From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Nkl1K-0005Vf-MU for garchives@archives.gentoo.org; Thu, 25 Feb 2010 21:13:22 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 581B4E0E40 for ; Thu, 25 Feb 2010 21:13:18 +0000 (UTC) Received: from mail.shawcable.com (shawmail.shawcable.com [64.59.128.220]) by pigeon.gentoo.org (Postfix) with ESMTP id B1D9EE09D6 for ; Thu, 25 Feb 2010 21:01:08 +0000 (UTC) Received: from bpd2mi2no-svcs.prod.shawcable.com ([10.0.184.121]) by bpd2mo3no-ssvc.prod.shawcable.com with ESMTP; 25 Feb 2010 14:01:08 -0700 X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.0 c=1 a=tiDpqCBa0E0A:10 a=dgx804EzjhD8CRYpIFkhZA==:17 a=fhWuiIdCAAAA:8 a=2_RduKpjm6BxYoLHXyAA:9 a=MHf0awsubJFp5P7XJeUA:7 a=ymdB1TuxHKN-eUCKEve4WTqw1mEA:4 X-IronPort-AV: E=Sophos;i="4.49,541,1262588400"; d="scan'208";a="266297773" Received: from unknown (HELO bpd2mi2no-cmts.prod.shawcable.com) ([192.168.183.121]) by bpd2mi2no-cmts.prod.shawcable.com with ESMTP; 25 Feb 2010 14:01:08 -0700 X-reinject: true Received: from unknown (HELO syscon4.localdomain) ([68.148.245.78]) by bpd2mi2no-dmz.prod.shawcable.com with ESMTP; 25 Feb 2010 14:01:08 -0700 Received: by syscon4.localdomain (Postfix, from userid 1000) id 29D7CC3A1B; Thu, 25 Feb 2010 14:01:09 -0700 (MST) Date: Thu, 25 Feb 2010 14:01:09 -0700 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] openvpn static ip Message-ID: <20100225210109.GC6860@syscon4.inet> References: <20100225013240.GB5865@syscon4.inet> <4B86298B.50601@gentooist.com> <20100225165105.GA25777@syscon4.inet> <4B86AF72.6020000@gentooist.com> <20100225192009.GA6860@syscon4.inet> <4B86D8DD.1030705@gentooist.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: <4B86D8DD.1030705@gentooist.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Archives-Salt: 909737c9-4a49-44f3-9ee1-7de0557c0c8c X-Archives-Hash: 84ff5a0ce4cc4104335942ade9e7173a On 02/25/10 21:09, Xavier Parizet wrote: [snip] >> Yes, it was a typo :-/ I corrected it: >> cat syscon9 >> ifconfig-push 192.168.139.15 255.255.255.0 >> >> but from log you can see it still didn't give me what I want, I got IP >> 192.168.139.6 and was asking for: 192.168.139.15 >> >> log: >> cat /var/log/openvpn.log >> [SNIP] > >Ok. After re-re-reading the man page, try to add parameter topology >subnet to server config. If it still don't work, then _please_ post the >openvpn.log of the server side. > >-- > Xavier Parizet >YaGB : http://gentooist.com >GPG : C7DC B10E FC21 63BE >B453 D239 F6E6 DF65 1569 91BF > I've added: topology subnet to both client and server conf but now when I try to disconnect and connect I'm getting consecutive IP's: 192.168.139.2 192.168.139.3 192.168.139.4 ... cat server.conf port 9000 proto udp dev tun mode server ca /usr/share/openvpn/easy-rsa/keys/ca.crt cert /usr/share/openvpn/easy-rsa/keys/server.crt key /usr/share/openvpn/easy-rsa/keys/server.key dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem topology subnet server 192.168.139.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_my.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 cat client_clinic2.conf client dev tun proto udp topology subnet remote 208.38.31.237 9000 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca "/etc/openvpn/client_clinic2/ca.crt" cert "/etc/openvpn/client_clinic2/syscon9.crt" key "/etc/openvpn/client_clinic2/syscon9.key" tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1 comp-lzo log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 log file from client: cat /var/log/openvpn.log Thu Feb 25 13:50:30 2010 OpenVPN 2.1_rc15 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 16 2010 Thu Feb 25 13:50:30 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 25 13:50:30 2010 Control Channel Authentication: using '/etc/openvpn/client_clinic2/vpn_my.key' as a OpenVPN static key file Thu Feb 25 13:50:30 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:30 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:30 2010 LZO compression initialized Thu Feb 25 13:50:30 