Date: Sat, 25 Jul 2009 12:31:30 -0700 (PDT) From: =?iso-8859-1?Q?Leonardo_M=2E_Ram=E9?= <martinrame@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: OpenVPN Client Message-ID: <442069.450.qm@web35607.mail.mud.yahoo.com> In-Reply-To: <d36406630907250956h455339c7u395efc3054d22bce@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, I opted for deinstalling openvpn and install openvpn-devel (2.1). Now= it reads my client.ovpn file, and it seems to be going a little step furth= er, now it seems to be a problem with route add.=0A=0AI have to mention tha= t the client machine is connected to a router using DHCP in the network 192= .168.0.xxx. Can this be the problem?=0A=0AThis is the new log:=0A=0ASat Jul= 25 16:20:10 2009 OpenVPN 2.1_rc18 i386-portbld-freebsd7.2 [SSL] [LZO2] [PK= CS11] built on Jul 25 2009=0ASat Jul 25 16:20:13 2009 NOTE: OpenVPN 2.1 req= uires '--script-security 2' or higher to call user-defined scripts or execu= tables=0ASat Jul 25 16:20:13 2009 Control Channel Authentication: tls-auth = using INLINE static key file=0ASat Jul 25 16:20:13 2009 Outgoing Control Ch= annel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentica= tion=0ASat Jul 25 16:20:13 2009 Incoming Control Channel Authentication: Us= ing 160 bit message hash 'SHA1' for HMAC authentication=0ASat Jul 25 16:20:= 13 2009 LZO compression initialized=0ASat Jul 25 16:20:13 2009 Control Chan= nel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]=0ASat Jul 25 16:20:13 2= 009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]= =0ASat Jul 25 16:20:13 2009 Local Options hash (VER=3DV4): 'ee93268d'=0ASat= Jul 25 16:20:13 2009 Expected Remote Options hash (VER=3DV4): 'bd577cd1'= =0ASat Jul 25 16:20:13 2009 Attempting to establish TCP connection with 200= .80.219.194:443 [nonblock]=0ASat Jul 25 16:20:14 2009 TCP connection establ= ished with 200.80.219.194:443=0ASat Jul 25 16:20:14 2009 Socket Buffers: R= =3D[66608->65536] S=3D[33304->65536]=0ASat Jul 25 16:20:14 2009 TCPv4_CLIEN= T link local: [undef]=0ASat Jul 25 16:20:14 2009 TCPv4_CLIENT link remote: = 200.80.219.194:443=0ASat Jul 25 16:20:14 2009 TLS: Initial packet from 200.= 80.219.194:443, sid=3Df4722bb3 aafe8f23=0ASat Jul 25 16:20:14 2009 WARNING:= this configuration may cache passwords in memory -- use the auth-nocache o= ption to prevent this=0ASat Jul 25 16:20:15 2009 VERIFY OK: depth=3D1, /CN= =3DOpenVPN_CA=0ASat Jul 25 16:20:15 2009 VERIFY OK: nsCertType=3DSERVER=0AS= at Jul 25 16:20:15 2009 VERIFY OK: depth=3D0, /CN=3DOpenVPN_Server=0ASat Ju= l 25 16:20:15 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 1= 28 bit key=0ASat Jul 25 16:20:15 2009 Data Channel Encrypt: Using 160 bit m= essage hash 'SHA1' for HMAC authentication=0ASat Jul 25 16:20:15 2009 Data = Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key=0ASat Jul 25 = 16:20:15 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for H= MAC authentication=0ASat Jul 25 16:20:15 2009 Control Channel: TLSv1, ciphe= r TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA=0ASat Jul 25 16:20:15 2009 [= OpenVPN_Server] Peer Connection Initiated with 200.80.219.194:443=0ASat Jul= 25 16:20:16 2009 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=3D1= )=0ASat Jul 25 16:20:16 2009 PUSH: Received control message: 'PUSH_REPLY,ro= ute-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,redirect-private lo= cal,redirect-private bypass-dhcp,redirect-private bypass-dns,route-metric 1= 01,route 192.168.0.0 255.255.255.0,route-gateway 172.16.0.1,topology subnet= ,ping 8,ping-restart 90,socket-flags TCP_NODELAY,ifconfig 172.16.0.2 255.25= 5.0.0'=0ASat Jul 25 16:20:16 2009 Options error: Unrecognized option or mis= sing parameter(s) in [PUSH-OPTIONS]:2: dhcp-pre-release (2.1_rc18)=0ASat Ju= l 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(= s) in [PUSH-OPTIONS]:3: dhcp-renew (2.1_rc18)=0ASat Jul 25 16:20:16 2009 Op= tions error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:= 4: dhcp-release (2.1_rc18)=0ASat Jul 25 16:20:16 2009 OPTIONS IMPORT: timer= s and/or timeouts modified=0ASat Jul 25 16:20:16 2009 OPTIONS IMPORT: --soc= ket-flags option modified=0ASat Jul 25 16:20:16 2009 NOTE: setsockopt TCP_N= ODELAY=3D1 failed (No kernel support)=0ASat Jul 25 16:20:16 2009 OPTIONS IM= PORT: --ifconfig/up options modified=0ASat Jul 25 16:20:16 2009 OPTIONS IMP= ORT: route options modified=0ASat Jul 25 16:20:16 2009 OPTIONS IMPORT: rout= e-related options modified=0ASat Jul 25 16:20:16 2009 ROUTE default_gateway= =3D192.168.0.1=0ASat Jul 25 16:20:16 2009 TUN/TAP device /dev/tun0 opened= =0ASat Jul 25 16:20:16 2009 /sbin/ifconfig tun0 172.16.0.2 172.16.0.2 netma= sk 255.255.0.0 mtu 1500 up=0ASat Jul 25 16:20:16 2009 /sbin/route add -net = 172.16.0.0 172.16.0.2 255.255.0.0=0Aadd net 172.16.0.0: gateway 172.16.0.2= =0ASat Jul 25 16:20:21 2009 WARNING: potential route subnet conflict betwee= n local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255= .255.0]=0ASat Jul 25 16:20:21 2009 /sbin/route add -net 192.168.0.0 172.16.= 0.1 255.255.255.0=0Aroute: writing to routing socket: File exists=0Aadd net= 192.168.0.0: gateway 172.16.0.1: route already in table=0ASat Jul 25 16:20= :21 2009 ERROR: FreeBSD route add command failed: external program exited w= ith error status: 1=0ASat Jul 25 16:20:21 2009 Initialization Sequence Comp= leted=0ASat Jul 25 16:20:30 2009 event_wait : Interrupted system call (code= =3D4)=0ASat Jul 25 16:20:30 2009 TCP/UDP: Closing socket=0ASat Jul 25 16:20= :30 2009 Closing TUN/TAP interface=0ASat Jul 25 16:20:30 2009 SIGINT[hard,]= received, process exiting=0A=0A=0A=0ALeonardo M. Ram=E9=0Ahttp://leonardor= ame.blogspot.com=0A=0A=0A--- On Sat, 7/25/09, chris scott <kraduk@googlemai= l.com> wrote:=0A=0A> From: chris scott <kraduk@googlemail.com>=0A> Subject:= Re: OpenVPN Client=0A> To: "Leonardo M. Ram=E9" <martinrame@yahoo.com>=0A>= Cc: freebsd-questions@freebsd.org=0A> Date: Saturday, July 25, 2009, 1:56 = PM=0A> 2009/7/25 Leonardo M. Ram=E9 <martinrame@yahoo.com>=0A> =0A> >=0A> >= Hi, I'm trying to connect to an OpenVPN server in my=0A> office. To do thi= s, I=0A> > installed "OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL]=0A> [LZO]= " from ports,=0A> > and looking at different tutorials I found it needs a= =0A> config file in=0A> > /usr/local/etc/openvpn/openvpn.conf. The problem = here,=0A> is that our server=0A> > provides an "client.ovpn" file containin= g all the=0A> connection params needed=0A> > by a client, in fact, we conne= ct windows machines just=0A> by installing=0A> > "OpenVPN_Installer.exe", i= t configures a TAP device=0A> and a client that reads=0A> > the client.ovpn= file.=0A> >=0A> > Now, in my FreeBSD 7.2 i386 machine, I did this:=0A> >= =0A> > Created the /usr/local/etc/openvpn/openvpn.conf (the=0A> port doesn'= t created=0A> > it automatically) with this content:=0A> >=0A> > remote 200= .80.219.194.static.techtelnet.net=0A> > client=0A> > proto tcp=0A> > port 4= 43=0A> > dev tun=0A> > ns-cert-type server=0A> > auth-user-pass=0A> > auth-= retry interact=0A> > comp-lzo=0A> > user nobody=0A> > group nobody=0A> > ve= rb 3=0A> > ca /usr/local/etc/openvpn/keys/ca.key=0A> > cert /usr/local/etc/= openvpn/keys/cert.key=0A> > key /usr/local/etc/openvpn/keys/key.key=0A> >= =0A> > This contents are extracted from client.ovpn, and=0A> "ca", "cert" a= nd "key"=0A> > files were extracted from the same file.=0A> >=0A> > I kldlo= ad tun, but when I do ifconfig, it doesn't=0A> shows nothing related to=0A>= > tun or tap.=0A> >=0A> > Also, when I do "openvpn=0A> /usr/local/etc/open= vpn/openvpn.conf" the results=0A> > are this:=0A> >=0A> > Sat Jul 25 11:24:= 09 2009 OpenVPN 2.0.6=0A> i386-portbld-freebsd7.2 [SSL] [LZO]=0A> > built o= n Jul 24 2009=0A> > Enter Auth Username:nico=0A> > Enter Auth Password:****= =0A> > Sat Jul 25 11:24:13 2009 WARNING: you are using=0A> user/group/chroo= t without=0A> > persist-key/persist-tun -- this may cause restarts to=0A> f= ail=0A> > Sat Jul 25 11:24:13 2009 WARNING: file=0A> > '/usr/local/etc/open= vpn/keys/key.key' is group or=0A> others accessible=0A> > Sat Jul 25 11:24:= 13 2009 LZO compression initialized=0A> > Sat Jul 25 11:24:13 2009 Control = Channel MTU parms [=0A> L:1544 D:140 EF:40=0A> > EB:0 ET:0 EL:0 ]=0A> > Sat= Jul 25 11:24:13 2009 Data Channel MTU parms [=0A> L:1544 D:1450 EF:44=0A> = > EB:135 ET:0 EL:0 AF:3/1 ]=0A> > Sat Jul 25 11:24:13 2009 Local Options ha= sh (VER=3DV4):=0A> '69109d17'=0A> > Sat Jul 25 11:24:13 2009 Expected Remot= e Options hash=0A> (VER=3DV4): 'c0103fa8'=0A> > Sat Jul 25 11:24:13 2009 NO= TE: UID/GID downgrade will=0A> be delayed because of=0A> > --client, --pull= , or --up-delay=0A> > Sat Jul 25 11:24:13 2009 Attempting to establish TCP= =0A> connection with=0A> > 200.80.219.194:443=0A> > Sat Jul 25 11:24:13 200= 9 TCP connection established=0A> with=0A> > 200.80.219.194:443=0A> > Sat Ju= l 25 11:24:13 2009 TCPv4_CLIENT link local:=0A> [undef]=0A> > Sat Jul 25 11= :24:13 2009 TCPv4_CLIENT link remote:=0A> 