1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Mod v1.19.1464 with OpenVPN/Tomato Mod v1.21.TEST-v5 with OpenVPN-GUI,SDMMC,IP/MAC

Discussion in 'Tomato Firmware' started by roadkill, Jun 4, 2007.

  1. u3gyxap

    u3gyxap Network Guru Member

    The way I see it, there is no need of any intervention regarding DHCP. No OpenVPN requests will be processed without valid IP address on the station. So, before using the tap0 device, the stations will be done with their DHCP requests and it will be only possible to have the local DHCP to answer. Or so I think.
    Try it, and we will go from there.

    Roadkill, thank you for the serial stuff in the firmware. It's working great :)
     
  2. ng12345

    ng12345 LI Guru Member

    I guess I'll be giving a little play-by-play

    EDIT: realized you increased the init size and not the wanup size

    got the vpn script in -- but I noticed that I lost a lot of memory on reboot

    after reboot memory steadily went down from 3.3mb to 1.4mb -- is there a leak?

    init
    Code:
    sleep 5
    insmod tun.o
    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    echo "
    mode server
    proto udp
    port 1194
    dev tap0
    keepalive 15 60
    daemon
    verb 3
    comp-lzo
    client-to-client
    tls-server
    ca ca.crt
    dh dh1024.pem
    cert server.crt
    key server.key
    " > openvpn.conf
    echo "
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    " > ca.crt
    echo "
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
    " > server.key
    chmod 600 server.key
    echo "
    -----BEGIN CERTIFICATE-----
    
    -----END CERTIFICATE-----
    " > server.crt
    echo "
    -----BEGIN DH PARAMETERS-----
    
    -----END DH PARAMETERS-----
    " > dh1024.pem
    sleep 5
    ln -s /usr/sbin/openvpn /tmp/myvpn
    Also tried to connect with a single client and kept getting this error :
    (WSAECONNRESET) (code=10054)
     
  3. roadkill

    roadkill Super Moderator Staff Member Member

    Your Welcome.
    BTW I'm still doing mgetty.

    ng12345 check that you have lzo enabled on both sides and if that doesn't work change protocol to TCP.
     
  4. ng12345

    ng12345 LI Guru Member

    got it working with one client - next step is to move to connecting two routers
    i removed the line breaks in the certificates when i was trying to get it within the size limit -- turns out the line breaks make a difference in the certificate
     
  5. jazzkantine

    jazzkantine LI Guru Member

    Will there be an update to the current 'official' tomato version? (1.11)
     
  6. roadkill

    roadkill Super Moderator Staff Member Member

    of course but in 1.11 iptables version is 1.3.7 and I'm more into using iptables 1.4.0rc1
    so I'm going to Release an updated Tomato Mod to 1.11 and then ReMod it to 1.4.0rc1
    :grin:
     
  7. Slimey

    Slimey Network Guru Member

    sounds awesome roadkill I cant wait :)
     
  8. fabian2_de

    fabian2_de LI Guru Member

    local routing - tun

    Hey Guys!
    You - especially roadkill - did a really great job!
    The only question I have is: How do I route my VPN into my local lan when I'm using tun rather than tap? My VPN Server (on the net) is using tun, so I want my client (on the router) to use it, too. Everything works just fine, I can ping 10.8.0.1 (server) from router, but not from anything behind the router :( Is it possible to route the 10.x net into my local 192.x net?

    Thanks for your answer!
     
  9. roadkill

    roadkill Super Moderator Staff Member Member

    yes you can adjust the tap/tun device via vpn using dhcp or manually on both sides
    thus using the vpn as a bridge to merge both networks.
    you can also set a route to 10.x/192.x and set the tunnel ip as the gateway
    forcing the packet through the tunnel as it should.
    10.x - 10.x.x-VPN-192.x.x - 192.x
     
  10. fabian2_de

    fabian2_de LI Guru Member

    Well, but how to create this routing rule?
    I'm not that familiar with the kernel routes, sorry!
    But thank you for your very fast answer :) !
     
