1 |
On 02/25/10 18:12, Xavier Parizet wrote: |
2 |
>Le 25/02/2010 17:51, Joseph a ??crit : |
3 |
>> On 02/25/10 08:40, Xavier Parizet wrote: |
4 |
>>> On 02/25/2010 02:32 AM, Joseph wrote: |
5 |
>>>> I've configured OpenVPN and it works OK but I can not seems to figure it |
6 |
>>>> out how to assign static IP to clients |
7 |
>>>> |
8 |
>>>> My server.conf port 8458 |
9 |
>>>> [SNIP] |
10 |
>>>> |
11 |
>>>> On client in /etc/openvpn/ccd directory I've created a file "syscon9" |
12 |
>>>> with: |
13 |
>>>> ifconfig-push 192.168.139.15 192.168.139.1 |
14 |
>>> |
15 |
>>> Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? |
16 |
>>> man openvpn tell me the following for ifconfig-push: |
17 |
>>> --ifconfig-push local remote-netmask |
18 |
>>> |
19 |
>>> so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line |
20 |
>>> above in the ccd directory. |
21 |
>>> |
22 |
>>> If it doesn't work, then please post the openvpn.log of the client. |
23 |
>> |
24 |
>> I've tried it many time, it doesn't work with the netmaks. File: syscon9 |
25 |
>> from ccd: |
26 |
>> cat syscon9 |
27 |
>> ifconfig-push 192.168.0.15 255.255.255.0 |
28 |
> ^^^ |
29 |
> this is wrong (or maybe a typing mistake?) |
30 |
> |
31 |
>If it's a typing mistake, then please post now server side log. |
32 |
|
33 |
Yes, it was a typo :-/ I corrected it: |
34 |
cat syscon9 |
35 |
ifconfig-push 192.168.139.15 255.255.255.0 |
36 |
|
37 |
but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 |
38 |
|
39 |
log: |
40 |
cat /var/log/openvpn.log |
41 |
Thu Feb 25 12:14:04 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 |
42 |
Thu Feb 25 12:14:04 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
43 |
Thu Feb 25 12:14:04 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file |
44 |
Thu Feb 25 12:14:04 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
45 |
Thu Feb 25 12:14:04 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
46 |
Thu Feb 25 12:14:04 2010 LZO compression initialized |
47 |
Thu Feb 25 12:14:04 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] |
48 |
Thu Feb 25 12:14:04 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] |
49 |
Thu Feb 25 12:14:04 2010 Local Options hash (VER=V4): 'ec497616' |
50 |
Thu Feb 25 12:14:04 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' |
51 |
Thu Feb 25 12:14:04 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] |
52 |
Thu Feb 25 12:14:04 2010 UDPv4 link local: [undef] |
53 |
Thu Feb 25 12:14:04 2010 UDPv4 link remote: 208.38.31.237:9000 |
54 |
Thu Feb 25 12:15:04 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
55 |
Thu Feb 25 12:15:04 2010 TLS Error: TLS handshake failed |
56 |
Thu Feb 25 12:15:04 2010 TCP/UDP: Closing socket |
57 |
Thu Feb 25 12:15:04 2010 SIGUSR1[soft,tls-error] received, process restarting |
58 |
Thu Feb 25 12:15:04 2010 Restart pause, 2 second(s) |
59 |
Thu Feb 25 12:15:06 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
60 |
Thu Feb 25 12:15:06 2010 Re-using SSL/TLS context |
61 |
Thu Feb 25 12:15:06 2010 LZO compression initialized |
62 |
Thu Feb 25 12:15:06 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] |
63 |
Thu Feb 25 12:15:06 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] |
64 |
Thu Feb 25 12:15:06 2010 Local Options hash (VER=V4): 'ec497616' |
65 |
Thu Feb 25 12:15:06 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' |
66 |
Thu Feb 25 12:15:06 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] |
67 |
Thu Feb 25 12:15:06 2010 UDPv4 link local: [undef] |
68 |
Thu Feb 25 12:15:06 2010 UDPv4 link remote: 208.38.31.237:9000 |
69 |
Thu Feb 25 12:16:06 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
70 |
Thu Feb 25 12:16:06 2010 TLS Error: TLS handshake failed |
71 |
Thu Feb 25 12:16:06 2010 TCP/UDP: Closing socket |
72 |
Thu Feb 25 12:16:06 2010 SIGUSR1[soft,tls-error] received, process restarting |
73 |
Thu Feb 25 12:16:06 2010 Restart pause, 2 second(s) |
74 |
Thu Feb 25 12:16:08 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
75 |
Thu Feb 25 12:16:08 2010 Re-using SSL/TLS context |
76 |
Thu Feb 25 12:16:08 2010 LZO compression initialized |
77 |
Thu Feb 25 12:16:08 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] |
78 |
Thu Feb 25 12:16:08 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] |
79 |
Thu Feb 25 12:16:08 2010 Local Options hash (VER=V4): 'ec497616' |
80 |
Thu Feb 25 12:16:08 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' |
81 |
Thu Feb 25 12:16:08 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] |
82 |
Thu Feb 25 12:16:08 2010 UDPv4 link local: [undef] |
83 |
Thu Feb 25 12:16:08 2010 UDPv4 link remote: 208.38.31.237:9000 |
84 |
Thu Feb 25 12:16:25 2010 TLS: Initial packet from 208.38.31.237:9000, sid=9c654bbf 0689942b |
85 |
Thu Feb 25 12:16:25 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@××××××.mydomain |
86 |
Thu Feb 25 12:16:25 2010 Validating certificate key usage |
87 |
Thu Feb 25 12:16:25 2010 ++ Certificate has key usage 00a0, expects 00a0 |
88 |
Thu Feb 25 12:16:25 2010 VERIFY KU OK |
89 |
Thu Feb 25 12:16:25 2010 Validating certificate extended key usage |
90 |
Thu Feb 25 12:16:25 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication |
91 |
Thu Feb 25 12:16:25 2010 VERIFY EKU OK |
92 |
Thu Feb 25 12:16:25 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@××××××.mydomain |
93 |
Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key |
94 |
Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
95 |
Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key |
96 |
Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
97 |
Thu Feb 25 12:16:26 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA |
98 |
Thu Feb 25 12:16:26 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 |
99 |
Thu Feb 25 12:16:27 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) |
100 |
Thu Feb 25 12:16:27 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig |
101 |
192.168.139.6 192.168.139.5' |
102 |
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: timers and/or timeouts modified |
103 |
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: --ifconfig/up options modified |
104 |
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: route options modified |
105 |
Thu Feb 25 12:16:27 2010 ROUTE default_gateway=10.0.0.1 |
106 |
Thu Feb 25 12:16:27 2010 TUN/TAP device tun0 opened |
107 |
Thu Feb 25 12:16:27 2010 TUN/TAP TX queue length set to 100 |
108 |
Thu Feb 25 12:16:27 2010 /sbin/ifconfig tun0 192.168.139.6 pointopoint 192.168.139.5 mtu 1500 |
109 |
Thu Feb 25 12:16:27 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.6 192.168.139.5 init |
110 |
Thu Feb 25 12:16:27 2010 /sbin/route add -net 192.168.139.0 netmask 255.255.255.0 gw 192.168.139.5 |
111 |
Thu Feb 25 12:16:27 2010 Initialization Sequence Completed |
112 |
|
113 |
-- |
114 |
Joseph |