| 1 |
Le 25/02/2010 22:01, Joseph a écrit : |
| 2 |
> On 02/25/10 21:09, Xavier Parizet wrote: |
| 3 |
> [snip] |
| 4 |
>>> Yes, it was a typo :-/ I corrected it: |
| 5 |
>>> cat syscon9 |
| 6 |
>>> ifconfig-push 192.168.139.15 255.255.255.0 |
| 7 |
>>> |
| 8 |
>>> but from log you can see it still didn't give me what I want, I got IP |
| 9 |
>>> 192.168.139.6 and was asking for: 192.168.139.15 |
| 10 |
>>> |
| 11 |
>>> log: |
| 12 |
>>> cat /var/log/openvpn.log |
| 13 |
>>> [SNIP] |
| 14 |
>> |
| 15 |
>> Ok. After re-re-reading the man page, try to add parameter topology |
| 16 |
>> subnet to server config. If it still don't work, then _please_ post the |
| 17 |
>> openvpn.log of the server side. |
| 18 |
>> |
| 19 |
> |
| 20 |
> I've added: topology subnet to both client and server conf but now when |
| 21 |
> I try to disconnect and connect I'm getting consecutive IP's: |
| 22 |
> 192.168.139.2 |
| 23 |
> 192.168.139.3 |
| 24 |
> 192.168.139.4 |
| 25 |
> ... |
| 26 |
> |
| 27 |
> cat server.conf |
| 28 |
> port 9000 |
| 29 |
> proto udp |
| 30 |
> dev tun |
| 31 |
> mode server |
| 32 |
> ca /usr/share/openvpn/easy-rsa/keys/ca.crt |
| 33 |
> cert /usr/share/openvpn/easy-rsa/keys/server.crt |
| 34 |
> key /usr/share/openvpn/easy-rsa/keys/server.key |
| 35 |
> dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem |
| 36 |
> topology subnet |
| 37 |
> server 192.168.139.0 255.255.255.0 |
| 38 |
> client-to-client |
| 39 |
> ifconfig-pool-persist ipp.txt |
| 40 |
> client-config-dir ccd |
| 41 |
> keepalive 10 120 |
| 42 |
> tls-auth vpn_my.key 0 |
| 43 |
> tun-mtu 1500 |
| 44 |
> tun-mtu-extra 32 |
| 45 |
> mssfix 1200 |
| 46 |
> duplicate-cn |
| 47 |
> comp-lzo |
| 48 |
> max-clients 100 |
| 49 |
> persist-key |
| 50 |
> persist-tun |
| 51 |
> status openvpn-status.log |
| 52 |
> log /var/log/openvpn.log |
| 53 |
> log-append /var/log/openvpn.log |
| 54 |
> verb 3 |
| 55 |
> |
| 56 |
> cat client_clinic2.conf |
| 57 |
> client |
| 58 |
> dev tun |
| 59 |
> proto udp |
| 60 |
> topology subnet |
| 61 |
> remote 208.38.31.237 9000 |
| 62 |
> resolv-retry infinite |
| 63 |
> nobind |
| 64 |
^^^^^^ |
| 65 |
you should remove this line to avoid connection refused messages from |
| 66 |
the server. As you are in udp, client should bind on udp source port to |
| 67 |
get messages from the server. |
| 68 |
|
| 69 |
> tun-mtu 1500 |
| 70 |
> tun-mtu-extra 32 |
| 71 |
> mssfix 1200 |
| 72 |
> persist-key |
| 73 |
> persist-tun |
| 74 |
> remote-cert-tls server |
| 75 |
> ca "/etc/openvpn/client_clinic2/ca.crt" |
| 76 |
> cert "/etc/openvpn/client_clinic2/syscon9.crt" |
| 77 |
> key "/etc/openvpn/client_clinic2/syscon9.key" |
| 78 |
> tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 |
| 79 |
> comp-lzo |
| 80 |
> log /var/log/openvpn.log |
| 81 |
> log-append /var/log/openvpn.log |
| 82 |
> verb 3 |
| 83 |
> |
| 84 |
> |
| 85 |
> log file from client: |
| 86 |
> |
| 87 |
> cat /var/log/openvpn.log |
| 88 |
> [SNIP] |
| 89 |
> |
| 90 |
> Whey sever log is always showing this message: [ECONNREFUSED]: |
| 91 |
> Connection refused (code=111 |
| 92 |
|
| 93 |
From what i can see, please try to add full path to the ccd directory in |
| 94 |
client-config-dir directive on the server path. Also check permissions |
| 95 |
on that directory. On which user are you running openvpn on the server ? |
| 96 |
On the client ? |
| 97 |
|
| 98 |
Can you increase verbosity and see if there is no open fails on the |
| 99 |
server ? If it works, you should have the following line in server logs: |
| 100 |
OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 |
| 101 |
MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source] |
| 102 |
|
| 103 |
-- |
| 104 |
Xavier Parizet |
| 105 |
YaGB : http://gentooist.com |
| 106 |
GPG : C7DC B10E FC21 63BE |
| 107 |
B453 D239 F6E6 DF65 1569 91BF |
Archives