* [gentoo-user] openvpn static ip @ 2010-02-25 1:32 Joseph 2010-02-25 2:51 ` Albert Hopkins 2010-02-25 7:40 ` Xavier Parizet 0 siblings, 2 replies; 18+ messages in thread From: Joseph @ 2010-02-25 1:32 UTC (permalink / raw To: gentoo-user I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients My server.conf port 8458 proto udp dev tun mode server ca /usr/share/openvpn/easy-rsa/keys/ca.crt cert /usr/share/openvpn/easy-rsa/keys/server.crt key /usr/share/openvpn/easy-rsa/keys/server.key dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem server 192.168.139.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_my.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 On client in /etc/openvpn/ccd directory I've created a file "syscon9" with: ifconfig-push 192.168.139.15 192.168.139.1 This file suppose to have a name from client "CN" client.conf client dev tun proto udp remote 68.148.245.78 8458 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca "/etc/openvpn/client/ca.crt" cert "/etc/openvpn/client/syscon9.crt" key "/etc/openvpn/client/syscon9.key" tls-auth "/etc/openvpn/client/vpn.key" 1 comp-lzo log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 1:32 [gentoo-user] openvpn static ip Joseph @ 2010-02-25 2:51 ` Albert Hopkins 2010-02-25 3:37 ` Joseph 2010-02-25 7:40 ` Xavier Parizet 1 sibling, 1 reply; 18+ messages in thread From: Albert Hopkins @ 2010-02-25 2:51 UTC (permalink / raw To: gentoo-user On Wed, 2010-02-24 at 18:32 -0700, Joseph wrote: > I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients Put this your config config: client-config-dir client.d And then in client.d/ have a file for each client, e.g. # cat client.d/client ifconfig-push 192.168.0.4 192.168.0.1 ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 2:51 ` Albert Hopkins @ 2010-02-25 3:37 ` Joseph 2010-02-25 11:56 ` Albert Hopkins 0 siblings, 1 reply; 18+ messages in thread From: Joseph @ 2010-02-25 3:37 UTC (permalink / raw To: gentoo-user On 02/24/10 21:51, Albert Hopkins wrote: >On Wed, 2010-02-24 at 18:32 -0700, Joseph wrote: >> I've configured OpenVPN and it works OK but I can not seems to figure it out how to assign static IP to clients > >Put this your config config: > > client-config-dir client.d > >And then in client.d/ have a file for each client, e.g. > > # cat client.d/client > ifconfig-push 192.168.0.4 192.168.0.1 The directory name shouldn't make any difference, I'm using directory name "ccd"; though I've tried the IP's you suggested, it makes no difference, still not getting static IP :-/ Thanks for suggestion, I've been on it all day and can not find the solution. -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 3:37 ` Joseph @ 2010-02-25 11:56 ` Albert Hopkins 2010-02-25 16:52 ` Joseph 0 siblings, 1 reply; 18+ messages in thread From: Albert Hopkins @ 2010-02-25 11:56 UTC (permalink / raw To: gentoo-user On Wed, 2010-02-24 at 20:37 -0700, Joseph wrote: > The directory name shouldn't make any difference, I'm using directory > name "ccd"; though I've tried the IP's you suggested, it makes no > difference, still > not getting static IP :-/ > > Thanks for suggestion, I've been on it all day and can not find the > solution. Yeah I know the directory name is arbitrary, I was only giving you the example that works for me. Not sure why it doesn't work for you. Do the file names match up with the DNs (check the logs)? -a ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 11:56 ` Albert Hopkins @ 2010-02-25 16:52 ` Joseph 0 siblings, 0 replies; 18+ messages in thread From: Joseph @ 2010-02-25 16:52 UTC (permalink / raw To: gentoo-user On 02/25/10 06:56, Albert Hopkins wrote: >On Wed, 2010-02-24 at 20:37 -0700, Joseph wrote: >> The directory name shouldn't make any difference, I'm using directory >> name "ccd"; though I've tried the IP's you suggested, it makes no >> difference, still >> not getting static IP :-/ >> >> Thanks for suggestion, I've been on it all day and can not find the >> solution. > >Yeah I know the directory name is arbitrary, I was only giving you the >example that works for me. > >Not sure why it doesn't work for you. Do the file names match up with >the DNs (check the logs)? > >-a Can you please post your server.conf and client.conf? I'll compare it with mine maybe I'm missing something. -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 1:32 [gentoo-user] openvpn static ip Joseph 2010-02-25 2:51 ` Albert Hopkins @ 2010-02-25 7:40 ` Xavier Parizet 2010-02-25 16:51 ` Joseph 1 sibling, 1 reply; 18+ messages in thread From: Xavier Parizet @ 2010-02-25 7:40 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1946 bytes --] On 02/25/2010 02:32 AM, Joseph wrote: > I've configured OpenVPN and it works OK but