1 |
Le 25/02/2010 22:01, Joseph a écrit : |
2 |
> On 02/25/10 21:09, Xavier Parizet wrote: |
3 |
> [snip] |
4 |
>>> Yes, it was a typo :-/ I corrected it: |
5 |
>>> cat syscon9 |
6 |
>>> ifconfig-push 192.168.139.15 255.255.255.0 |
7 |
>>> |
8 |
>>> but from log you can see it still didn't give me what I want, I got IP |
9 |
>>> 192.168.139.6 and was asking for: 192.168.139.15 |
10 |
>>> |
11 |
>>> log: |
12 |
>>> cat /var/log/openvpn.log |
13 |
>>> [SNIP] |
14 |
>> |
15 |
>> Ok. After re-re-reading the man page, try to add parameter topology |
16 |
>> subnet to server config. If it still don't work, then _please_ post the |
17 |
>> openvpn.log of the server side. |
18 |
>> |
19 |
> |
20 |
> I've added: topology subnet to both client and server conf but now when |
21 |
> I try to disconnect and connect I'm getting consecutive IP's: |
22 |
> 192.168.139.2 |
23 |
> 192.168.139.3 |
24 |
> 192.168.139.4 |
25 |
> ... |
26 |
> |
27 |
> cat server.conf |
28 |
> port 9000 |
29 |
> proto udp |
30 |
> dev tun |
31 |
> mode server |
32 |
> ca /usr/share/openvpn/easy-rsa/keys/ca.crt |
33 |
> cert /usr/share/openvpn/easy-rsa/keys/server.crt |
34 |
> key /usr/share/openvpn/easy-rsa/keys/server.key |
35 |
> dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem |
36 |
> topology subnet |
37 |
> server 192.168.139.0 255.255.255.0 |
38 |
> client-to-client |
39 |
> ifconfig-pool-persist ipp.txt |
40 |
> client-config-dir ccd |
41 |
> keepalive 10 120 |
42 |
> tls-auth vpn_my.key 0 |
43 |
> tun-mtu 1500 |
44 |
> tun-mtu-extra 32 |
45 |
> mssfix 1200 |
46 |
> duplicate-cn |
47 |
> comp-lzo |
48 |
> max-clients 100 |
49 |
> persist-key |
50 |
> persist-tun |
51 |
> status openvpn-status.log |
52 |
> log /var/log/openvpn.log |
53 |
> log-append /var/log/openvpn.log |
54 |
> verb 3 |
55 |
> |
56 |
> cat client_clinic2.conf |
57 |
> client |
58 |
> dev tun |
59 |
> proto udp |
60 |
> topology subnet |
61 |
> remote 208.38.31.237 9000 |
62 |
> resolv-retry infinite |
63 |
> nobind |
64 |
^^^^^^ |
65 |
you should remove this line to avoid connection refused messages from |
66 |
the server. As you are in udp, client should bind on udp source port to |
67 |
get messages from the server. |
68 |
|
69 |
> tun-mtu 1500 |
70 |
> tun-mtu-extra 32 |
71 |
> mssfix 1200 |
72 |
> persist-key |
73 |
> persist-tun |
74 |
> remote-cert-tls server |
75 |
> ca "/etc/openvpn/client_clinic2/ca.crt" |
76 |
> cert "/etc/openvpn/client_clinic2/syscon9.crt" |
77 |
> key "/etc/openvpn/client_clinic2/syscon9.key" |
78 |
> tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 |
79 |
> comp-lzo |
80 |
> log /var/log/openvpn.log |
81 |
> log-append /var/log/openvpn.log |
82 |
> verb 3 |
83 |
> |
84 |
> |
85 |
> log file from client: |
86 |
> |
87 |
> cat /var/log/openvpn.log |
88 |
> [SNIP] |
89 |
> |
90 |
> Whey sever log is always showing this message: [ECONNREFUSED]: |
91 |
> Connection refused (code=111 |
92 |
|
93 |
From what i can see, please try to add full path to the ccd directory in |
94 |
client-config-dir directive on the server path. Also check permissions |
95 |
on that directory. On which user are you running openvpn on the server ? |
96 |
On the client ? |
97 |
|
98 |
Can you increase verbosity and see if there is no open fails on the |
99 |
server ? If it works, you should have the following line in server logs: |
100 |
OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 |
101 |
MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source] |
102 |
|
103 |
-- |
104 |
Xavier Parizet |
105 |
YaGB : http://gentooist.com |
106 |
GPG : C7DC B10E FC21 63BE |
107 |
B453 D239 F6E6 DF65 1569 91BF |