1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot broadcast LAN traffic across bridged Tomato v1.25vpn3.4 VPN

Discussion in 'Tomato Firmware' started by freedom4kids, Jan 22, 2010.

  1. freedom4kids

    freedom4kids Addicted to LI Member

    I am setting up site to site bridged vpn with Tomato VPN v1.25vpn3.4.4a8380cb.

    I cannot broadcast bidirectional LAN traffic across bridged Tomato v1.25vpn3.4 VPN, e.g. ping, dhcp nor MDNS. I completed a thorough NVRAM erase prior to
    configuring my VPNs.

    Server1
    Basic:

    Start with Router: yes
    Interface Type: TAP
    Protocol: UDP
    Port: 1194
    Firewall: Automatic
    Authorization Mode: TLS
    Extra HMAC authorization (tls-auth): Disabled
    Client address pool: DHCP yes

    Status:
    Data current as of Fri Jan 22 16:37:37 2010.
    Client List
    Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since
    vpnclient1.aastra.com.local 10.30.103.106:2053 7540 120154 Fri Jan 22 16:17:29 2010

    General Statistics:
    Name Value
    Max bcast/mcast queue length 1



    Client1
    Basic:

    Start with Router: yes
    Interface Type: TAP
    Protocol: UDP
    Server Address/Port 10.30.103.109:1194
    Firewall: Automatic
    Authorization Mode: TLS
    Extra HMAC authorization (tls-auth): Disabled
    Server is on the same subnet yes

    Data current as of Fri Jan 22 16:17:16 2010.
    General Statistics
    Name Value
    TUN/TAP read bytes 0
    TUN/TAP write bytes 1789507
    TCP/UDP read bytes 1721868
    TCP/UDP write bytes 78549
    Auth read bytes 1798611
    pre-compress bytes 0
    post-compress bytes 0
    pre-decompress bytes 1451076
    post-decompress bytes 1770721


    These are my VPN log outputs,i.e.

    VPN Server logs, i.e.

    Jan 22 07:19:26 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 07:19:26 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 07:19:26 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 07:32:15 unknown daemon.info dnsmasq[842]: DHCPREQUEST(br0) 192.168.1.146 00:08:5d:11:90:6e
    Jan 22 07:32:15 unknown daemon.info dnsmasq[842]: DHCPACK(br0) 192.168.1.146 00:08:5d:11:90:6e 6731i00085D11906E
    Jan 22 08:00:01 unknown syslog.info root: -- MARK --
    Jan 22 08:19:22 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 TLS: tls_process: killed expiring key
    Jan 22 08:19:26 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 TLS: soft reset sec=0 bytes=352422/0 pkts=1402/0
    Jan 22 08:19:29 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 08:19:29 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 08:19:30 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 08:19:30 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 08:19:30 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 08:19:30 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 08:19:30 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 09:00:02 unknown syslog.info root: -- MARK --
    Jan 22 09:19:26 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 TLS: tls_process: killed expiring key
    Jan 22 09:19:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 09:19:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 09:19:34 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 09:19:34 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 09:19:34 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 09:19:34 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 09:19:34 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 10:00:01 unknown syslog.info root: -- MARK --
    Jan 22 10:19:30 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 TLS: tls_process: killed expiring key
    Jan 22 10:19:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 10:19:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 10:19:38 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 10:19:38 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 10:19:38 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 10:19:38 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 10:19:38 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 11:00:01 unknown syslog.info root: -- MARK --
    Jan 22 11:07:52 unknown daemon.err openvpn[982]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:08:01 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 [vpnclient1.aastra.com.local] Inactivity timeout

    (--ping-restart), restarting
    Jan 22 11:08:01 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2051 SIGUSR1[soft,ping-restart] received, client-instance

    restarting
    Jan 22 11:08:22 unknown daemon.err openvpn[982]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:22:25 unknown daemon.notice openvpn[982]: MULTI: multi_create_instance called
    Jan 22 11:22:25 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Re-using SSL/TLS context
    Jan 22 11:22:25 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 LZO compression initialized
    Jan 22 11:22:25 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Jan 22 11:22:25 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Jan 22 11:22:25 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 TLS: Initial packet from 10.30.103.106:2052, sid=44b21e77 6994cbde
    Jan 22 11:22:28 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 11:22:28 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 11:22:29 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 11:22:29 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 11:22:29 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 11:22:29 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 11:22:29 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 11:22:29 unknown daemon.notice openvpn[982]: 10.30.103.106:2052 [vpnclient1.aastra.com.local] Peer Connection Initiated with 10.30.103.106:2052
    Jan 22 11:22:29 unknown daemon.err openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 MULTI: no dynamic or static remote --ifconfig address is

    available for vpnclient1.aastra.com.local/10.30.103.106:2052
    Jan 22 11:22:31 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 PUSH: Received control message: 'PUSH_REQUEST'
    Jan 22 11:22:31 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 SENT CONTROL [vpnclient1.aastra.com.local]:

    'PUSH_REPLY,dhcp-option DNS 192.168.1.1,route-gateway dhcp,ping 15,ping-restart 60' (status=1)
    Jan 22 12:00:01 unknown syslog.info root: -- MARK --
    Jan 22 12:22:29 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 TLS: soft reset sec=0 bytes=358656/0 pkts=1425/0
    Jan 22 12:22:32 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 12:22:32 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 12:22:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 12:22:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 12:22:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 12:22:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 12:22:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 13:00:01 unknown syslog.info root: -- MARK --
    Jan 22 13:22:29 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 TLS: tls_process: killed expiring key
    Jan 22 13:22:36 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 13:22:36 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 13:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 13:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 13:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 13:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 13:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 14:00:02 unknown syslog.info root: -- MARK --
    Jan 22 14:22:33 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 TLS: tls_process: killed expiring key
    Jan 22 14:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 TLS: soft reset sec=0 bytes=352402/0 pkts=1401/0
    Jan 22 14:22:40 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 14:22:40 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 14:22:41 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 14:22:41 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 14:22:41 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 14:22:41 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 14:22:41 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 15:00:01 unknown syslog.info root: -- MARK --
    Jan 22 15:11:01 unknown user.warn kernel: nvram_commit(): init
    Jan 22 15:11:03 unknown user.warn kernel: nvram_commit(): end
    Jan 22 15:12:56 unknown user.warn kernel: nvram_commit(): init
    Jan 22 15:12:58 unknown user.warn kernel: nvram_commit(): end
    Jan 22 15:19:45 unknown daemon.err openvpn[982]: event_wait : Interrupted system call (code=4)
    Jan 22 15:22:37 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 TLS: tls_process: killed expiring key
    Jan 22 15:22:43 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=1,

    /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 15:22:43 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 VERIFY OK: depth=0,

    /C=CA/ST=ON/O=Aastra/CN=vpnclient1.aastra.com.local/Email=vpn@aastra.com
    Jan 22 15:22:44 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 15:22:44 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Encrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 15:22:44 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128

    bit key
    Jan 22 15:22:44 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Data Channel Decrypt: Using 160 bit message hash 'SHA1'

    for HMAC authentication
    Jan 22 15:22:44 unknown daemon.notice openvpn[982]: vpnclient1.aastra.com.local/10.30.103.106:2052 Control Channel: TLSv1, cipher TLSv1/SSLv3

    EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 15:27:26 unknown daemon.err openvpn[982]: event_wait : Interrupted system call (code=4)
    Jan 22 16:00:01 unknown syslog.info root: -- MARK --
    Jan 22 16:10:08 unknown daemon.err openvpn[982]: event_wait : Interrupted system call (code=4)


    VPN Client,i.e.

    Jan 22 11:19:32 unknown daemon.warn openvpn[1342]: WARNING: No server certificate verification method has been enabled. See

    http://openvpn.net/howto.html#mitm for more info.
    Jan 22 11:19:32 unknown daemon.warn openvpn[1342]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: Re-using SSL/TLS context
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: LZO compression initialized
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: UDPv4 link local: [undef]
    Jan 22 11:19:32 unknown daemon.notice openvpn[1342]: UDPv4 link remote: 10.30.103.109:1194
    Jan 22 11:19:40 unknown daemon.err openvpn[1342]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:20:10 unknown daemon.err openvpn[1342]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:20:32 unknown daemon.notice openvpn[1342]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 22 11:20:32 unknown daemon.notice openvpn[1342]: TCP/UDP: Closing socket
    Jan 22 11:20:32 unknown daemon.notice openvpn[1342]: SIGUSR1[soft,ping-restart] received, process restarting
    Jan 22 11:20:32 unknown daemon.notice openvpn[1342]: Restart pause, 2 second(s)
    Jan 22 11:20:34 unknown daemon.warn openvpn[1342]: WARNING: No server certificate verification method has been enabled. See

    http://openvpn.net/howto.html#mitm for more info.
    Jan 22 11:20:34 unknown daemon.warn openvpn[1342]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: Re-using SSL/TLS context
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: LZO compression initialized
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: UDPv4 link local: [undef]
    Jan 22 11:20:34 unknown daemon.notice openvpn[1342]: UDPv4 link remote: 10.30.103.109:1194
    Jan 22 11:20:41 unknown daemon.err openvpn[1342]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:21:12 unknown daemon.err openvpn[1342]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:21:34 unknown daemon.notice openvpn[1342]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 22 11:21:34 unknown daemon.notice openvpn[1342]: TCP/UDP: Closing socket
    Jan 22 11:21:34 unknown daemon.notice openvpn[1342]: SIGUSR1[soft,ping-restart] received, process restarting
    Jan 22 11:21:34 unknown daemon.notice openvpn[1342]: Restart pause, 2 second(s)
    Jan 22 11:21:36 unknown daemon.warn openvpn[1342]: WARNING: No server certificate verification method has been enabled. See

    http://openvpn.net/howto.html#mitm for more info.
    Jan 22 11:21:36 unknown daemon.warn openvpn[1342]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: Re-using SSL/TLS context
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: LZO compression initialized
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: UDPv4 link local: [undef]
    Jan 22 11:21:36 unknown daemon.notice openvpn[1342]: UDPv4 link remote: 10.30.103.109:1194
    Jan 22 11:21:44 unknown daemon.err openvpn[1342]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:22:15 unknown daemon.err openvpn[1342]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
    Jan 22 11:22:26 unknown daemon.notice openvpn[1342]: TLS: Initial packet from 10.30.103.109:1194, sid=721b85c3 1e6116f4
    Jan 22 11:22:27 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=1, /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 11:22:27 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=0, /C=CA/ST=ON/O=Aastra/CN=vpnserver.aastra.com.local/Email=vpn@aastra.com
    Jan 22 11:22:30 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 11:22:30 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 11:22:30 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 11:22:30 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 11:22:30 unknown daemon.notice openvpn[1342]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 11:22:30 unknown daemon.notice openvpn[1342]: [vpnserver.aastra.com.local] Peer Connection Initiated with 10.30.103.109:1194
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: SENT CONTROL [vpnserver.aastra.com.local]: 'PUSH_REQUEST' (status=1)
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,route-gateway dhcp,ping

