1 |
On 02/25/10 21:09, Xavier Parizet wrote: |
2 |
[snip] |
3 |
>> Yes, it was a typo :-/ I corrected it: |
4 |
>> cat syscon9 |
5 |
>> ifconfig-push 192.168.139.15 255.255.255.0 |
6 |
>> |
7 |
>> but from log you can see it still didn't give me what I want, I got IP |
8 |
>> 192.168.139.6 and was asking for: 192.168.139.15 |
9 |
>> |
10 |
>> log: |
11 |
>> cat /var/log/openvpn.log |
12 |
>> [SNIP] |
13 |
> |
14 |
>Ok. After re-re-reading the man page, try to add parameter topology |
15 |
>subnet to server config. If it still don't work, then _please_ post the |
16 |
>openvpn.log of the server side. |
17 |
> |
18 |
>-- |
19 |
> Xavier Parizet |
20 |
>YaGB : http://gentooist.com |
21 |
>GPG : C7DC B10E FC21 63BE |
22 |
>B453 D239 F6E6 DF65 1569 91BF |
23 |
> |
24 |
|
25 |
I've added: topology subnet to both client and server conf but now when I try to disconnect and connect I'm getting consecutive IP's: |
26 |
192.168.139.2 |
27 |
192.168.139.3 |
28 |
192.168.139.4 |
29 |
... |
30 |
|
31 |
cat server.conf |
32 |
port 9000 |
33 |
proto udp |
34 |
dev tun |
35 |
mode server |
36 |
ca /usr/share/openvpn/easy-rsa/keys/ca.crt |
37 |
cert /usr/share/openvpn/easy-rsa/keys/server.crt |
38 |
key /usr/share/openvpn/easy-rsa/keys/server.key |
39 |
dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem |
40 |
topology subnet |
41 |
server 192.168.139.0 255.255.255.0 |
42 |
client-to-client |
43 |
ifconfig-pool-persist ipp.txt |
44 |
client-config-dir ccd |
45 |
keepalive 10 120 |
46 |
tls-auth vpn_my.key 0 |
47 |
tun-mtu 1500 |
48 |
tun-mtu-extra 32 |
49 |
mssfix 1200 |
50 |
duplicate-cn |
51 |
comp-lzo |
52 |
max-clients 100 |
53 |
persist-key |
54 |
persist-tun |
55 |
status openvpn-status.log |
56 |
log /var/log/openvpn.log |
57 |
log-append /var/log/openvpn.log |
58 |
verb 3 |
59 |
|
60 |
cat client_clinic2.conf |
61 |
client |
62 |
dev tun |
63 |
proto udp |
64 |
topology subnet |
65 |
remote 208.38.31.237 9000 |
66 |
resolv-retry infinite |
67 |
nobind |
68 |
tun-mtu 1500 |
69 |
tun-mtu-extra 32 |
70 |
mssfix 1200 |
71 |
persist-key |
72 |
persist-tun |
73 |
remote-cert-tls server |
74 |
ca "/etc/openvpn/client_clinic2/ca.crt" |
75 |
cert "/etc/openvpn/client_clinic2/syscon9.crt" |
76 |
key "/etc/openvpn/client_clinic2/syscon9.key" |
77 |
tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 |
78 |
comp-lzo |
79 |
log /var/log/openvpn.log |
80 |
log-append /var/log/openvpn.log |
81 |
verb 3 |
82 |
|
83 |
|
84 |
log file from client: |
85 |
|
86 |
cat /var/log/openvpn.log |
87 |
Thu Feb 25 13:50:30 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 |
88 |
Thu Feb 25 13:50:30 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
89 |
Thu Feb 25 13:50:30 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file |
90 |
Thu Feb 25 13:50:30 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
91 |
Thu Feb 25 13:50:30 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
92 |
Thu Feb 25 13:50:30 2010 LZO compression initialized |
93 |
Thu Feb 25 13:50:30 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] |
94 |
Thu Feb 25 13:50:30 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] |
95 |
Thu Feb 25 13:50:30 2010 Local Options hash (VER=V4): 'ec497616' |
96 |
Thu Feb 25 13:50:30 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' |
97 |
Thu Feb 25 13:50:30 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] |
98 |
Thu Feb 25 13:50:30 2010 UDPv4 link local: [undef] |
99 |
Thu Feb 25 13:50:30 2010 UDPv4 link remote: 208.38.31.237:9000 |
100 |
Thu Feb 25 13:50:30 2010 TLS: Initial packet from 208.38.31.237:9000, sid=766f3e2f 0cf96857 |
101 |
Thu Feb 25 13:50:30 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@××××××.mydomain |
102 |
Thu Feb 25 13:50:30 2010 Validating certificate key usage |
103 |
Thu Feb 25 13:50:30 2010 ++ Certificate has key usage 00a0, expects 00a0 |
104 |
Thu Feb 25 13:50:30 2010 VERIFY KU OK |
105 |
Thu Feb 25 13:50:30 2010 Validating certificate extended key usage |
106 |
Thu Feb 25 13:50:30 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication |
107 |
Thu Feb 25 13:50:30 2010 VERIFY EKU OK |
108 |
Thu Feb 25 13:50:30 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@××××××.mydomain |
109 |
Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key |
110 |
Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
111 |
Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key |
112 |
Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
113 |
Thu Feb 25 13:50:31 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA |
114 |
Thu Feb 25 13:50:31 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 |
115 |
Thu Feb 25 13:50:32 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) |
116 |
Thu Feb 25 13:50:32 2010 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig |
117 |
192.168.139.2 255.255.255.0' |
118 |
Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: timers and/or timeouts modified |
119 |
Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: --ifconfig/up options modified |
120 |
Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: route-related options modified |
121 |
Thu Feb 25 13:50:32 2010 TUN/TAP device tun0 opened |
122 |
Thu Feb 25 13:50:32 2010 TUN/TAP TX queue length set to 100 |
123 |
Thu Feb 25 13:50:32 2010 /sbin/ifconfig tun0 192.168.139.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.139.255 |
124 |
Thu Feb 25 13:50:32 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.2 255.255.255.0 init |
125 |
Thu Feb 25 13:50:32 2010 Initialization Sequence Completed |
126 |
|
127 |
|
128 |
log file from server: |
129 |
Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 [syscon9] Inactivity timeout (--ping-restart), restarting |
130 |
Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 SIGUSR1[soft,ping-restart] received, client-instance restarting |
131 |
Thu Feb 25 13:56:57 2010 MULTI: multi_create_instance called |
132 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Re-using SSL/TLS context |
133 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 LZO compression initialized |
134 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] |
135 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] |
136 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Local Options hash (VER=V4): '7cd8ed90' |
137 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Expected Remote Options hash (VER=V4): 'ec497616' |
138 |
Thu Feb 25 13:56:57 2010 68.148.245.78:55868 TLS: Initial packet from 68.148.245.78:55868, sid=57c549f4 702a73f4 |
139 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@××××××.mydomain |
140 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=syscon9/emailAddress=me@××××××.mydomain |
141 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key |
142 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
143 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key |
144 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
145 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA |
146 |
Thu Feb 25 13:56:58 2010 68.148.245.78:55868 [syscon9] Peer Connection Initiated with 68.148.245.78:55868 |
147 |
Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: Learn: 192.168.139.3 -> syscon9/68.148.245.78:55868 |
148 |
Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: primary virtual IP for syscon9/68.148.245.78:55868: 192.168.139.3 |
149 |
Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 PUSH: Received control message: 'PUSH_REQUEST' |
150 |
Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 SENT CONTROL [syscon9]: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart |
151 |
120,ifconfig 192.168.139.3 255.255.255.0' (status=1) |
152 |
Thu Feb 25 13:57:02 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) |
153 |
Thu Feb 25 13:57:12 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) |
154 |
|
155 |
Whey sever log is always showing this message: [ECONNREFUSED]: Connection refused (code=111 |
156 |
|
157 |
-- |
158 |
Joseph |