From: Joseph <syscon780@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] openvpn static ip
Date: Thu, 25 Feb 2010 12:20:09 -0700 [thread overview]
Message-ID: <20100225192009.GA6860@syscon4.inet> (raw)
In-Reply-To: <4B86AF72.6020000@gentooist.com>
On 02/25/10 18:12, Xavier Parizet wrote:
>Le 25/02/2010 17:51, Joseph a ??crit :
>> On 02/25/10 08:40, Xavier Parizet wrote:
>>> On 02/25/2010 02:32 AM, Joseph wrote:
>>>> I've configured OpenVPN and it works OK but I can not seems to figure it
>>>> out how to assign static IP to clients
>>>>
>>>> My server.conf port 8458
>>>> [SNIP]
>>>>
>>>> On client in /etc/openvpn/ccd directory I've created a file "syscon9"
>>>> with:
>>>> ifconfig-push 192.168.139.15 192.168.139.1
>>>
>>> Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ?
>>> man openvpn tell me the following for ifconfig-push:
>>> --ifconfig-push local remote-netmask
>>>
>>> so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line
>>> above in the ccd directory.
>>>
>>> If it doesn't work, then please post the openvpn.log of the client.
>>
>> I've tried it many time, it doesn't work with the netmaks. File: syscon9
>> from ccd:
>> cat syscon9
>> ifconfig-push 192.168.0.15 255.255.255.0
> ^^^
> this is wrong (or maybe a typing mistake?)
>
>If it's a typing mistake, then please post now server side log.
Yes, it was a typo :-/ I corrected it:
cat syscon9
ifconfig-push 192.168.139.15 255.255.255.0
but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15
log:
cat /var/log/openvpn.log
Thu Feb 25 12:14:04 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010
Thu Feb 25 12:14:04 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 25 12:14:04 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file
Thu Feb 25 12:14:04 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 25 12:14:04 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 25 12:14:04 2010 LZO compression initialized
Thu Feb 25 12:14:04 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Feb 25 12:14:04 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Feb 25 12:14:04 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 12:14:04 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 12:14:04 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 12:14:04 2010 UDPv4 link local: [undef]
Thu Feb 25 12:14:04 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 12:15:04 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 25 12:15:04 2010 TLS Error: TLS handshake failed
Thu Feb 25 12:15:04 2010 TCP/UDP: Closing socket
Thu Feb 25 12:15:04 2010 SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 25 12:15:04 2010 Restart pause, 2 second(s)
Thu Feb 25 12:15:06 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 25 12:15:06 2010 Re-using SSL/TLS context
Thu Feb 25 12:15:06 2010 LZO compression initialized
Thu Feb 25 12:15:06 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Feb 25 12:15:06 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Feb 25 12:15:06 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 12:15:06 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 12:15:06 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 12:15:06 2010 UDPv4 link local: [undef]
Thu Feb 25 12:15:06 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 12:16:06 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 25 12:16:06 2010 TLS Error: TLS handshake failed
Thu Feb 25 12:16:06 2010 TCP/UDP: Closing socket
Thu Feb 25 12:16:06 2010 SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 25 12:16:06 2010 Restart pause, 2 second(s)
Thu Feb 25 12:16:08 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 25 12:16:08 2010 Re-using SSL/TLS context
Thu Feb 25 12:16:08 2010 LZO compression initialized
Thu Feb 25 12:16:08 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Feb 25 12:16:08 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Feb 25 12:16:08 2010 Local Options hash (VER=V4): 'ec497616'
Thu Feb 25 12:16:08 2010 Expected Remote Options hash (VER=V4): '7cd8ed90'
Thu Feb 25 12:16:08 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 25 12:16:08 2010 UDPv4 link local: [undef]
Thu Feb 25 12:16:08 2010 UDPv4 link remote: 208.38.31.237:9000
Thu Feb 25 12:16:25 2010 TLS: Initial packet from 208.38.31.237:9000, sid=9c654bbf 0689942b
Thu Feb 25 12:16:25 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain
Thu Feb 25 12:16:25 2010 Validating certificate key usage
Thu Feb 25 12:16:25 2010 ++ Certificate has key usage 00a0, expects 00a0
Thu Feb 25 12:16:25 2010 VERIFY KU OK
Thu Feb 25 12:16:25 2010 Validating certificate extended key usage
Thu Feb 25 12:16:25 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Feb 25 12:16:25 2010 VERIFY EKU OK
Thu Feb 25 12:16:25 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain
Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 25 12:16:26 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 25 12:16:26 2010 [server] Peer Connection Initiated with 208.38.31.237:9000
Thu Feb 25 12:16:27 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Feb 25 12:16:27 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig
192.168.139.6 192.168.139.5'
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: route options modified
Thu Feb 25 12:16:27 2010 ROUTE default_gateway=10.0.0.1
Thu Feb 25 12:16:27 2010 TUN/TAP device tun0 opened
Thu Feb 25 12:16:27 2010 TUN/TAP TX queue length set to 100
Thu Feb 25 12:16:27 2010 /sbin/ifconfig tun0 192.168.139.6 pointopoint 192.168.139.5 mtu 1500
Thu Feb 25 12:16:27 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.6 192.168.139.5 init
Thu Feb 25 12:16:27 2010 /sbin/route add -net 192.168.139.0 netmask 255.255.255.0 gw 192.168.139.5
Thu Feb 25 12:16:27 2010 Initialization Sequence Completed
--
Joseph
next prev parent reply other threads:[~2010-02-25 20:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-25 1:32 [gentoo-user] openvpn static ip Joseph
2010-02-25 2:51 ` Albert Hopkins
2010-02-25 3:37 ` Joseph
2010-02-25 11:56 ` Albert Hopkins
2010-02-25 16:52 ` Joseph
2010-02-25 7:40 ` Xavier Parizet
2010-02-25 16:51 ` Joseph
2010-02-25 17:12 ` Xavier Parizet
2010-02-25 19:20 ` Joseph [this message]
2010-02-25 20:01 ` Etaoin Shrdlu
2010-02-25 20:09 ` Xavier Parizet
2010-02-25 21:01 ` Joseph
2010-02-25 21:17 ` Xavier Parizet
2010-02-25 22:21 ` Joseph
2010-02-26 7:34 ` Xavier Parizet
2010-02-26 0:39 ` Joseph
2010-02-26 8:33 ` J. Roeleveld
2010-02-26 15:13 ` [gentoo-user][SOLVED] " Joseph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100225192009.GA6860@syscon4.inet \
--to=syscon780@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox