Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Joseph <syscon780@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] openvpn static ip
Date: Thu, 25 Feb 2010 20:03:27
Message-Id: 20100225192009.GA6860@syscon4.inet
In Reply to: Re: [gentoo-user] openvpn static ip by Xavier Parizet
1 On 02/25/10 18:12, Xavier Parizet wrote:
2 >Le 25/02/2010 17:51, Joseph a ??crit :
3 >> On 02/25/10 08:40, Xavier Parizet wrote:
4 >>> On 02/25/2010 02:32 AM, Joseph wrote:
5 >>>> I've configured OpenVPN and it works OK but I can not seems to figure it
6 >>>> out how to assign static IP to clients
7 >>>>
8 >>>> My server.conf port 8458
9 >>>> [SNIP]
10 >>>>
11 >>>> On client in /etc/openvpn/ccd directory I've created a file "syscon9"
12 >>>> with:
13 >>>> ifconfig-push 192.168.139.15 192.168.139.1
14 >>>
15 >>> Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ?
16 >>> man openvpn tell me the following for ifconfig-push:
17 >>> --ifconfig-push local remote-netmask
18 >>>
19 >>> so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line
20 >>> above in the ccd directory.
21 >>>
22 >>> If it doesn't work, then please post the openvpn.log of the client.
23 >>
24 >> I've tried it many time, it doesn't work with the netmaks. File: syscon9
25 >> from ccd:
26 >> cat syscon9
27 >> ifconfig-push 192.168.0.15 255.255.255.0
28 > ^^^
29 > this is wrong (or maybe a typing mistake?)
30 >
31 >If it's a typing mistake, then please post now server side log.
32
33 Yes, it was a typo :-/ I corrected it:
34 cat syscon9
35 ifconfig-push 192.168.139.15 255.255.255.0
36
37 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15
38
39 log:
40 cat /var/log/openvpn.log
41 Thu Feb 25 12:14:04 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010
42 Thu Feb 25 12:14:04 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
43 Thu Feb 25 12:14:04 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file
44 Thu Feb 25 12:14:04 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
45 Thu Feb 25 12:14:04 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
46 Thu Feb 25 12:14:04 2010 LZO compression initialized
47 Thu Feb 25 12:14:04 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
48 Thu Feb 25 12:14:04 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
49 Thu Feb 25 12:14:04 2010 Local Options hash (VER=V4): 'ec497616'
50 Thu Feb 25 12:14:04 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
51 Thu Feb 25 12:14:04 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
52 Thu Feb 25 12:14:04 2010 UDPv4 link local: [undef]
53 Thu Feb 25 12:14:04 2010 UDPv4 link remote: 208.38.31.237:9000
54 Thu Feb 25 12:15:04 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
55 Thu Feb 25 12:15:04 2010 TLS Error: TLS handshake failed
56 Thu Feb 25 12:15:04 2010 TCP/UDP: Closing socket
57 Thu Feb 25 12:15:04 2010 SIGUSR1[soft,tls-error] received, process restarting
58 Thu Feb 25 12:15:04 2010 Restart pause, 2 second(s)
59 Thu Feb 25 12:15:06 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
60 Thu Feb 25 12:15:06 2010 Re-using SSL/TLS context
61 Thu Feb 25 12:15:06 2010 LZO compression initialized
62 Thu Feb 25 12:15:06 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
63 Thu Feb 25 12:15:06 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
64 Thu Feb 25 12:15:06 2010 Local Options hash (VER=V4): 'ec497616'
65 Thu Feb 25 12:15:06 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
66 Thu Feb 25 12:15:06 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
67 Thu Feb 25 12:15:06 2010 UDPv4 link local: [undef]
68 Thu Feb 25 12:15:06 2010 UDPv4 link remote: 208.38.31.237:9000
69 Thu Feb 25 12:16:06 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
70 Thu Feb 25 12:16:06 2010 TLS Error: TLS handshake failed
71 Thu Feb 25 12:16:06 2010 TCP/UDP: Closing socket
72 Thu Feb 25 12:16:06 2010 SIGUSR1[soft,tls-error] received, process restarting
73 Thu Feb 25 12:16:06 2010 Restart pause, 2 second(s)
74 Thu Feb 25 12:16:08 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
75 Thu Feb 25 12:16:08 2010 Re-using SSL/TLS context
76 Thu Feb 25 12:16:08 2010 LZO compression initialized
77 Thu Feb 25 12:16:08 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
78 Thu Feb 25 12:16:08 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
79 Thu Feb 25 12:16:08 2010 Local Options hash (VER=V4): 'ec497616'
80 Thu Feb 25 12:16:08 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
81 Thu Feb 25 12:16:08 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
82 Thu Feb 25 12:16:08 2010 UDPv4 link local: [undef]
83 Thu Feb 25 12:16:08 2010 UDPv4 link remote: 208.38.31.237:9000
84 Thu Feb 25 12:16:25 2010 TLS: Initial packet from 208.38.31.237:9000, sid=9c654bbf 0689942b
85 Thu Feb 25 12:16:25 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@××××××.mydomain
86 Thu Feb 25 12:16:25 2010 Validating certificate key usage
87 Thu Feb 25 12:16:25 2010 ++ Certificate has key usage 00a0, expects 00a0
88 Thu Feb 25 12:16:25 2010 VERIFY KU OK
89 Thu Feb 25 12:16:25 2010 Validating certificate extended key usage
90 Thu Feb 25 12:16:25 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
91 Thu Feb 25 12:16:25 2010 VERIFY EKU OK
92 Thu Feb 25 12:16:25 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@××××××.mydomain
93 Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
94 Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
95 Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
96 Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
97 Thu Feb 25 12:16:26 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
98 Thu Feb 25 12:16:26 2010 [server] Peer Connection Initiated with 208.38.31.237:9000
99 Thu Feb 25 12:16:27 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
100 Thu Feb 25 12:16:27 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig
101 192.168.139.6 192.168.139.5'
102 Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: timers and/or timeouts modified
103 Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: --ifconfig/up options modified
104 Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: route options modified
105 Thu Feb 25 12:16:27 2010 ROUTE default_gateway=10.0.0.1
106 Thu Feb 25 12:16:27 2010 TUN/TAP device tun0 opened
107 Thu Feb 25 12:16:27 2010 TUN/TAP TX queue length set to 100
108 Thu Feb 25 12:16:27 2010 /sbin/ifconfig tun0 192.168.139.6 pointopoint 192.168.139.5 mtu 1500
109 Thu Feb 25 12:16:27 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.6 192.168.139.5 init
110 Thu Feb 25 12:16:27 2010 /sbin/route add -net 192.168.139.0 netmask 255.255.255.0 gw 192.168.139.5
111 Thu Feb 25 12:16:27 2010 Initialization Sequence Completed
112
113 --
114 Joseph

Replies

Subject Author
Re: [gentoo-user] openvpn static ip Xavier Parizet <xav@×××××××××.com>
Re: [gentoo-user] openvpn static ip Etaoin Shrdlu <shrdlu@×××××××××××××.org>
Report Message
Find on MARC Find on Google Groups