From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Nkh7b-0004A2-18 for garchives@archives.gentoo.org; Thu, 25 Feb 2010 17:03:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 56781E0CD9 for ; Thu, 25 Feb 2010 17:03:30 +0000 (UTC) Received: from mail.shawcable.com (shawmail.shawcable.com [64.59.128.220]) by pigeon.gentoo.org (Postfix) with ESMTP id 1E9A0E0A8B for ; Thu, 25 Feb 2010 16:51:04 +0000 (UTC) Received: from bpd2mi5no-svcs.prod.shawcable.com ([10.0.184.160]) by bpd2mo1no-ssvc.prod.shawcable.com with ESMTP; 25 Feb 2010 09:51:03 -0700 X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.0 c=1 a=tiDpqCBa0E0A:10 a=dgx804EzjhD8CRYpIFkhZA==:17 a=3DiE6RbYDRlSh-Md9_UA:9 a=JfnXIn7xlUa-FPZ739cA:7 a=EmJnOTPePYZZQo_gVCeuiNN1-i0A:4 X-IronPort-AV: E=Sophos;i="4.49,540,1262588400"; d="scan'208";a="127190905" Received: from unknown (HELO bpd2mi5no-cmts.prod.shawcable.com) ([192.168.183.160]) by bpd2mi5no-cmts.prod.shawcable.com with ESMTP; 25 Feb 2010 09:51:03 -0700 X-reinject: true Received: from unknown (HELO syscon4.localdomain) ([68.148.245.78]) by bpd2mi5no-dmz.prod.shawcable.com with ESMTP; 25 Feb 2010 09:51:03 -0700 Received: by syscon4.localdomain (Postfix, from userid 1000) id 308ECC3A1B; Thu, 25 Feb 2010 09:51:05 -0700 (MST) Date: Thu, 25 Feb 2010 09:51:05 -0700 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] openvpn static ip Message-ID: <20100225165105.GA25777@syscon4.inet> References: <20100225013240.GB5865@syscon4.inet> <4B86298B.50601@gentooist.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: <4B86298B.50601@gentooist.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Archives-Salt: 7a2b86cf-e01f-47cf-a1e0-d584d762d0d8 X-Archives-Hash: 833a8828f4f9ec3f2a56683fd34a2761 On 02/25/10 08:40, Xavier Parizet wrote: >On 02/25/2010 02:32 AM, Joseph wrote: >> I've configured OpenVPN and it works OK but I can not seems to figure it >> out how to assign static IP to clients >> >> My server.conf port 8458 >> proto udp >> dev tun >> mode server >> ca /usr/share/openvpn/easy-rsa/keys/ca.crt >> cert /usr/share/openvpn/easy-rsa/keys/server.crt >> key /usr/share/openvpn/easy-rsa/keys/server.key >> dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem >> server 192.168.139.0 255.255.255.0 >> client-to-client >> ifconfig-pool-persist ipp.txt >> client-config-dir ccd >> keepalive 10 120 >> tls-auth vpn_my.key 0 >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> duplicate-cn >> comp-lzo >> max-clients 100 >> persist-key >> persist-tun >> status openvpn-status.log >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> On client in /etc/openvpn/ccd directory I've created a file "syscon9" with: >> ifconfig-push 192.168.139.15 192.168.139.1 > >Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? >man openvpn tell me the following for ifconfig-push: >--ifconfig-push local remote-netmask > >so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line >above in the ccd directory. > >If it doesn't work, then please post the openvpn.log of the client. I've tried it many time, it doesn't work with the netmaks. File: syscon9 from ccd: cat syscon9 ifconfig-push 192.168.0.15 255.255.255.0 log file from the client: cat /var/log/openvpn.log Thu Feb 25 09:47:17 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 09:47:17 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 09:47:17 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 09:47:17 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:17 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:17 2010 LZO compression initialized Thu Feb 25 09:47:17 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 09:47:17 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 09:47:17 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 09:47:17 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 09:47:17 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 09:47:17 2010 UDPv4 link local: [undef] Thu Feb 25 09:47:17 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 09:47:17 2010 TLS: Initial packet from 208.38.31.237:9000, sid=7d5fc404 0c60dcb5 Thu Feb 25 09:47:17 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 09:47:17 2010 Validating certificate key usage Thu Feb 25 09:47:17 2010 ++ Certificate has key usage 00a0, expects 00a0 Thu Feb 25 09:47:17 2010 VERIFY KU OK Thu Feb 25 09:47:17 2010 Validating certificate extended key usage Thu Feb 25 09:47:17 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Feb 25 09:47:17 2010 VERIFY EKU OK Thu Feb 25 09:47:17 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Thu Feb 25 09:47:18 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 09:47:18 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:18 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 09:47:18 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:18 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 09:47:18 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 Thu Feb 25 09:47:19 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 25 09:47:19 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.139.10 192.168.139.9' Thu Feb 25 09:47:19 2010 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 25 09:47:19 2010 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 25 09:47:19 2010 OPTIONS IMPORT: route options modified Thu Feb 25 09:47:19 2010 ROUTE default_gateway=10.0.0.1 Thu Feb 25 09:47:19 2010 TUN/TAP device tun0 opened Thu Feb 25 09:47:19 2010 TUN/TAP TX queue length set to 100 Thu Feb 25 09:47:19 2010 /sbin/ifconfig tun0 192.168.139.10 pointopoint 192.168.139.9 mtu 1500 Thu Feb 25 09:47:19 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.10 192.168.139.9 init Thu Feb 25 09:47:19 2010 /sbin/route add -net 192.168.139.0 netmask 255.255.255.0 gw 192.168.139.9 Thu Feb 25 09:47:19 2010 Initialization Sequence Completed I got ip 192.168.139.10 not the 192.168.139.15 as requested in "ifconfig-push" -- Joseph