Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Jul 2009 17:01:19 -0700
From:      Drew Tomlinson <drew@mykitchentable.net>
To:        =?ISO-8859-1?Q?=22Leonardo_M=2E_Ram=E9=22?= <martinrame@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: OpenVPN Client
Message-ID:  <4A6CEE4F.3010400@mykitchentable.net>
In-Reply-To: <442069.450.qm@web35607.mail.mud.yahoo.com>
References:  <442069.450.qm@web35607.mail.mud.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Leonardo M. Ramé wrote:
> Well, I opted for deinstalling openvpn and install openvpn-devel (2.1). Now it reads my client.ovpn file, and it seems to be going a little step further, now it seems to be a problem with route add.
>   
It's not really a problem with 'route add'.  The problem is that a route
for 192.168.0.0 already exists.
> I have to mention that the client machine is connected to a router using DHCP in the network 192.168.0.xxx. Can this be the problem?
>   
Yes.

> This is the new log:
>
> Sat Jul 25 16:20:10 2009 OpenVPN 2.1_rc18 i386-portbld-freebsd7.2 [SSL] [LZO2] [PKCS11] built on Jul 25 2009
> Sat Jul 25 16:20:13 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
> Sat Jul 25 16:20:13 2009 Control Channel Authentication: tls-auth using INLINE static key file
> Sat Jul 25 16:20:13 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
> Sat Jul 25 16:20:13 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
> Sat Jul 25 16:20:13 2009 LZO compression initialized
> Sat Jul 25 16:20:13 2009 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
> Sat Jul 25 16:20:13 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
> Sat Jul 25 16:20:13 2009 Local Options hash (VER=V4): 'ee93268d'
> Sat Jul 25 16:20:13 2009 Expected Remote Options hash (VER=V4): 'bd577cd1'
> Sat Jul 25 16:20:13 2009 Attempting to establish TCP connection with 200.80.219.194:443 [nonblock]
> Sat Jul 25 16:20:14 2009 TCP connection established with 200.80.219.194:443
> Sat Jul 25 16:20:14 2009 Socket Buffers: R=[66608->65536] S=[33304->65536]
> Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link local: [undef]
> Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link remote: 200.80.219.194:443
> Sat Jul 25 16:20:14 2009 TLS: Initial packet from 200.80.219.194:443, sid=f4722bb3 aafe8f23
> Sat Jul 25 16:20:14 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
> Sat Jul 25 16:20:15 2009 VERIFY OK: depth=1, /CN=OpenVPN_CA
> Sat Jul 25 16:20:15 2009 VERIFY OK: nsCertType=SERVER
> Sat Jul 25 16:20:15 2009 VERIFY OK: depth=0, /CN=OpenVPN_Server
> Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Sat Jul 25 16:20:15 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Sat Jul 25 16:20:15 2009 [OpenVPN_Server] Peer Connection Initiated with 200.80.219.194:443
> Sat Jul 25 16:20:16 2009 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
> Sat Jul 25 16:20:16 2009 PUSH: Received control message: 'PUSH_REPLY,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,redirect-private local,redirect-private bypass-dhcp,redirect-private bypass-dns,route-metric 101,route 192.168.0.0 255.255.255.0,route-gateway 172.16.0.1,topology subnet,ping 8,ping-restart 90,socket-flags TCP_NODELAY,ifconfig 172.16.0.2 255.255.0.0'
> Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: dhcp-pre-release (2.1_rc18)
> Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: dhcp-renew (2.1_rc18)
> Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-release (2.1_rc18)
> Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: timers and/or timeouts modified
> Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --socket-flags option modified
> Sat Jul 25 16:20:16 2009 NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)
> Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --ifconfig/up options modified
> Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route options modified
> Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route-related options modified
> Sat Jul 25 16:20:16 2009 ROUTE default_gateway=192.168.0.1
> Sat Jul 25 16:20:16 2009 TUN/TAP device /dev/tun0 opened
> Sat Jul 25 16:20:16 2009 /sbin/ifconfig tun0 172.16.0.2 172.16.0.2 netmask 255.255.0.0 mtu 1500 up
> Sat Jul 25 16:20:16 2009 /sbin/route add -net 172.16.0.0 172.16.0.2 255.255.0.0
> add net 172.16.0.0: gateway 172.16.0.2
> Sat Jul 25 16:20:21 2009 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
>   

You can't use the same address space for multiple networks.  In other
words, you can't use 192.168.0.0/24 for both the VPN and your internal
network unless you are bridging the two (i.e., making it one network).

So the simple answer is to change the client machine's network to
something other than 192.168.0.0/24 if you can.  Otherwise you're either
going to have to work out bridging or subnetting both sides which will
get complicated in a hurry.

Cheers,

Drew


> Sat Jul 25 16:20:21 2009 /sbin/route add -net 192.168.0.0 172.16.0.1 255.255.255.0
> route: writing to routing socket: File exists
> add net 192.168.0.0: gateway 172.16.0.1: route already in table
> Sat Jul 25 16:20:21 2009 ERROR: FreeBSD route add command failed: external program exited with error status: 1
> Sat Jul 25 16:20:21 2009 Initialization Sequence Completed
> Sat Jul 25 16:20:30 2009 event_wait : Interrupted system call (code=4)
> Sat Jul 25 16:20:30 2009 TCP/UDP: Closing socket
> Sat Jul 25 16:20:30 2009 Closing TUN/TAP interface
> Sat Jul 25 16:20:30 2009 SIGINT[hard,] received, process exiting
>   


-- 
Be a Great Magician!
Visit The Alchemist's Warehouse

http://www.alchemistswarehouse.com




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6CEE4F.3010400>