200.80.219.194:443=0A> > Sat Jul = 25 11:24:13 2009 Connection reset, restarting=0A> [0]=0A> > Sat Jul 25 11:2= 4:13 2009 TCP/UDP: Closing socket=0A> > Sat Jul 25 11:24:13 2009=0A> SIGUSR= 1[soft,connection-reset] received, process=0A> > restarting=0A> > Sat Jul 2= 5 11:24:13 2009 Restart pause, 5 second(s)=0A> >=0A> > In my /etc/rc.conf I= have openvpn_if=3D"tun", I don't=0A> load the tun nor tap=0A> > interface = at boot, I just want to load it with=0A> kldload.=0A> >=0A> > uname -a:=0A>= > FreeBSD inspiron.local 7.2-RELEASE FreeBSD 7.2-RELEASE=0A> #0: Fri May= =A0 1=0A> > 08:49:13 UTC 2009=A0 =A0=A0=A0root@walker.cse.buffalo.edu:/usr/= obj/usr/src/sys/GENERIC=0A> >=A0 i386=0A> >=0A> > ifconfig:=0A> > ndis0:=0A= > flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>=0A> metric 0 mtu 150= 0=0A> >=A0 =A0 =A0 =A0 ether 00:23:4d:64:d6:7a=0A> >=A0 =A0 =A0 =A0 inet 19= 2.168.0.100 netmask=0A> 0xffffff00 broadcast 192.168.0.255=0A> >=A0 =A0 =A0= =A0 media: IEEE 802.11 Wireless=0A> Ethernet autoselect=0A> >=A0 =A0 =A0 = =A0 status: associated=0A> >=A0 =A0 =A0 =A0 ssid "" channel 1 (2412 Mhz=0A>= 11b)=0A> >=A0 =A0 =A0 =A0 authmode OPEN privacy OFF=0A> bmiss 7 scanvalid = 60 roaming MANUAL=0A> >=A0 =A0 =A0 =A0 bintval 0=0A> > fwe0: flags=3D8802<B= ROADCAST,SIMPLEX,MULTICAST>=0A> metric 0 mtu 1500=0A> >=A0 =A0 =A0 =A0 opti= ons=3D8<VLAN_MTU>=0A> >=A0 =A0 =A0 =A0 ether 32:4f:c0:e1:55:e1=0A> >=A0 =A0= =A0 =A0 ch 1 dma -1=0A> > fwip0: flags=3D8802<BROADCAST,SIMPLEX,MULTICAST>= =0A> metric 0 mtu 1500=0A> >=A0 =A0 =A0 =A0 lladdr=0A> 33.4f.c0.0.26.e1.55.= e1.a.2.ff.fe.0.0.0.0=0A> > lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST>= =0A> metric 0 mtu 16384=0A> >=A0 =A0 =A0 =A0 inet6 fe80::1%lo0 prefixlen=0A= > 64 scopeid 0x4=0A> >=A0 =A0 =A0 =A0 inet6 ::1 prefixlen 128=0A> >=A0 =A0 = =A0 =A0 inet 127.0.0.1 netmask=0A> 0xff000000=0A> >=0A> > Thanks in advance= ,=0A> > Leonardo M. Ram=E9=0A> >=0A> >=0A> >=0A> > ________________________= _______________________=0A> > freebsd-questions@freebsd.org=0A> mailing lis= t=0A> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions=0A>; > T= o unsubscribe, send any mail to "=0A> > freebsd-questions-unsubscribe@freeb= sd.org"=0A> >=0A> =0A> =0A> make sure you have the tap kernel module loaded= =0A> =0A> kldload /boot/kernel/if_tap.ko=0A> =0A> to make sure its there af= ter boot do add=0A> if_tap_load=3D"yes"=0A> to your /boot/loader.conf=0A> = =0A> When used openvpn i also added=0A> =0A> cloned_interfaces=3D"tun1"=0A>= =0A> to my rc.conf , then=A0 reinitialize the network stack=0A> by=A0 runn= ing=0A> /etc/netstart=0A> =0A> =0A> I also set the open vpn client to expli= citly use tun1=0A> _______________________________________________=0A> free= bsd-questions@freebsd.org=0A> mailing list=0A> http://lists.freebsd.org/mai= lman/listinfo/freebsd-questions=0A> To unsubscribe, send any mail to "freeb= sd-questions-unsubscribe@freebsd.org"=0A> =0A=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442069.450.qm>