  11. roadkill

    roadkill Super Moderator Staff Member Member

    Code:
    ifconfig tap0 10.x.x.x promisc up
    
    this should be in the destination network netmask on the client.
    replace the normal line (ifconfig tap0 x.x.x.x promisc up)
     
  12. roadkill

    roadkill Super Moderator Staff Member Member

  13. dtswk

    dtswk Network Guru Member

    So is anyone using the;
    # IPTables Quota Kernel Module
    # IPTables Quota Extension

    I think this is going to fix a nasty issue I have with my ISP who charges for excess usage. Just wanted to see if anyone else is using it and how reliable hey have found it to be..?

    Matt
     
  14. roadkill

    roadkill Super Moderator Staff Member Member

    Someone requested it I don't remember who...
     
  15. u3gyxap

    u3gyxap Network Guru Member

    I tried it once, for few hours. It worked fine.
     
  16. habskilla

    habskilla Network Guru Member

    Wonder if I can get some help getting this to work. UDP is blocked, so I'm trying to get it work with tcp.

    Here is what I'm seeing from the log file:
    Code:
    Wed Oct 31 11:32:15 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Oct 31 11:32:15 2007 Re-using pre-shared static key
    Wed Oct 31 11:32:15 2007 LZO compression initialized
    Wed Oct 31 11:32:15 2007 Preserving previous TUN/TAP instance: Local Area Connection 2
    Wed Oct 31 11:32:15 2007 Data Channel MTU parms [ L:1579 D:1450 EF:47 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Oct 31 11:32:15 2007 Local Options hash (VER=V4): '62518268'
    Wed Oct 31 11:32:15 2007 Expected Remote Options hash (VER=V4): 'cef5322e'
    Wed Oct 31 11:32:15 2007 Attempting to establish TCP connection with 74.xxx.xxx.xxx:443
    Wed Oct 31 11:32:15 2007 TCP connection established with 74.xxx.xxx.xxx:443
    Wed Oct 31 11:32:15 2007 TCPv4_CLIENT link local: [undef]
    Wed Oct 31 11:32:15 2007 TCPv4_CLIENT link remote: 74.xxx.xxx.xxx:443
    Wed Oct 31 11:32:15 2007 Connection reset, restarting [0]
    Wed Oct 31 11:32:15 2007 TCP/UDP: Closing socket
    Here is my Home.ovpn:
    Code:
    dev tap0
    ifconfig 192.168.1.225 255.255.255.0
    secret static.key
    proto tcp-client
    remote my.homeip.net 443
    keepalive 10 60
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    cipher BF-CBC
    comp-lzo
    verb 3
    float
    Here is my init:
    Code:
    sleep 5
    insmod tun.o
    Here is my firewall:
    Code:
    iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
    And finally my WAN Up:
    Code:
    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    echo "
    -----BEGIN OpenVPN Static key V1-----
    key removed
    -----END OpenVPN Static key V1-----
    " > /tmp/static.key
    
    sleep 5
    ln -s /usr/sbin/openvpn /tmp/myvpn
    /tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 443 --cipher BF-CBC --proto tcp-client --keepalive 10 60 --verb 3 --daemon
     
  17. Maggard

    Maggard LI Guru Member

    Moving OpenVPN mod documentation to wikibooks site

    Is there any interest in adding a subentry regarding this mod to the Tomato information on http://en.wikibooks.org/wiki/Tomato_Firmware?

    This thread is getting unwieldy at 217+ posts/22+ screens with information & support woven throughout it.

    I’m thinking something like this:

    4.7 Tomato OpenVPN Mod:
    Overview, brief explanation of OpenVPN, how this mod differs from Tomato base.
    • Static Client setup
      1. Scripts
      2. Client installation
    • Certificate Clients setup
      1. Scripts
      2. Certificate generation
      3. Client installation
    • Site to Site setup
      1. Scripts
      2. Certificate generation
     
  18. roadkill

    roadkill Super Moderator Staff Member Member

    yes there is...
    but I can only consult to the documentation since I lack the free time and the know how.
     
  19. drelkata

    drelkata LI Guru Member

    cron question

    I add in my INIT script : cru a RouterReboot "0 5 * * 0,4 reboot"
    but this work only for Thursday. I mark that when i use comma for separate they of the week script not work. I wondering is that bug or my cru script is wrong ?!?!
     
  20. u3gyxap

    u3gyxap Network Guru Member

    drelkata, this is not the right place for this question, this thread is about the vpn mod.
    However, the easiest way to do it would be with 2 lines like this:
    cru a RouterReboot "0 5 * * 0 reboot
    cru a RouterReboot "0 5 * * 4 reboot
     
  21. humba

    humba Network Guru Member

    Has anyone managed client to server VPN connectivity with certificates? I still can't seem to get any data through the tunnel. In desperation, I performed a factory reset including the nvram flush, but to no avail.. since the tunnel comes up but that's it (if I have openvpn assign an ip via dhcp, the client tap interface also gets that ip address but then cannot send any data through the tunnel) I suspect it's a firewall thing but if somebody has gotten it to to work, I'd appreciate a look at your openvpn.conf and client config file for comparison purposes.
     
  22. drelkata

    drelkata LI Guru Member

    with cert

    my INIT script:
    sleep 10
    insmod tun.o
    insmod ipt_quota.o
    /jffs/./openvpn-start

    my openvpn-start file :
    #!/bin/sh
    cd /jffs
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    killall -q openvpn
    sleep 10
    ln -s /usr/sbin/openvpn /jffs/myvpn
    /jffs/./myvpn --config /jffs/openvpn.conf

    my openvpn.conf :

    # Tunnel options
    mode server # Set OpenVPN major mode
    proto tcp-server # Setup the protocol (server)
    port 443 # TCP/UDP port number
    dev tap0 # TUN/TAP virtual network device
    keepalive 15 60 # Simplify the expression of --ping
    daemon # Become a daemon after all initialization
    verb 3 # Set output verbosity to n
    comp-lzo # Use fast LZO compression
    push "route-gateway 192.168.99.1"
    push "redirect-gateway def1"
    push "dhcp-option DNS 192.168.99.1"

    # OpenVPN server mode options
    client-to-client # tells OpenVPN to internally route client-to-client traffic
    duplicate-cn # Allow multiple clients with the same common name

    # TLS Mode Options
    tls-server # Enable TLS and assume server role during TLS handshake
    ca /jffs/keys/ca.crt # Certificate authority (CA) file
    dh /jffs/keys/dh1024.pem # File containing Diffie Hellman parameters
    cert /jffs/keys/server.crt # Local peer's signed certificate
    key /jffs/keys/server.key # Local peer's private key

    my openvpn-client.conf :

    client
    dev tap0
    proto tcp-client

    remote YOUR_EXTERNAL_IP_ADDRESS 443

    resolv-retry infinite
    nobind
    persist-key
    persist-tun

    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server

    comp-lzo
    verb 3

    pull
    redirect-gateway

    I use DynDNS on ADSL router and forward ALL ports from ADSL to WRT54GL, because i'm with dynamic IP address on ADSL router.
     
  23. drelkata

    drelkata LI Guru Member

    i forgot my firewall script :)
    #OpenVpn incomming port
    iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
     
  24. drelkata

    drelkata LI Guru Member

    thank you. sorry fro "spam" with cru :)
    for me the easy way is to separate with comma :) but thank you again for reply
     
  25. humba

    humba Network Guru Member

    Thanks for posting the config. I'll try to change mine accordingly to see if it changes anything. By the way, how did you get jffs to work in write mode (so you could put the keys/certificate there permanently)? I can enable it just fine, but the filesystem remains read-only. In the dd-wrt forum I was told (I have the same issue with dd-wrt) that the rom size on the WRT54GL (I have a V1.1 by the way) is not large enough to use a bit of it for jffs.