I can not seems to figure it > out how to assign static IP to clients > > My server.conf port 8458 > proto udp > dev tun > mode server > ca /usr/share/openvpn/easy-rsa/keys/ca.crt > cert /usr/share/openvpn/easy-rsa/keys/server.crt > key /usr/share/openvpn/easy-rsa/keys/server.key > dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem > server 192.168.139.0 255.255.255.0 > client-to-client > ifconfig-pool-persist ipp.txt > client-config-dir ccd > keepalive 10 120 > tls-auth vpn_my.key 0 > tun-mtu 1500 > tun-mtu-extra 32 > mssfix 1200 > duplicate-cn > comp-lzo > max-clients 100 > persist-key > persist-tun > status openvpn-status.log > log /var/log/openvpn.log > log-append /var/log/openvpn.log > verb 3 > > On client in /etc/openvpn/ccd directory I've created a file "syscon9" with: > ifconfig-push 192.168.139.15 192.168.139.1 Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? man openvpn tell me the following for ifconfig-push: --ifconfig-push local remote-netmask so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line above in the ccd directory. If it doesn't work, then please post the openvpn.log of the client. > This file suppose to have a name from client "CN" > > client.conf > client > dev tun > proto udp > remote 68.148.245.78 8458 > resolv-retry infinite > nobind > tun-mtu 1500 > tun-mtu-extra 32 > mssfix 1200 > persist-key > persist-tun > remote-cert-tls server > ca "/etc/openvpn/client/ca.crt" > cert "/etc/openvpn/client/syscon9.crt" > key "/etc/openvpn/client/syscon9.key" > tls-auth "/etc/openvpn/client/vpn.key" 1 > comp-lzo > log /var/log/openvpn.log > log-append /var/log/openvpn.log > verb 3 -- Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 7:40 ` Xavier Parizet @ 2010-02-25 16:51 ` Joseph 2010-02-25 17:12 ` Xavier Parizet 0 siblings, 1 reply; 18+ messages in thread From: Joseph @ 2010-02-25 16:51 UTC (permalink / raw To: gentoo-user On 02/25/10 08:40, Xavier Parizet wrote: >On 02/25/2010 02:32 AM, Joseph wrote: >> I've configured OpenVPN and it works OK but I can not seems to figure it >> out how to assign static IP to clients >> >> My server.conf port 8458 >> proto udp >> dev tun >> mode server >> ca /usr/share/openvpn/easy-rsa/keys/ca.crt >> cert /usr/share/openvpn/easy-rsa/keys/server.crt >> key /usr/share/openvpn/easy-rsa/keys/server.key >> dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem >> server 192.168.139.0 255.255.255.0 >> client-to-client >> ifconfig-pool-persist ipp.txt >> client-config-dir ccd >> keepalive 10 120 >> tls-auth vpn_my.key 0 >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> duplicate-cn >> comp-lzo >> max-clients 100 >> persist-key >> persist-tun >> status openvpn-status.log >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> On client in /etc/openvpn/ccd directory I've created a file "syscon9" with: >> ifconfig-push 192.168.139.15 192.168.139.1 > >Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? >man openvpn tell me the following for ifconfig-push: >--ifconfig-push local remote-netmask > >so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line >above in the ccd directory. > >If it doesn't work, then please post the openvpn.log of the client. I've tried it many time, it doesn't work with the netmaks. File: syscon9 from ccd: cat syscon9 ifconfig-push 192.168.0.15 255.255.255.0 log file from the client: cat /var/log/openvpn.log Thu Feb 25 09:47:17 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 09:47:17 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 09:47:17 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 09:47:17 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:17 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:17 2010 LZO compression initialized Thu Feb 25 09:47:17 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 09:47:17 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 09:47:17 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 09:47:17 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 09:47:17 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 09:47:17 2010 UDPv4 link local: [undef] Thu Feb 25 09:47:17 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 09:47:17 2010 TLS: Initial packet from 208.38.31.237:9000, sid=7d5fc404 0c60dcb5 Thu Feb 25 09:47:17 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 09:47:17 2010 Validating certificate key usage Thu Feb 25 09:47:17 2010 ++ Certificate has key usage 00a0, expects 00a0 Thu Feb 25 09:47:17 2010 VERIFY KU OK Thu Feb 25 09:47:17 2010 Validating certificate extended key usage Thu Feb 25 09:47:17 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Feb 25 09:47:17 2010 VERIFY EKU OK Thu Feb 25 09:47:17 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Thu