Re: [gentoo-user] openvpn static ip

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Xavier Parizet <xav@gentooist.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] openvpn static ip
Date: Thu, 25 Feb 2010 22:17:12 +0100	[thread overview]
Message-ID: <4B86E8D8.9060304@gentooist.com> (raw)
In-Reply-To: <20100225210109.GC6860@syscon4.inet>

[-- Attachment #1: Type: text/plain, Size: 3043 bytes --]

Le 25/02/2010 22:01, Joseph a écrit :
> On 02/25/10 21:09, Xavier Parizet wrote:
> [snip]
>>> Yes, it was a typo :-/ I corrected it:
>>> cat syscon9
>>> ifconfig-push  192.168.139.15 255.255.255.0
>>>
>>> but from log you can see it still didn't give me what I want, I got IP
>>> 192.168.139.6 and was asking for: 192.168.139.15
>>>
>>> log:
>>> cat /var/log/openvpn.log
>>> [SNIP]
>>
>> Ok. After re-re-reading the man page, try to add parameter topology
>> subnet to server config. If it still don't work, then _please_ post the
>> openvpn.log of the server side.
>>
> 
> I've added: topology subnet to both client and server conf but now when
> I try to disconnect and connect I'm getting consecutive IP's:
> 192.168.139.2
> 192.168.139.3
> 192.168.139.4
> ...
> 
> cat server.conf
> port 9000
> proto udp
> dev tun
> mode server
> ca /usr/share/openvpn/easy-rsa/keys/ca.crt
> cert /usr/share/openvpn/easy-rsa/keys/server.crt
> key /usr/share/openvpn/easy-rsa/keys/server.key
> dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem
> topology subnet
> server 192.168.139.0 255.255.255.0
> client-to-client
> ifconfig-pool-persist ipp.txt
> client-config-dir ccd
> keepalive 10 120
> tls-auth vpn_my.key 0
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1200
> duplicate-cn
> comp-lzo
> max-clients 100
> persist-key
> persist-tun
> status openvpn-status.log
> log        /var/log/openvpn.log
> log-append /var/log/openvpn.log
> verb 3
> 
> cat client_clinic2.conf
> client
> dev tun
> proto udp
> topology subnet
> remote 208.38.31.237 9000
> resolv-retry infinite
> nobind
  ^^^^^^
  you should remove this line to avoid connection refused messages from
the server. As you are in udp, client should bind on udp source port to
get messages from the server.

> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1200
> persist-key
> persist-tun
> remote-cert-tls server
> ca "/etc/openvpn/client_clinic2/ca.crt"
> cert "/etc/openvpn/client_clinic2/syscon9.crt"
> key "/etc/openvpn/client_clinic2/syscon9.key"
> tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1
> comp-lzo
> log        /var/log/openvpn.log
> log-append /var/log/openvpn.log
> verb 3
> 
> 
> log file from client:
> 
> cat /var/log/openvpn.log
> [SNIP]
> 
> Whey sever log is always showing this message: [ECONNREFUSED]:
> Connection refused (code=111

From what i can see, please try to add full path to the ccd directory in
client-config-dir directive on the server path. Also check permissions
on that directory. On which user are you running openvpn on the server ?
On the client ?

Can you increase verbosity and see if there is no open fails on the
server ? If it works, you should have the following line in server logs:
OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9
MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source]

-- 
      Xavier Parizet
YaGB :   http://gentooist.com
GPG  :    C7DC B10E FC21 63BE
B453 D239 F6E6 DF65 1569 91BF


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

next prev parent reply	other threads:[~2010-02-25 21:18 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-25  1:32 [gentoo-user] openvpn static ip Joseph
2010-02-25  2:51 ` Albert Hopkins
2010-02-25  3:37   ` Joseph
2010-02-25 11:56     ` Albert Hopkins
2010-02-25 16:52       ` Joseph
2010-02-25  7:40 ` Xavier Parizet
2010-02-25 16:51   ` Joseph
2010-02-25 17:12     ` Xavier Parizet
2010-02-25 19:20       ` Joseph
2010-02-25 20:01         ` Etaoin Shrdlu
2010-02-25 20:09         ` Xavier Parizet
2010-02-25 21:01           ` Joseph
2010-02-25 21:17             ` Xavier Parizet [this message]
2010-02-25 22:21               ` Joseph
2010-02-26  7:34                 ` Xavier Parizet
2010-02-26  0:39               ` Joseph
2010-02-26  8:33                 ` J. Roeleveld
2010-02-26 15:13                   ` [gentoo-user][SOLVED] " Joseph

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B86E8D8.9060304@gentooist.com \
    --to=xav@gentooist.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox