Date: Sun, 26 Jul 2009 18:47:03 -0700 (PDT) From: =?iso-8859-1?Q?Leonardo_M=2E_Ram=E9?= <martinrame@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: OpenVPN Client Message-ID: <585916.59435.qm@web35604.mail.mud.yahoo.com> In-Reply-To: <4A6CEE4F.3010400@mykitchentable.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Drew!, I'll change my home network to test this.=0A=0ALeonardo.=0A= =0A--- On Sun, 7/26/09, Drew Tomlinson <drew@mykitchentable.net> wrote:=0A= =0A> From: Drew Tomlinson <drew@mykitchentable.net>=0A> Subject: Re: OpenVP= N Client=0A> To: ""Leonardo M. Ram=E9"" <martinrame@yahoo.com>=0A> Cc: free= bsd-questions@freebsd.org=0A> Date: Sunday, July 26, 2009, 9:01 PM=0A> Leon= ardo M. Ram=E9 wrote:=0A> > Well, I opted for deinstalling openvpn and inst= all=0A> openvpn-devel (2.1). Now it reads my client.ovpn file, and=0A> it s= eems to be going a little step further, now it seems to=0A> be a problem wi= th route add.=0A> >=A0=A0=A0=0A> It's not really a problem with 'route add'= .=A0 The=0A> problem is that a route=0A> for 192.168.0.0 already exists.=0A= > > I have to mention that the client machine is connected=0A> to a router = using DHCP in the network 192.168.0.xxx. Can=0A> this be the problem?=0A> >= =A0=A0=A0=0A> Yes.=0A> =0A> > This is the new log:=0A> >=0A> > Sat Jul 25 1= 6:20:10 2009 OpenVPN 2.1_rc18=0A> i386-portbld-freebsd7.2 [SSL] [LZO2] [PKC= S11] built on Jul=0A> 25 2009=0A> > Sat Jul 25 16:20:13 2009 NOTE: OpenVPN = 2.1 requires=0A> '--script-security 2' or higher to call user-defined scrip= ts=0A> or executables=0A> > Sat Jul 25 16:20:13 2009 Control Channel=0A> Au= thentication: tls-auth using INLINE static key file=0A> > Sat Jul 25 16:20:= 13 2009 Outgoing Control Channel=0A> Authentication: Using 160 bit message = hash 'SHA1' for HMAC=0A> authentication=0A> > Sat Jul 25 16:20:13 2009 Inco= ming Control Channel=0A> Authentication: Using 160 bit message hash 'SHA1' = for HMAC=0A> authentication=0A> > Sat Jul 25 16:20:13 2009 LZO compression = initialized=0A> > Sat Jul 25 16:20:13 2009 Control Channel MTU parms [=0A> = L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]=0A> > Sat Jul 25 16:20:13 2009 Data Cha= nnel MTU parms [=0A> L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]=0A> > Sa= t Jul 25 16:20:13 2009 Local Options hash (VER=3DV4):=0A> 'ee93268d'=0A> > = Sat Jul 25 16:20:13 2009 Expected Remote Options hash=0A> (VER=3DV4): 'bd57= 7cd1'=0A> > Sat Jul 25 16:20:13 2009 Attempting to establish TCP=0A> connec= tion with 200.80.219.194:443 [nonblock]=0A> > Sat Jul 25 16:20:14 2009 TCP = connection established=0A> with 200.80.219.194:443=0A> > Sat Jul 25 16:20:1= 4 2009 Socket Buffers:=0A> R=3D[66608->65536] S=3D[33304->65536]=0A> > Sat = Jul 25 16:20:14 2009 TCPv4_CLIENT link local:=0A> [undef]=0A> > Sat Jul 25 = 16:20:14 2009 TCPv4_CLIENT link remote:=0A> 200.80.219.194:443=0A> > Sat Ju= l 25 16:20:14 2009 TLS: Initial packet from=0A> 200.80.219.194:443, sid=3Df= 4722bb3 aafe8f23=0A> > Sat Jul 25 16:20:14 2009 WARNING: this configuration= =0A> may cache passwords in memory -- use the auth-nocache option=0A> to pr= event this=0A> > Sat Jul 25 16:20:15 2009 VERIFY OK: depth=3D1,=0A> /CN=3DO= penVPN_CA=0A> > Sat Jul 25 16:20:15 2009 VERIFY OK: nsCertType=3DSERVER=0A>= > Sat Jul 25 16:20:15 2009 VERIFY OK: depth=3D0,=0A> /CN=3DOpenVPN_Server= =0A> > Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Cipher=0A> 'BF-CBC' i= nitialized with 128 bit key=0A> > Sat Jul 25 16:20:15 2009 Data Channel Enc= rypt: Using=0A> 160 bit message hash 'SHA1' for HMAC authentication=0A> > S= at Jul 25 16:20:15 2009 Data Channel Decrypt: Cipher=0A> 'BF-CBC' initializ= ed with 128 bit key=0A> > Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Us= ing=0A> 160 bit message hash 'SHA1' for HMAC authentication=0A> > Sat