Feb 25 09:47:18 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 09:47:18 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:18 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 09:47:18 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 09:47:18 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 09:47:18 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 Thu Feb 25 09:47:19 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 25 09:47:19 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.139.10 192.168.139.9' Thu Feb 25 09:47:19 2010 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 25 09:47:19 2010 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 25 09:47:19 2010 OPTIONS IMPORT: route options modified Thu Feb 25 09:47:19 2010 ROUTE default_gateway=10.0.0.1 Thu Feb 25 09:47:19 2010 TUN/TAP device tun0 opened Thu Feb 25 09:47:19 2010 TUN/TAP TX queue length set to 100 Thu Feb 25 09:47:19 2010 /sbin/ifconfig tun0 192.168.139.10 pointopoint 192.168.139.9 mtu 1500 Thu Feb 25 09:47:19 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.10 192.168.139.9 init Thu Feb 25 09:47:19 2010 /sbin/route add -net 192.168.139.0 netmask 255.255.255.0 gw 192.168.139.9 Thu Feb 25 09:47:19 2010 Initialization Sequence Completed I got ip 192.168.139.10 not the 192.168.139.15 as requested in "ifconfig-push" -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 16:51 ` Joseph @ 2010-02-25 17:12 ` Xavier Parizet 2010-02-25 19:20 ` Joseph 0 siblings, 1 reply; 18+ messages in thread From: Xavier Parizet @ 2010-02-25 17:12 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1247 bytes --] Le 25/02/2010 17:51, Joseph a écrit : > On 02/25/10 08:40, Xavier Parizet wrote: >> On 02/25/2010 02:32 AM, Joseph wrote: >>> I've configured OpenVPN and it works OK but I can not seems to figure it >>> out how to assign static IP to clients >>> >>> My server.conf port 8458 >>> [SNIP] >>> >>> On client in /etc/openvpn/ccd directory I've created a file "syscon9" >>> with: >>> ifconfig-push 192.168.139.15 192.168.139.1 >> >> Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? >> man openvpn tell me the following for ifconfig-push: >> --ifconfig-push local remote-netmask >> >> so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line >> above in the ccd directory. >> >> If it doesn't work, then please post the openvpn.log of the client. > > I've tried it many time, it doesn't work with the netmaks. File: syscon9 > from ccd: > cat syscon9 > ifconfig-push 192.168.0.15 255.255.255.0 ^^^ this is wrong (or maybe a typing mistake?) If it's a typing mistake, then please post now server side log. > [SNIP] -- Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 17:12 ` Xavier Parizet @ 2010-02-25 19:20 ` Joseph 2010-02-25 20:01 ` Etaoin Shrdlu 2010-02-25 20:09 ` Xavier Parizet 0 siblings, 2 replies; 18+ messages in thread From: Joseph @ 2010-02-25 19:20 UTC (permalink / raw To: gentoo-user On 02/25/10 18:12, Xavier Parizet wrote: >Le 25/02/2010 17:51, Joseph a ??crit : >> On 02/25/10 08:40, Xavier Parizet wrote: >>> On 02/25/2010 02:32 AM, Joseph wrote: >>>> I've configured OpenVPN and it works OK but I can not seems to figure it >>>> out how to assign static IP to clients >>>> >>>> My server.conf port 8458 >>>> [SNIP] >>>> >>>> On client in /etc/openvpn/ccd directory I've created a file "syscon9" >>>> with: >>>> ifconfig-push 192.168.139.15 192.168.139.1 >>> >>> Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? >>> man openvpn tell me the following for ifconfig-push: >>> --ifconfig-push local remote-netmask >>> >>> so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line >>> above in the ccd directory. >>> >>> If it doesn't work, then please post the openvpn.log of the client. >> >> I've tried it many time, it doesn't work with the netmaks. File: syscon9 >> from ccd: >> cat syscon9 >> ifconfig-push 192.168.0.15 255.255.255.0 > ^^^ > this is wrong (or maybe a typing mistake?) > >If it's a typing mistake, then please post now server side log. Yes, it was a typo :-/ I corrected it: cat syscon9 ifconfig-push 192.168.139.15 255.255.255.0 but from log you can see it still didn't give me what I want, I got IP 192.168.139.6 and was asking for: 192.168.139.15 log: cat /var/log/openvpn.log Thu Feb 25 12:14:04 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 12:14:04 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 12:14:04 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 12:14:04 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 12:14:04 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 12:14:04 2010 LZO compression initialized Thu Feb 25 12:14:04 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 12:14:04 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 12:14:04 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 12:14:04 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 12:14:04 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 12:14:04 2010 UDPv4 link local: [undef] Thu Feb 25 12:14:04 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 12:15:04 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Feb 25 12:15:04 2010 TLS Error: TLS handshake failed Thu Feb 25 12:15:04 2010 TCP/UDP: Closing socket Thu Feb 25 12:15:04 2010 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 25 12:15:04 2010 Restart pause, 2 second(s) Thu Feb 25 12:15:06 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 12:15:06 2010 Re-using SSL/TLS context Thu Feb 25 12:15:06 2010 LZO compression initialized Thu Feb 25 12:15:06 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 12:15:06 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 12:15:06 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 12:15:06 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 12:15:06 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 12:15:06 2010 UDPv4 link local: [undef] Thu Feb 25 12:15:06 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 12:16:06 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Feb 25 12:16:06 2010 TLS Error: TLS handshake failed Thu Feb 25 12:16:06 2010 TCP/UDP: Closing socket Thu Feb 25 12:16:06 2010 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 25 12:16:06 2010 Restart pause, 2 second(s) Thu Feb 25 12:16:08 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 12:16:08 2010 Re-using SSL/TLS context Thu Feb 25 12:16:08 2010 LZO compression initialized Thu Feb 25 12:16:08 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 12:16:08 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 12:16:08 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 12:16:08 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 12:16:08 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 12:16:08 2010 UDPv4 link local: [undef] Thu Feb 25 12:16:08 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 12:16:25 2010 TLS: Initial packet from 208.38.31.237:9000, sid=9c654bbf 0689942b Thu Feb 25 12:16:25 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 12:16:25 2010 Validating certificate key usage Thu Feb 25 12:16:25 2010 ++ Certificate has key usage 00a0, expects 00a0 Thu Feb 25 12:16:25 2010 VERIFY KU OK Thu Feb 25 12:16:25 2010 Validating certificate extended key usage Thu Feb 25 12:16:25 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Feb 25 12:16:25 2010 VERIFY EKU OK Thu Feb 25 12:16:25 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 12:16:26 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 12:16:26 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 12:16:26 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 12:16:26 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 Thu Feb 25 12:16:27 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 25 12:16:27 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.139.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.139.6 192.168.139.5' Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 25 12:16:27 2010 OPTIONS IMPORT: route options modified Thu Feb 25 12:16:27 2010 ROUTE default_gateway=10.0.0.1 Thu Feb 25 12:16:27 2010 TUN/TAP device tun0 opened Thu Feb 25 12:16:27 2010 TUN/TAP TX queue length set to 100 Thu Feb 25 12:16:27 2010 /sbin/ifconfig tun0 192.168.139.6 pointopoint 192.168.139.5 mtu 1500 Thu Feb 25 12:16:27 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.6 192.168.139.5 init Thu Feb 25 12:16:27 2010 /sbin/route add -net 192.168.139.0 netmask 255.255.255.0 gw 192.168.139.5 Thu Feb 25 12:16:27 2010 Initialization Sequence Completed -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 19:20 ` Joseph @ 2010-02-25 20:01 ` Etaoin Shrdlu 2010-02-25 20:09 ` Xavier Parizet 1 sibling, 0 replies; 18+ messages in thread From: Etaoin Shrdlu @ 2010-02-25 20:01 UTC (permalink / raw To: gentoo-user On Thursday 25 February 2010, Joseph wrote: > Yes, it was a typo :-/ I corrected it: > cat syscon9 > ifconfig-push 192.168.139.15 255.255.255.0 > > but from log you can see it still didn't give me what I want, I got IP > 192.168.139.6 and was asking for: 192.168.139.15 Try adding topology subnet to both client and server config. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 19:20 ` Joseph 2010-02-25 20:01 ` Etaoin Shrdlu @ 2010-02-25 20:09 ` Xavier Parizet 2010-02-25 21:01 ` Joseph 1 sibling, 1 reply; 18+ messages in thread From: Xavier Parizet @ 2010-02-25 20:09 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1852 bytes --] Le 25/02/2010 20:20, Joseph a écrit : > On 02/25/10 18:12, Xavier Parizet wrote: >> Le 25/02/2010 17:51, Joseph a ??crit : >>> On 02/25/10 08:40, Xavier Parizet wrote: >>>> On 02/25/2010 02:32 AM, Joseph wrote: >>>>> I've configured OpenVPN and it works OK but I can not seems to >>>>> figure it >>>>> out how to assign static IP to clients >>>>> >>>>> My server.conf port 8458 >>>>> [SNIP] >>>>> >>>>> On client in /etc/openvpn/ccd directory I've created a file "syscon9" >>>>> with: >>>>> ifconfig-push 192.168.139.15 192.168.139.1 >>>> >>>> Hmmm... 192.168.139.1 does not seem a remote netmask, isn't it ? >>>> man openvpn tell me the following for ifconfig-push: >>>> --ifconfig-push local remote-netmask >>>> >>>> so, put ifconfig-push 192.168.139.15 255.255.255.0 rather than the line >>>> above in the ccd directory. >>>> >>>> If it doesn't work, then please post the openvpn.log of the client. >>> >>> I've tried it many time, it doesn't work with the netmaks. File: syscon9 >>> from ccd: >>> cat syscon9 >>> ifconfig-push 192.168.0.15 255.255.255.0 >> ^^^ >> this is wrong (or maybe a typing mistake?) >> >> If it's a typing mistake, then please post now server side log. > > Yes, it was a typo :-/ I corrected it: > cat syscon9 > ifconfig-push 192.168.139.15 255.255.255.0 > > but from log you can see it still didn't give me what I want, I got IP > 192.168.139.6 and was asking for: 192.168.139.15 > > log: > cat /var/log/openvpn.log > [SNIP] Ok. After re-re-reading the man page, try to add parameter topology subnet to server config. If it still don't work, then _please_ post the openvpn.log of the server side. -- Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 20:09 ` Xavier Parizet @ 2010-02-25 21:01 ` Joseph 2010-02-25 21:17 ` Xavier Parizet 0 siblings, 1 reply; 18+ messages in thread From: Joseph @ 2010-02-25 21:01 UTC (permalink / raw To: gentoo-user On 02/25/10 21:09, Xavier Parizet wrote: [snip] >> Yes, it was a typo :-/ I corrected it: >> cat syscon9 >> ifconfig-push 192.168.139.15 255.255.255.0 >> >> but from log you can see it still didn't give me what I want, I got IP >> 192.168.139.6 and was asking for: 192.168.139.15 >> >> log: >> cat /var/log/openvpn.log >> [SNIP] > >Ok. After re-re-reading the man page, try to add parameter topology >subnet to server config. If it still don't work, then _please_ post the >openvpn.log of the server side. > >-- > Xavier Parizet >YaGB : http://gentooist.com >GPG : C7DC B10E FC21 63BE >B453 D239 F6E6 DF65 1569 91BF > I've added: topology subnet to both client and server conf but now when I try to disconnect and connect I'm getting consecutive IP's: 192.168.139.2 192.168.139.3 192.168.139.4 ... cat server.conf port 9000 proto udp dev tun mode server ca /usr/share/openvpn/easy-rsa/keys/ca.crt cert /usr/share/openvpn/easy-rsa/keys/server.crt key /usr/share/openvpn/easy-rsa/keys/server.key dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem topology subnet server 192.168.139.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_my.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 cat client_clinic2.conf client dev tun proto udp topology subnet remote 208.38.31.237 9000 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca "/etc/openvpn/client_clinic2/ca.crt" cert "/etc/openvpn/client_clinic2/syscon9.crt" key "/etc/openvpn/client_clinic2/syscon9.key" tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 comp-lzo log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 log file from client: cat /var/log/openvpn.log Thu Feb 25 13:50:30 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 13:50:30 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 13:50:30 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 13:50:30 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:30 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:30 2010 LZO compression initialized Thu Feb 25 13:50:30 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 13:50:30 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 13:50:30 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 13:50:30 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 13:50:30 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 13:50:30 2010 UDPv4 link local: [undef] Thu Feb 25 13:50:30 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 13:50:30 2010 TLS: Initial packet from 208.38.31.237:9000, sid=766f3e2f 0cf96857 Thu Feb 25 13:50:30 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 13:50:30 2010 Validating certificate key usage Thu Feb 25 13:50:30 2010 ++ Certificate has key usage 00a0, expects 00a0 Thu Feb 25 13:50:30 2010 VERIFY KU OK Thu Feb 25 13:50:30 2010 Validating certificate extended key usage Thu Feb 25 13:50:30 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Feb 25 13:50:30 2010 VERIFY EKU OK Thu Feb 25 13:50:30 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:31 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 13:50:31 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 Thu Feb 25 13:50:32 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 25 13:50:32 2010 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.139.2 255.255.255.0' Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: route-related options modified Thu Feb 25 13:50:32 2010 TUN/TAP device tun0 opened Thu Feb 25 13:50:32 2010 TUN/TAP TX queue length set to 100 Thu Feb 25 13:50:32 2010 /sbin/ifconfig tun0 192.168.139.