2.5 mtu 1500 netmask 255.255.255.255 up
Sep 3 00:54:24 UNIXBOX openvpn[4112]: MANAGEMENT: Client disconnected
Sep 3 00:54:24 UNIXBOX openvpn[4112]: Mac OS X ifconfig failed:
shell command exited with error status: 126
thanks,
-phil
On Sep 2, 2008, at 11:36 PM, Mark Wass wrote:
Hey Phil
Just out of curiosity did you try using TCP instead of UDP?
If you try it just don't forget to open the correct protocol in your
firewall rules.
Regards
Mark
-----Original Message-----
From: BSD Wiz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 3 September 2008 2:01 PM
To: [email protected]
Subject: [pfSense Support] openvpn and road warrior issues
hi,
i'm trying to get openvpn running on pfsense 1.2 working with
tunnelblick on my macbook. the link below shows my server config,
client config, and client log file. any suggestions are appreciated.
http://pastebin.com/d50a50091
thanks,
-phil
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