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 13:50:30 2010 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 13:50:30 2010 Local Options hash (VER=V4): 'ec497616' Thu Feb 25 13:50:30 2010 Expected Remote Options hash (VER=V4): '7cd8ed90' Thu Feb 25 13:50:30 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Feb 25 13:50:30 2010 UDPv4 link local: [undef] Thu Feb 25 13:50:30 2010 UDPv4 link remote: 208.38.31.237:9000 Thu Feb 25 13:50:30 2010 TLS: Initial packet from 208.38.31.237:9000, sid=766f3e2f 0cf96857 Thu Feb 25 13:50:30 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 13:50:30 2010 Validating certificate key usage Thu Feb 25 13:50:30 2010 ++ Certificate has key usage 00a0, expects 00a0 Thu Feb 25 13:50:30 2010 VERIFY KU OK Thu Feb 25 13:50:30 2010 Validating certificate extended key usage Thu Feb 25 13:50:30 2010 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Feb 25 13:50:30 2010 VERIFY EKU OK Thu Feb 25 13:50:30 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:50:31 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:50:31 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:50:31 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 13:50:31 2010 [server] Peer Connection Initiated with 208.38.31.237:9000 Thu Feb 25 13:50:32 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Feb 25 13:50:32 2010 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.139.2 255.255.255.0' Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: timers and/or timeouts modified Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: --ifconfig/up options modified Thu Feb 25 13:50:32 2010 OPTIONS IMPORT: route-related options modified Thu Feb 25 13:50:32 2010 TUN/TAP device tun0 opened Thu Feb 25 13:50:32 2010 TUN/TAP TX queue length set to 100 Thu Feb 25 13:50:32 2010 /sbin/ifconfig tun0 192.168.139.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.139.255 Thu Feb 25 13:50:32 2010 /etc/openvpn/up.sh tun0 1500 1574 192.168.139.2 255.255.255.0 init Thu Feb 25 13:50:32 2010 Initialization Sequence Completed log file from server: Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 [syscon9] Inactivity timeout (--ping-restart), restarting Thu Feb 25 13:56:12 2010 syscon9/68.148.245.78:55861 SIGUSR1[soft,ping-restart] received, client-instance restarting Thu Feb 25 13:56:57 2010 MULTI: multi_create_instance called Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Re-using SSL/TLS context Thu Feb 25 13:56:57 2010 68.148.245.78:55868 LZO compression initialized Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Data Channel MTU parms [ L:1574 D:1200 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Local Options hash (VER=V4): '7cd8ed90' Thu Feb 25 13:56:57 2010 68.148.245.78:55868 Expected Remote Options hash (VER=V4): 'ec497616' Thu Feb 25 13:56:57 2010 68.148.245.78:55868 TLS: Initial packet from 68.148.245.78:55868, sid=57c549f4 702a73f4 Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Thu Feb 25 13:56:58 2010 68.148.245.78:55868 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=syscon9/emailAddress=me@myhost.mydomain Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 25 13:56:58 2010 68.148.245.78:55868 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 25 13:56:58 2010 68.148.245.78:55868 [syscon9] Peer Connection Initiated with 68.148.245.78:55868 Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: Learn: 192.168.139.3 -> syscon9/68.148.245.78:55868 Thu Feb 25 13:56:58 2010 syscon9/68.148.245.78:55868 MULTI: primary virtual IP for syscon9/68.148.245.78:55868: 192.168.139.3 Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 25 13:56:59 2010 syscon9/68.148.245.78:55868 SENT CONTROL [syscon9]: 'PUSH_REPLY,route-gateway 192.168.139.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.139.3 255.255.255.0' (status=1) Thu Feb 25 13:57:02 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Thu Feb 25 13:57:12 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Whey sever log is always showing this message: [ECONNREFUSED]: Connection refused (code=111 -- Joseph