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.139.255 Thu Feb 25 13:50:32 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.2 255.255.255.0 init Thu Feb 25 13:50:32 2010 Initialization Sequence Completed log file from server: Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 [syscon9] Inactivity timeout (--ping-restart), restarting Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 SIGUSR1[soft,ping-restart] received, client-instance restarting Thu Feb 25 13:56:57 2010 MULTI: multi_create_instance called Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Re-using SSL/TLS context Thu Feb 25 13:56:57 2010 68.148.245.78:55868 LZO compression initialized Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Local Options hash (VER=V4): '7cd8ed90' Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Expected Remote Options hash (VER=V4): 'ec497616' Thu Feb 25 13:56:57 2010 68.148.245.78:55868 TLS: Initial packet from 68.148.245.78:55868, sid=57c549f4 702a73f4 Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=syscon9/emailAddress=me@myhost.mydomain Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 13:56:58 2010 68.148.245.78:55868 [syscon9] Peer Connection Initiated with 68.148.245.78:55868 Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: Learn: 192.168.139.3 -> syscon9/68.148.245.78:55868 Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: primary virtual IP for syscon9/68.148.245.78:55868: 192.168.139.3 Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 SENT CONTROL [syscon9]: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.139.3 255.255.255.0' (status=1) Thu Feb 25 13:57:02 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Thu Feb 25 13:57:12 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Whey sever log is always showing this message: [ECONNREFUSED]: Connection refused (code=111 -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 21:01 ` Joseph @ 2010-02-25 21:17 ` Xavier Parizet 2010-02-25 22:21 ` Joseph 2010-02-26 0:39 ` Joseph 0 siblings, 2 replies; 18+ messages in thread From: Xavier Parizet @ 2010-02-25 21:17 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 3043 bytes --] Le 25/02/2010 22:01, Joseph a écrit : > On 02/25/10 21:09, Xavier Parizet wrote: > [snip] >>> Yes, it was a typo :-/ I corrected it: >>> cat syscon9 >>> ifconfig-push 192.168.139.15 255.255.255.0 >>> >>> but from log you can see it still didn't give me what I want, I got IP >>> 192.168.139.6 and was asking for: 192.168.139.15 >>> >>> log: >>> cat /var/log/openvpn.log >>> [SNIP] >> >> Ok. After re-re-reading the man page, try to add parameter topology >> subnet to server config. If it still don't work, then _please_ post the >> openvpn.log of the server side. >> > > I've added: topology subnet to both client and server conf but now when > I try to disconnect and connect I'm getting consecutive IP's: > 192.168.139.2 > 192.168.139.3 > 192.168.139.4 > ... > > cat server.conf > port 9000 > proto udp > dev tun > mode server > ca /usr/share/openvpn/easy-rsa/keys/ca.crt > cert /usr/share/openvpn/easy-rsa/keys/server.crt > key /usr/share/openvpn/easy-rsa/keys/server.key > dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem > topology subnet > server 192.168.139.0 255.255.255.0 > client-to-client > ifconfig-pool-persist ipp.txt > client-config-dir ccd > keepalive 10 120 > tls-auth vpn_my.key 0 > tun-mtu 1500 > tun-mtu-extra 32 > mssfix 1200 > duplicate-cn > comp-lzo > max-clients 100 > persist-key > persist-tun > status openvpn-status.log > log /var/log/openvpn.log > log-append /var/log/openvpn.log > verb 3 > > cat client_clinic2.conf > client > dev tun > proto udp > topology subnet > remote 208.38.31.237 9000 > resolv-retry infinite > nobind ^^^^^^ you should remove this line to avoid connection refused messages from the server. As you are in udp, client should bind on udp source port to get messages from the server. > tun-mtu 1500 > tun-mtu-extra 32 > mssfix 1200 > persist-key > persist-tun > remote-cert-tls server > ca "/etc/openvpn/client_clinic2/ca.crt" > cert "/etc/openvpn/client_clinic2/syscon9.crt" > key "/etc/openvpn/client_clinic2/syscon9.key" > tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 > comp-lzo > log /var/log/openvpn.log > log-append /var/log/openvpn.log > verb 3 > > > log file from client: > > cat /var/log/openvpn.log > [SNIP] > > Whey sever log is always showing this message: [ECONNREFUSED]: > Connection refused (code=111 From what i can see, please try to add full path to the ccd directory in client-config-dir directive on the server path. Also check permissions on that directory. On which user are you running openvpn on the server ? On the client ? Can you increase verbosity and see if there is no open fails on the server ? If it works, you should have the following line in server logs: OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source] -- Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 21:17 ` Xavier Parizet @ 2010-02-25 22:21 ` Joseph 2010-02-26 7:34 ` Xavier Parizet 2010-02-26 0:39 ` Joseph 1 sibling, 1 reply; 18+ messages in thread From: Joseph @ 2010-02-25 22:21 UTC (permalink / raw To: gentoo-user On 02/25/10 22:17, Xavier Parizet wrote: [snip] >> topology subnet >> remote 208.38.31.237 9000 >> resolv-retry infinite >> nobind > ^^^^^^ > you should remove this line to avoid connection refused messages from >the server. As you are in udp, client should bind on udp source port to >get messages from the server. I remove this one from client.conf > >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> persist-key >> persist-tun >> remote-cert-tls server >> ca "/etc/openvpn/client_clinic2/ca.crt" >> cert "/etc/openvpn/client_clinic2/syscon9.crt" >> key "/etc/openvpn/client_clinic2/syscon9.key" >> tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 >> comp-lzo >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> >> log file from client: >> >> cat /var/log/openvpn.log >> [SNIP] >> >> Whey sever log is always showing this message: [ECONNREFUSED]: >> Connection refused (code=111 > >From what i can see, please try to add full path to the ccd directory in >client-config-dir directive on the server path. Also check permissions >on that directory. On which user are you running openvpn on the server ? >On the client ? > >Can you increase verbosity and see if there is no open fails on the >server ? If it works, you should have the following line in server logs: >OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 >MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source] > >-- > Xavier Parizet >YaGB : http://gentooist.com >GPG : C7DC B10E FC21 63BE >B453 D239 F6E6 DF65 1569 91BF > I added full path to the server for ccd: /etc/openvpn/ccd Now I'm getting consistent IP: 192.168.139.2 every-time I restart openvpn.client_clinic2 but I'm not getting what I requested in ccd/syscon9: ifconfig-push 192.168.139.15 255.255.255.0 The client runs openvpn as user root, the server runs openvpn as user openvpn. -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 22:21 ` Joseph @ 2010-02-26 7:34 ` Xavier Parizet 0 siblings, 0 replies; 18+ messages in thread From: Xavier Parizet @ 2010-02-26 7:34 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 838 bytes --] On 02/25/2010 11:21 PM, Joseph wrote: > On 02/25/10 22:17, Xavier Parizet wrote: >> [snip] > > I added full path to the server for ccd: > /etc/openvpn/ccd > > Now I'm getting consistent IP: 192.168.139.2 every-time I restart > openvpn.client_clinic2 > but I'm not getting what I requested in ccd/syscon9: > ifconfig-push 192.168.139.15 255.255.255.0 retry ifconfig-push 192.168.139.15 192.168.139.1 . Also post /etc/openvpn/ipp.txt content and try removing it and restart openvpn server keep the full log level 4, and restart openvpn client, keep the full log level 4. I'm starting to be out of ideas ^^ > The client runs openvpn as user root, > the server runs openvpn as user openvpn. -- Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-25 21:17 ` Xavier Parizet 2010-02-25 22:21 ` Joseph @ 2010-02-26 0:39 ` Joseph 2010-02-26 8:33 ` J. Roeleveld 1 sibling, 1 reply; 18+ messages in thread From: Joseph @ 2010-02-26 0:39 UTC (permalink / raw To: gentoo-user On 02/25/10 22:17, Xavier Parizet wrote: >From what i can see, please try to add full path to the ccd directory in >client-config-dir directive on the server path. Also check permissions >on that directory. On which user are you running openvpn on the server ? >On the client ? On client: drwxr-xr-x 2 root root 4096 Feb 24 18:49 ccd -rw-r--r-- 1 root root 45 Feb 25 12:13 syscon9 so this looks OK, >Can you increase verbosity and see if there is no open fails on the >server ? If it works, you should have the following line in server logs: >OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9 >MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source] I've increased verbosity on server to 9 but I can not find any phrase in the serer log file: "fails" "IMPORT" but I've noticed this section on the server log: ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/syscon9' [0] ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/DEFAULT' [0] ...syscon9/68.148.245.78:56172 MULTI: Learn: 192.168.139.2 -> syscon9/68.148.245.78:56172 If I change the directory to "ccd" the log just shows: ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/syscon9' [0] ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/DEFAULT' [0 -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user] openvpn static ip 2010-02-26 0:39 ` Joseph @ 2010-02-26 8:33 ` J. Roeleveld 2010-02-26 15:13 ` [gentoo-user][SOLVED] " Joseph 0 siblings, 1 reply; 18+ messages in thread From: J. Roeleveld @ 2010-02-26 8:33 UTC (permalink / raw To: gentoo-user On Friday 26 February 2010 01:39:55 Joseph wrote: > On 02/25/10 22:17, Xavier Parizet wrote: > >From what i can see, please try to add full path to the ccd directory in > >client-config-dir directive on the server path. Also check permissions > >on that directory. On which user are you running openvpn on the server ? > >On the client ? > > On client: > drwxr-xr-x 2 root root 4096 Feb 24 18:49 ccd > -rw-r--r-- 1 root root 45 Feb 25 12:13 syscon9 > > so this looks OK, From this, it looks like the "syscon9" file is not in the ".../ccd/" directory? Also, isn't this file supposed to be on the server? > >Can you increase verbosity and see if there is no open fails on the > >server ? If it works, you should have the following line in server logs: > >OPTIONS IMPORT: reading client specific options from: [path to > > ccd]/syscon9 MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port > > source] > > I've increased verbosity on server to 9 > but I can not find any phrase in the serer log file: "fails" "IMPORT" > > but I've noticed this section on the server log: > > ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/syscon9' [0] > ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/DEFAULT' [0] > ...syscon9/68.148.245.78:56172 MULTI: Learn: 192.168.139.2 -> > syscon9/68.148.245.78:56172 > > If I change the directory to "ccd" the log just shows: > ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/syscon9' [0] > ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/DEFAULT' [0 This seems to indicate it can't actually find the file "/etc/openvpn/ccd/syscon9" This file needs to be located on the server, not on the client, as it's the server that determines the IP-address for the client. -- Joost ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-user][SOLVED] openvpn static ip 2010-02-26 8:33 ` J. Roeleveld @ 2010-02-26 15:13 ` Joseph 0 siblings, 0 replies; 18+ messages in thread From: Joseph @ 2010-02-26 15:13 UTC (permalink / raw To: gentoo-user On 02/26/10 09:33, J. Roeleveld wrote: [snip] >> >> ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/syscon9' [0] >> ...syscon9/68.148.245.78:56172 TEST FILE '/etc/openvpn/ccd/DEFAULT' [0] >> ...syscon9/68.148.245.78:56172 MULTI: Learn: 192.168.139.2 -> >> syscon9/68.148.245.78:56172 >> >> If I change the directory to "ccd" the log just shows: >> ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/syscon9' [0] >> ...syscon9/68.148.245.78:56172 TEST FILE 'ccd/DEFAULT' [0 > >This seems to indicate it can't actually find the file >"/etc/openvpn/ccd/syscon9" > >This file needs to be located on the server, not on the client, as it's the >server that determines the IP-address for the client. > >-- >Joost Yes, that was it :-/; I don't know what to say. Such a simple mistake. Just taking on a simple logic it make sense. I was thinking about it how it works that the client can request its own IP from the server; something didn't make sense. Thank you for all your help. -- Joseph ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2010-02-26 15:13 UTC | newest] Thread overview: 18+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-02-25 1:32 [gentoo-user] openvpn static ip Joseph 2010-02-25 2:51 ` Albert Hopkins 2010-02-25 3:37 ` Joseph 2010-02-25 11:56 ` Albert Hopkins 2010-02-25 16:52 ` Joseph 2010-02-25 7:40 ` Xavier Parizet 2010-02-25 16:51 ` Joseph 2010-02-25 17:12 ` Xavier Parizet 2010-02-25 19:20 ` Joseph 2010-02-25 20:01 ` Etaoin Shrdlu 2010-02-25 20:09 ` Xavier Parizet 2010-02-25 21:01 ` Joseph 2010-02-25 21:17 ` Xavier Parizet 2010-02-25 22:21 ` Joseph 2010-02-26 7:34 ` Xavier Parizet 2010-02-26 0:39 ` Joseph 2010-02-26 8:33 ` J. Roeleveld 2010-02-26 15:13 ` [gentoo-user][SOLVED] " Joseph
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox