Dorian,
This is just off the top of my head, I didn't really look at the packet
captures... but if the vtun client is compiled with OpenSSL and the
server without it, or vise-versa, it will fail with that error message
and nothing more informative. If you want to test for that, here are a
few little patches to 3.0.1:
error log to syslog for password or SSL mismatch:
diff -rupN vtun-3.0.1-orig/auth.c vtun/auth.c
--- vtun-3.0.1-orig/auth.c 2006-12-11 02:55:06.000000000 -0500
+++ vtun/auth.c 2010-03-03 09:16:21.000000000 -0500
@@ -352,8 +352,10 @@ struct vtun_host * auth_server(int fd)
break;
}
print_p(fd,"OK FLAGS: %s\n", bf2cf(h));
- } else
- h = NULL;
+ } else {
+ vtun_syslog(LOG_ERR, "authentication challenge failed -
password mismatch or SSL mismatch.");
+ h = NULL;
+ }
}
break;
}
adds log message with remote host IP when session is closed:
diff -rupN vtun-3.0.1-orig/server.c vtun/server.c
--- vtun-3.0.1-orig/server.c 2006-12-11 02:55:06.000000000 -0500
+++ vtun/server.c 2010-03-03 09:17:59.000000000 -0500
@@ -85,8 +85,7 @@ void connection(int sock)
sa.sa_flags=SA_NOCLDWAIT;;
sigaction(SIGHUP,&sa,NULL);
- vtun_syslog(LOG_INFO,"Session %s[%s:%d] opened", host->host, ip,
- ntohs(cl_addr.sin_port) );
+ vtun_syslog(LOG_INFO,"Session %s[%s:%d] opened", host->host, ip,
ntohs(cl_addr.sin_port) );
host->rmt_fd = sock;
host->sopt.laddr = strdup(inet_ntoa(my_addr.sin_addr));
@@ -97,13 +96,12 @@ void connection(int sock)
/* Start tunnel */
tunnel(host);
- vtun_syslog(LOG_INFO,"Session %s closed", host->host);
+ vtun_syslog(LOG_INFO,"Session %s[%s:%d] closed", host->host, ip,
ntohs(cl_addr.sin_port) );
/* Unlock host. (locked in auth_server) */
unlock_host(host);
} else {
- vtun_syslog(LOG_INFO,"Denied connection from %s:%d", ip,
- ntohs(cl_addr.sin_port) );
+ vtun_syslog(LOG_INFO,"Denied connection from %s:%d", ip,
ntohs(cl_addr.sin_port) );
}
close(sock);
Adds "with[out] SSL" to startup message
diff -rupN vtun-3.0.1-orig/server.c vtun/server.c
--- vtun-3.0.1-orig/server.c 2006-12-11 02:55:06.000000000 -0500
+++ vtun/server.c 2010-03-03 09:17:59.000000000 -0500
@@ -184,8 +182,11 @@ void server(int sock)
sigaction(SIGPIPE,&sa,NULL);
sigaction(SIGUSR1,&sa,NULL);
- vtun_syslog(LOG_INFO,"VTUN server ver %s (%s)", VTUN_VER,
- vtun.svr_type == VTUN_INETD ? "inetd" : "stand" );
+#ifdef HAVE_SSL
+ vtun_syslog(LOG_INFO,"VTUN server ver %s (%s) with SSL", VTUN_VER,
vtun.svr_type == VTUN_INETD ? "inetd" : "stand" );
+#else
+ vtun_syslog(LOG_INFO,"VTUN server ver %s (%s) without SSL",
VTUN_VER, vtun.svr_type == VTUN_INETD ? "inetd" : "stand" );
+#endif
switch( vtun.svr_type ){
case VTUN_STAND_ALONE:
-Jason Antman
Rutgers University
dorian wrote:
> Hi all,
> I am using VTun for over half a year.
> I have two Linksys routers running WhiteRussian 0.9 with vtun (+some
> required libraries) installed from *.ipk packages.
> Up to now everything was ok.
>
> But last days I've tried to recompile the firmware one of my Linksys
> using Kamikadze.
> Additionally i wanted to customize it having VTun included and exclude
> not interesting stuff.
>
> After that the VTun connetion problem appeared.
>
> On the Linksys side I see:
> #vtund -n -f /tmp/vtund.conf MySession XXX.XXX.XXX.XXX
> vtund[617]: VTun client ver 3.X 05/01/2010 started
> vtund[617]: Connecting to XXX.XXX.XXX.XXX
> vtund[617]: Connection denied by XXX.XXX.XXX.XXX
>
> On the server side:
> [vtund] Denied connection from
> YYY.YYY.YYY.YYY:2049
>
>
>
> Running tcpdump at server I see:
> #tcpdump -n -i eth1 host YYY.YYY.YYY.YYY and port 5000 -s 1500 -A
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 1500
> bytes
> 14:53:47.158288 IP YYY.YYY.YYY.YYY.2051 > XXX.XXX.XXX.XXX.5000: S
> 1616526116:1616526116(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
> e.....@.<.=5MO....7.....`Z;$........q!..............
>
>
> 14:53:47.158314 IP XXX.XXX.XXX.XXX.5000 > YYY.YYY.YYY.YYY.2051: S
> 2318711996:2318711996(0) ack 1616526117 win 5840 <mss
> 1460,nop,nop,sackOK,nop,wscale 6>
> e.....@.@.
>
>
> ...7.MO.......4..`Z;%....*...............
>
>
> 14:53:47.172165 IP YYY.YYY.YYY.YYY.2051 > XXX.XXX.XXX.XXX.5000: . ack 1
> win
> 5840
>
> E..(....@.<....@mo....7.....`z;%.4..P...j.........
>
>
> 14:53:47.172426 IP XXX.XXX.XXX.XXX.5000 > YYY.YYY.YYY.YYY.2051: P
> 1:51(50) ack 1 win
> 92
> e.....@.@.U[..7.MO.......4..`Z;%P..\0j..VTUN server ver 12/04/2009
> A
>
>
> ....................
>
>
> 14:53:47.180773 IP YYY.YYY.YYY.YYY.2051 > XXX.XXX.XXX.XXX.5000: . ack 51
> win
> 5840
> E..(....@.<.=?MO....7.....`Z;%.4..P...j.........
>
>
> 14:53:47.180791 IP YYY.YYY.YYY.YYY.2051 > XXX.XXX.XXX.XXX.5000: P
> 1:51(50) ack 51 win
> 5840
> e.....@.<.=.MO....7.....`Z;%.4..P...S_..HOST: MySession
>
>
>
> ...............................
>
>
> 14:53:47.180799 IP XXX.XXX.XXX.XXX.5000 > YYY.YYY.YYY.YYY.2051: . ack 51
> win
> 92
> E..(.&@....@.u...7.mo.......4..`z;WP..\....
>
>
> 14:53:47.181110 IP XXX.XXX.XXX.XXX.5000 > YYY.YYY.YYY.YYY.2051: P
> 51:101(50) ack 51 win
> 92
> E..Z.'@....@.uy..7.mo.......4..`z;WP..\0j..OK CHAL:
> <inbkfagjkeldbpanjholnjmendojfofm>
>
>
> ......
> 14:53:47.192302 IP YYY.YYY.YYY.YYY.2051 > XXX.XXX.XXX.XXX.5000: P
> 51:101(50) ack 101 win 5840
> e.....@.<.=.MO....7.....`Z;W.4.!P.......CHAL:
> <cobbhfcjieabidkcbiiihofnghljdkei>
> .........
> 14:53:47.192392 IP XXX.XXX.XXX.XXX.5000 > YYY.YYY.YYY.YYY.2051: P
> 101:151(50) ack 101 win 92
> E..Z.(@....@.ux..7.mo.......4.!`z;.P..\0j..ERR
>
> So the problem concerns password checking (at least it looks like).
> But I used exactly the same config files both for server (here nothing
> has been changed)
> and for newly compiled Linksys client (the client config has worked with
> WhiteRussian powered router).
>
> Probably I missed something (not compiled) in Kamikadze configuration.
>
> Any ideas will be appreciated.
>
> Regards,
> Dorian
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Vtun-Users mailing list
> Vtun-Users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/vtun-users
>
------------------------------------------------------------------------------
_______________________________________________
Vtun-Users mailing list
Vtun-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vtun-users