    15,ping-restart 60'
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: OPTIONS IMPORT: timers and/or timeouts modified
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: OPTIONS IMPORT: route-related options modified
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: Preserving previous TUN/TAP instance: tap11
    Jan 22 11:22:31 unknown daemon.notice openvpn[1342]: Initialization Sequence Completed
    Jan 22 12:00:01 unknown syslog.info root: -- MARK --
    Jan 22 12:22:30 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=1, /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 12:22:30 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=0, /C=CA/ST=ON/O=Aastra/CN=vpnserver.aastra.com.local/Email=vpn@aastra.com
    Jan 22 12:22:33 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 12:22:33 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 12:22:33 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 12:22:33 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 12:22:33 unknown daemon.notice openvpn[1342]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 13:00:01 unknown syslog.info root: -- MARK --
    Jan 22 13:19:10 unknown daemon.info dnsmasq[1084]: DHCPREQUEST(br0) 192.168.1.203 00:08:5d:1a:04:8c
    Jan 22 13:19:10 unknown daemon.info dnsmasq[1084]: DHCPACK(br0) 192.168.1.203 00:08:5d:1a:04:8c 55i00085D1A048C
    Jan 22 13:22:29 unknown daemon.notice openvpn[1342]: TLS: tls_process: killed expiring key
    Jan 22 13:22:33 unknown daemon.notice openvpn[1342]: TLS: soft reset sec=0 bytes=352362/0 pkts=1398/0
    Jan 22 13:22:34 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=1, /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 13:22:34 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=0, /C=CA/ST=ON/O=Aastra/CN=vpnserver.aastra.com.local/Email=vpn@aastra.com
    Jan 22 13:22:37 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 13:22:37 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 13:22:37 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 13:22:37 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 13:22:37 unknown daemon.notice openvpn[1342]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 14:00:01 unknown syslog.info root: -- MARK --
    Jan 22 14:22:33 unknown daemon.notice openvpn[1342]: TLS: tls_process: killed expiring key
    Jan 22 14:22:38 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=1, /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 14:22:38 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=0, /C=CA/ST=ON/O=Aastra/CN=vpnserver.aastra.com.local/Email=vpn@aastra.com
    Jan 22 14:22:41 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 14:22:41 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 14:22:41 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 14:22:41 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 14:22:41 unknown daemon.notice openvpn[1342]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 15:00:01 unknown syslog.info root: -- MARK --
    Jan 22 15:09:39 unknown daemon.err openvpn[1342]: event_wait : Interrupted system call (code=4)
    Jan 22 15:19:50 unknown daemon.err openvpn[1342]: event_wait : Interrupted system call (code=4)
    Jan 22 15:22:38 unknown daemon.notice openvpn[1342]: TLS: tls_process: killed expiring key
    Jan 22 15:22:41 unknown daemon.notice openvpn[1342]: TLS: soft reset sec=0 bytes=349954/0 pkts=1396/0
    Jan 22 15:22:42 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=1, /C=CA/ST=ON/L=Toronto/O=Aastra/CN=Administrator/Email=vpn@aastra.com
    Jan 22 15:22:42 unknown daemon.notice openvpn[1342]: VERIFY OK: depth=0, /C=CA/ST=ON/O=Aastra/CN=vpnserver.aastra.com.local/Email=vpn@aastra.com
    Jan 22 15:22:45 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 15:22:45 unknown daemon.notice openvpn[1342]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 15:22:45 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jan 22 15:22:45 unknown daemon.notice openvpn[1342]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 22 15:22:45 unknown daemon.notice openvpn[1342]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Jan 22 15:27:34 unknown daemon.err openvpn[1342]: event_wait : Interrupted system call (code=4)
    Jan 22 16:00:01 unknown syslog.info root: -- MARK --
     
  2. dougisfunny

    dougisfunny LI Guru Member

    You'll have a lot less pain if you use tun rather than tap.

    If you use tap, it has a whole bunch of different requirements, like they both have to use the same subnets.

    If you use tun, you can have each set up with their own internal subnet which either network can access.

    The server router will have a tun vpn subnet (eg 10.8.0.0/24 and its address 10.8.0.1) and the client router will have the address on that subnet. But you don't even have to care about that subnet, as you can address either, as long as you set it up.

    For example, mine is set up

    Server 1
    Basic

    Start with router X
    Interface Type TUN
    Protocol UDP
    Port 1194
    Firewall Automatic
    Authorization mode TLS
    Extra HMAC disabled
    VPN Subnet mask 10.11.0.0 255.255.255.0

    Advanced
    Push lan to clients X
    Direct clients to redirect O
    Respond to DNS X
    Advertise DNS X
    Encryption Default
    Compression Adaptive
    TLS Reneg -1
    Manage Client Specific X
    Allow Client<->Client X
    Allow only these clients O

    And then I put the client specific options in
    Common name routerclient
    subnet 10.10.10.0
    netmask 255.255.255.0
    push X

    Then the client is set to simply use tun and point to the server. And then they can all talk to each other.
     

Share This Page