Jul 2= 5 16:20:15 2009 Control Channel: TLSv1,=0A> cipher TLSv1/SSLv3 DHE-RSA-AES2= 56-SHA, 1024 bit RSA=0A> > Sat Jul 25 16:20:15 2009 [OpenVPN_Server] Peer= =0A> Connection Initiated with 200.80.219.194:443=0A> > Sat Jul 25 16:20:16= 2009 SENT CONTROL=0A> [OpenVPN_Server]: 'PUSH_REQUEST' (status=3D1)=0A> > = Sat Jul 25 16:20:16 2009 PUSH: Received control=0A> message: 'PUSH_REPLY,ro= ute-delay 5=0A> 30,dhcp-pre-release,dhcp-renew,dhcp-release,redirect-privat= e=0A> local,redirect-private bypass-dhcp,redirect-private=0A> bypass-dns,ro= ute-metric 101,route 192.168.0.0=0A> 255.255.255.0,route-gateway 172.16.0.1= ,topology subnet,ping=0A> 8,ping-restart 90,socket-flags TCP_NODELAY,ifconf= ig=0A> 172.16.0.2 255.255.0.0'=0A> > Sat Jul 25 16:20:16 2009 Options error= : Unrecognized=0A> option or missing parameter(s) in [PUSH-OPTIONS]:2:=0A> = dhcp-pre-release (2.1_rc18)=0A> > Sat Jul 25 16:20:16 2009 Options error: U= nrecognized=0A> option or missing parameter(s) in [PUSH-OPTIONS]:3:=0A> dhc= p-renew (2.1_rc18)=0A> > Sat Jul 25 16:20:16 2009 Options error: Unrecogniz= ed=0A> option or missing parameter(s) in [PUSH-OPTIONS]:4:=0A> dhcp-release= (2.1_rc18)=0A> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: timers and/or=0A= > timeouts modified=0A> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT:=0A> --so= cket-flags option modified=0A> > Sat Jul 25 16:20:16 2009 NOTE: setsockopt= =0A> TCP_NODELAY=3D1 failed (No kernel support)=0A> > Sat Jul 25 16:20:16 2= 009 OPTIONS IMPORT: --ifconfig/up=0A> options modified=0A> > Sat Jul 25 16:= 20:16 2009 OPTIONS IMPORT: route options=0A> modified=0A> > Sat Jul 25 16:2= 0:16 2009 OPTIONS IMPORT: route-related=0A> options modified=0A> > Sat Jul = 25 16:20:16 2009 ROUTE=0A> default_gateway=3D192.168.0.1=0A> > Sat Jul 25 1= 6:20:16 2009 TUN/TAP device /dev/tun0=0A> opened=0A> > Sat Jul 25 16:20:16 = 2009 /sbin/ifconfig tun0=0A> 172.16.0.2 172.16.0.2 netmask 255.255.0.0 mtu = 1500 up=0A> > Sat Jul 25 16:20:16 2009 /sbin/route add -net=0A> 172.16.0.0 = 172.16.0.2 255.255.0.0=0A> > add net 172.16.0.0: gateway 172.16.0.2=0A> > S= at Jul 25 16:20:21 2009 WARNING: potential route=0A> subnet conflict betwee= n local LAN=0A> [192.168.0.0/255.255.255.0] and remote VPN=0A> [192.168.0.0= /255.255.255.0]=0A> >=A0=A0=A0=0A> =0A> You can't use the same address spac= e for multiple=0A> networks.=A0 In other=0A> words, you can't use 192.168.0= .0/24 for both the VPN and=0A> your internal=0A> network unless you are bri= dging the two (i.e., making it=0A> one network).=0A> =0A> So the simple ans= wer is to change the client machine's=0A> network to=0A> something other th= an 192.168.0.0/24 if you can.=A0=0A> Otherwise you're either=0A> going to h= ave to work out bridging or subnetting both sides=0A> which will=0A> get co= mplicated in a hurry.=0A> =0A> Cheers,=0A> =0A> Drew=0A> =0A> =0A> > Sat Ju= l 25 16:20:21 2009 /sbin/route add -net=0A> 192.168.0.0 172.16.0.1 255.255.= 255.0=0A> > route: writing to routing socket: File exists=0A> > add net 192= .168.0.0: gateway 172.16.0.1: route already=0A> in table=0A> > Sat Jul 25 1= 6:20:21 2009 ERROR: FreeBSD route add=0A> command failed: external program = exited with error status:=0A> 1=0A> > Sat Jul 25 16:20:21 2009 Initializati= on Sequence=0A> Completed=0A> > Sat Jul 25 16:20:30 2009 event_wait : Inter= rupted=0A> system call (code=3D4)=0A> > Sat Jul 25 16:20:30 2009 TCP/UDP: C= losing socket=0A> > Sat Jul 25 16:20:30 2009 Closing TUN/TAP interface=0A> = > Sat Jul 25 16:20:30 2009 SIGINT[hard,] received,=0A> process exiting=0A> = >=A0=A0=A0=0A> =0A> =0A> -- =0A> Be a Great Magician!=0A> Visit The Alchemi= st's Warehouse=0A> =0A> http://www.alchemistswarehouse.com=0A>; =0A> =0A=0A= =0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?585916.59435.qm>