    I tried with a static key (just in case since the email address I used to create the certificate contains the dyndns hostname of my dd-wrt box and not the one of my tomato box.. but I figure since authentication is no problem, that doesn't really matter) - same story there.. tunnel comes up but no traffic.
     
  26. drelkata

    drelkata LI Guru Member

    openvpn jffs

    when you enable jffs2 via web interface try to Format/Erase ( format/erase button ) then save button.

    p.s.
    this is on my WRT54GL v.1.1 and no problem with jffs
     

    Attached Files:

  27. roadkill

    roadkill Super Moderator Staff Member Member

    u3gyxap I did a build with mgetty for you it's here
    :grin:
     
  28. drelkata

    drelkata LI Guru Member

    what's the hell is going here. evry day new version :) .
     
  29. roadkill

    roadkill Super Moderator Staff Member Member

    u3gyxap requested a serial mod with mgetty...
    I added setserial, stty, nanocom but mgetty took more effort so I'm only releasing it now...
    next in line EBtables
    :grin:
     
  30. u3gyxap

    u3gyxap Network Guru Member

    Nice! I am going to try it right away!
     
  31. habskilla

    habskilla Network Guru Member

    Wondering if someone can share a working setup using tcp instead of udp?
     
  32. roadkill

    roadkill Super Moderator Staff Member Member

    post the log in verb 9 please so we may see whats going on there.
     
  33. Slimey

    Slimey Network Guru Member

    roadkill I love your mod it got me away from DD-WRT, but I was wondering, I know you where entertaining the notion of replacing the existing wireless driver in Tomato with the latest one from DD-WRT, I for one would be interested in seeing if this increases wireless performance and was just wondering if you have moved a step closer to trying it or not.
     
  34. roadkill

    roadkill Super Moderator Staff Member Member

    I'll try after the ebtables build...
    :grin:
     
  35. u3gyxap

    u3gyxap Network Guru Member

    No, please, don't change the wl driver! Tomato has better wireless performance than DD-WRT!
     
  36. roadkill

    roadkill Super Moderator Staff Member Member

    dd-wrt has the latest version and it's built from source there I'll make a test if it doesn't improve anything I'll revert back to the current driver.
     
  37. Slimey

    Slimey Network Guru Member

    I'm not saying change it permanently, just a test build or something to see what would happen. :)
     
  38. vamichael

    vamichael LI Guru Member

    Can Tomato w/ OpenVPN do this?

    I have successfully created a OpenVPN server and client connection from my office to my home PC which is behind a nice ripe Tomato.

    I have a VoIP phone which needs to be connected to the VPN in order for it to work properly. Can the OpenVPN mod of Tomato connect as a client to the server at my office and allow the VoIP phone to traverse the VPN?
     
  39. Leeoniya

    Leeoniya LI Guru Member

    ...maybe someone can help me out with my scenario :)

    2 routers at different sites....both WRT54GL v1.1.

    need to decide between a routed or bridged site-to site VPN. i know that bridged would be transparent and is probably the way i will need to go because of legacy accounting software...i know that it at least needs a mapped drive to work in a shared environment.

    i also need this VPN to be accessible at the same time from windows based clients from locations without a client VPN router...by running openVPN service on client devices.

    currently the setup is such that the win2k3 domain controller provides the DHCP functionality with a scope of 10.1.0.1-10.1.255.254 /16. and a reservation for the router 10.1.0.1 and server itself 10.1.0.3.

    first....despite the router having a classless VLSM assigned IP, it cannot be set up as a DHCP to assign more than 254 devices (the last octet). I assume this is a RAM/router hardware limitation. This is not an issue, i just was wondering if this is by design.

    second. I dont need, and in fact would prefer NOT to have 2 dhcp servers on the subnet. since a DHCP server has to be set up in some form on the tunnel interface, is there a way to block DHCP requests coming from the switch interface...i would like to have all my internal DHCP functionality handled by the win2k3 server....of course i will set non-overlapping scopes on both dhcp servers.

    finally. i have set up a openvpn server on one router but when testing with a windows client i get this error connecting:

    Mon Nov 05 23:56:50 2007 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

    the router log shows:

    Nov 5 21:59:35 user.warn kernel: ACCEPT IN=ppp0 OUT= MAC= SRC=xx.xxx.xx.xxx DST=10.1.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=5100 DF PROTO=TCP SPT=1232 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030001010402)
    Nov 5 21:59:36 user.warn kernel: ACCEPT IN=ppp0 OUT= MAC= SRC=xx.xxx.xx.xxx DST=10.1.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=5109 DF PROTO=TCP SPT=1233 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030001010402)
    Nov 5 21:59:38 user.warn kernel: ACCEPT IN=ppp0 OUT= MAC= SRC=xx.xxx.xx.xxx DST=10.1.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=5116 DF PROTO=TCP SPT=1234 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030001010402)
    Nov 5 21:59:41 user.warn kernel: ACCEPT IN=ppp0 OUT= MAC= SRC=xx.xxx.xx.xxx DST=10.1.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=5127 DF PROTO=TCP SPT=1235 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030001010402)

    i guess that means my firewall script is ok at least?

    my client.ovpn:
    client
    dev tun
    proto udp
    remote yy.yy.yyy.yyy 1194 # use real name or IP address of the server
    resolv-retry infinite
    nobind
    ns-cert-type server
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    comp-lzo
    verb 3

    regards,
    Leon

    update: i forwarded UDP 1194 to 10.1.0.1 and now it gets further, but i still get
    Code:
    Tue Nov 06 00:22:47 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
    Tue Nov 06 00:22:47 2007 LZO compression initialized
    Tue Nov 06 00:22:47 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Nov 06 00:22:47 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Tue Nov 06 00:22:47 2007 Local Options hash (VER=V4): '41690919'
    Tue Nov 06 00:22:47 2007 Expected Remote Options hash (VER=V4): '530fdded'
    Tue Nov 06 00:22:47 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Nov 06 00:22:47 2007 UDPv4 link local: [undef]
    Tue Nov 06 00:22:47 2007 UDPv4 link remote: xx.xx.xxx.xxx:1194
    Tue Nov 06 00:23:48 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Tue Nov 06 00:23:48 2007 TLS Error: TLS handshake failed
    Tue Nov 06 00:23:48 2007 TCP/UDP: Closing socket
    Tue Nov 06 00:23:48 2007 SIGUSR1[soft,tls-error] received, process restarting
    Tue Nov 06 00:23:48 2007 Restart pause, 2 second(s)
    Tue Nov 06 00:23:50 2007 Re-using SSL/TLS context
     
  40. roadkill

    roadkill Super Moderator Staff Member Member

    tz data needs to be the same.
     
  41. Leeoniya

    Leeoniya LI Guru Member

    my init script:
    Code:
    sleep 10
    insmod tun.o
    insmod ipt_quota.o
    /jffs/./openvpn-start
    this seems to works correctly now...i see the new interfaces in bandwidth monitor...i had to chmod 755 the openvpn-start script

    file structure and openvpn-start:
    Code:
    # cd jffs
    # ls -la
    drwxr-xr-x    1 root     root            0 Nov  6 03:23 .
    drwxr-xr-x    1 1000     1000          125 Nov  1 15:12 ..
    -rw-r--r--    1 root     root         1224 Nov  5 21:45 ca.crt
    -rw-r--r--    1 root     root          245 Nov  5 21:48 dh1024.pem
    lrwxrwxrwx    1 root     root           17 Nov  6 03:23 myvpn -> /usr/sbin/openvpn
    -rwxr-xr-x    1 root     root          207 Nov  6 03:07 openvpn-start
    -rw-r--r--    1 root     root         1060 Nov  6 02:31 openvpn.conf
    -rw-r--r--    1 root     root         1277 Nov  5 21:47 server.crt
    -rw-------    1 root     root          891 Nov  5 21:46 server.key
    # cat openvpn-start
    #!/bin/sh
    cd /jffs
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    killall -q openvpn
    sleep 10
    ln -s /usr/sbin/openvpn /jffs/myvpn
    /jffs/./myvpn --config /jffs/openvpn.conf
    openvpn.conf:
    Code:
    # Tunnel Options
    dev tap0                                # TUN/TAP virtual network device
    proto udp                               # Setup the protocol (server)
    mode server                             # Set OpenVPN major mode
    port 1194                               # TCP/UDP port number
    comp-lzo                                # Use fast LZO compression
    
    # OpenVPN server mode options
    daemon                                  # Become a daemon after all initialization
    ifconfig-pool 10.1.0.201 10.1.0.204     # Address pool to assign to clients
    ifconfig 10.1.0.1 255.255.0.0           # Server IP and subnet mask
    keepalive 15 60                         # Simplify the expression of --ping
    client-to-client                        # tells OpenVPN to internally route client-to-client t
    
    # TLS Mode Options
    tls-server                              # Enable TLS and assume server role during TLS handsha
    ca /jffs/keys/ca.crt                    # Certificate authority (CA) file
    dh /jffs/keys/dh1024.pem                # File containing Diffie Hellman parameters
    cert /jffs/keys/server.crt              # Local peer's signed certificate
    key /jffs/keys/server.key               # Local peer's private key
    duplicate-cn                            # Allow multiple clients with the same common name
    
    verb 6                                  # Set output verbosity to n
    user nobody
    group nobody
    persist-tun
    my firewall script:
    Code:
    iptables -A INPUT -p udp --dport 1194 -j ACCEPT
    iptables -A INPUT -i tap+ -j ACCEPT
    client.ovpn:
    Code:
    client
    dev tap
    proto udp
    remote xx.xx.xxx.xxx
    port 1194
    tls-client
    comp-lzo
    ns-cert-type server
    ca ca.crt
    cert client.crt
    key client.key
    user nobody
    group nobody
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-key
    persist-tun
    verb 3
    openvpn log from xp client:
    Code:
    Tue Nov 06 03:35:54 2007 NOTE: --user option is not implemented on Windows
    Tue Nov 06 03:35:54 2007 NOTE: --group option is not implemented on Windows
    Tue Nov 06 03:35:54 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
    Tue Nov 06 03:35:54 2007 LZO compression initialized
    Tue Nov 06 03:35:54 2007 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Nov 06 03:35:54 2007 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Tue Nov 06 03:35:54 2007 Local Options hash (VER=V4): 'd79ca330'
    Tue Nov 06 03:35:54 2007 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Tue Nov 06 03:35:54 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Nov 06 03:35:54 2007 UDPv4 link local (bound): [undef]:1194
    Tue Nov 06 03:35:54 2007 UDPv4 link remote: xx.xx.xxx.xxx:1194
    router log:
    Code:
    Nov  6 03:44:17  user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=yy.yyy.yy.yyy DST=xx.xx.xxx.xxx LEN=42 TOS=0x00 PREC=0x00 TTL=56 ID=26830 PROTO=UDP SPT=1194 DPT=1194 LEN=22
    will i need to add?:
    Code:
    push "route-gateway 10.1.0.1"
    push "dhcp-option DNS 10.1.0.1"
    Why is my UDP traffic being dropped?

    thanks,
    Leon
     
  42. roadkill

    roadkill Super Moderator Staff Member Member

    do you have connectivity between both segments?
     
  43. Leeoniya

    Leeoniya LI Guru Member

    please explain how to test....i am doing this remotely...but i can remote desktop into a pc on br0 if needed.
     
  44. roadkill

    roadkill Super Moderator Staff Member Member

    ping the client computer across the tunnel... from the router connected pc.. and then from the remote router.

    will i need to add?:
    Code:
    push "route-gateway 10.1.0.1"
    push "dhcp-option DNS 10.1.0.1"
    
    if you don't have special network services that are using name resolution you don't need these since the tunnel acts like a bridge
    it will use local/remote gateway/dns on both sides and generally forcing the remote gateway is not a good idea if you don't have a reason .
     
  45. Leeoniya

    Leeoniya LI Guru Member

    but the tunnel never goes up...
    i'm on the client computer thats behind another WRT54GL router...but i'm not setting up site-to site yet.

    if i configure my router here to respond to WAN ping, i can ping my router from the other WRT54GL (the server router that i'm configurig)...but it shouldnt really matter, the whole point is that the firewall on the other end drops UDP when i try to connect there with the config posted :(

    Code:
    Tue Nov 06 05:00:31 2007 NOTE: --user option is not implemented on Windows
    Tue Nov 06 05:00:31 2007 NOTE: --group option is not implemented on Windows
    Tue Nov 06 05:00:31 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
    Tue Nov 06 05:00:31 2007 LZO compression initialized
    Tue Nov 06 05:00:31 2007 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Nov 06 05:00:31 2007 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Tue Nov 06 05:00:31 2007 Local Options hash (VER=V4): 'd79ca330'
    Tue Nov 06 05:00:31 2007 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Tue Nov 06 05:00:31 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Nov 06 05:00:31 2007 UDPv4 link local (bound): [undef]:1194
    Tue Nov 06 05:00:31 2007 UDPv4 link remote: xx.xx.xxx.xxx:1194
    Tue Nov 06 05:01:16 2007 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Tue Nov 06 05:01:16 2007 TCP/UDP: Closing socket
    Tue Nov 06 05:01:16 2007 SIGUSR1[soft,ping-restart] received, process restarting
    Tue Nov 06 05:01:16 2007 Restart pause, 2 second(s)
    Tue Nov 06 05:01:18 2007 Re-using SSL/TLS context
    Tue Nov 06 05:01:18 2007 LZO compression initialized
    Tue Nov 06 05:01:18 2007 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Nov 06 05:01:18 2007 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Tue Nov 06 05:01:18 2007 Local Options hash (VER=V4): 'd79ca330'
    Tue Nov 06 05:01:18 2007 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Tue Nov 06 05:01:18 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Nov 06 05:01:18 2007 UDPv4 link local (bound): [undef]:1194
    Tue Nov 06 05:01:18 2007 UDPv4 link remote: xx.xx.xxx.xxx:1194
    ...thats all i get.

    my router log shows that the initial udp packet from the client gets dropped when trying to connect...maybe the firewall script is wrong?
     
  46. roadkill

    roadkill Super Moderator Staff Member Member

    this is not needed, try to eliminate all potential problems on the VPN path.
    TZ sync,UDP port opening,IP scope overlapping those are the most common problems.
    and please post a verb 9 log
     
  47. Leeoniya

    Leeoniya LI Guru Member

    tz data is same, -0600
    UDP port 1194 forwarded to 10.1.0.1 (router internal LAN ip)
    i disabled the router's dhcp server.

    router logs still show the udp packets from my client being dropped.

    Code:
    Tue Nov 06 05:50:15 2007 NOTE: --user option is not implemented on Windows
    Tue Nov 06 05:50:15 2007 NOTE: --group option is not implemented on Windows
    Tue Nov 06 05:50:15 2007 us=203000 Current Parameter Settings:
    Tue Nov 06 05:50:15 2007 us=203000   config = 'client.ovpn'
    Tue Nov 06 05:50:15 2007 us=203000   mode = 0
    Tue Nov 06 05:50:15 2007 us=203000   show_ciphers = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   show_digests = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   show_engines = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   genkey = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   key_pass_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   show_tls_ciphers = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   proto = 0
    Tue Nov 06 05:50:15 2007 us=203000   local = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   remote_list[0] = {'xx.xx.xxx.xxx', 1194}
    Tue Nov 06 05:50:15 2007 us=203000   remote_random = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   local_port = 1194
    Tue Nov 06 05:50:15 2007 us=203000   remote_port = 1194
    Tue Nov 06 05:50:15 2007 us=203000   remote_float = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   ipchange = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   bind_defined = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   bind_local = ENABLED
    Tue Nov 06 05:50:15 2007 us=203000   dev = 'tap'
    Tue Nov 06 05:50:15 2007 us=203000   dev_type = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   dev_node = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   lladdr = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   topology = 1
    Tue Nov 06 05:50:15 2007 us=203000   tun_ipv6 = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   ifconfig_local = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   ifconfig_remote_netmask = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   ifconfig_noexec = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   ifconfig_nowarn = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   shaper = 0
    Tue Nov 06 05:50:15 2007 us=203000   tun_mtu = 1500
    Tue Nov 06 05:50:15 2007 us=203000   tun_mtu_defined = ENABLED
    Tue Nov 06 05:50:15 2007 us=203000   link_mtu = 1500
    Tue Nov 06 05:50:15 2007 us=203000   link_mtu_defined = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   tun_mtu_extra = 32
    Tue Nov 06 05:50:15 2007 us=203000   tun_mtu_extra_defined = ENABLED
    Tue Nov 06 05:50:15 2007 us=203000   fragment = 0
    Tue Nov 06 05:50:15 2007 us=203000   mtu_discover_type = -1
    Tue Nov 06 05:50:15 2007 us=203000   mtu_test = 0
    Tue Nov 06 05:50:15 2007 us=203000   mlock = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   keepalive_ping = 0
    Tue Nov 06 05:50:15 2007 us=203000   keepalive_timeout = 0
    Tue Nov 06 05:50:15 2007 us=203000   inactivity_timeout = 0
    Tue Nov 06 05:50:15 2007 us=203000   ping_send_timeout = 15
    Tue Nov 06 05:50:15 2007 us=203000   ping_rec_timeout = 45
    Tue Nov 06 05:50:15 2007 us=203000   ping_rec_timeout_action = 2
    Tue Nov 06 05:50:15 2007 us=203000   ping_timer_remote = ENABLED
    Tue Nov 06 05:50:15 2007 us=203000   remap_sigusr1 = 0
    Tue Nov 06 05:50:15 2007 us=203000   explicit_exit_notification = 0
    Tue Nov 06 05:50:15 2007 us=203000   persist_tun = ENABLED
    Tue Nov 06 05:50:15 2007 us=203000   persist_local_ip = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   persist_remote_ip = DISABLED
    Tue Nov 06 05:50:15 2007 us=203000   persist_key = ENABLED
    Tue Nov 06 05:50:15 2007 us=203000   mssfix = 1450
    Tue Nov 06 05:50:15 2007 us=203000   resolve_retry_seconds = 1000000000
    Tue Nov 06 05:50:15 2007 us=203000   connect_retry_seconds = 5
    Tue Nov 06 05:50:15 2007 us=203000   connect_timeout = 10
    Tue Nov 06 05:50:15 2007 us=203000   connect_retry_max = 0
    Tue Nov 06 05:50:15 2007 us=203000   username = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   groupname = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   chroot_dir = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   cd_dir = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   writepid = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   up_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   down_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=203000   down_pre = DISABLED
    Tue Nov 06 05:50:15 2007 us=343000   up_restart = DISABLED
    Tue Nov 06 05:50:15 2007 us=343000   up_delay = DISABLED
    Tue Nov 06 05:50:15 2007 us=343000   daemon = DISABLED
    Tue Nov 06 05:50:15 2007 us=343000   inetd = 0
    Tue Nov 06 05:50:15 2007 us=343000   log = DISABLED
    Tue Nov 06 05:50:15 2007 us=343000   suppress_timestamps = DISABLED
    Tue Nov 06 05:50:15 2007 us=343000   nice = 0
    Tue Nov 06 05:50:15 2007 us=343000   verbosity = 9
    Tue Nov 06 05:50:15 2007 us=343000   mute = 0
    Tue Nov 06 05:50:15 2007 us=343000   gremlin = 0
    Tue Nov 06 05:50:15 2007 us=343000   status_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=343000   status_file_version = 1
    Tue Nov 06 05:50:15 2007 us=343000   status_file_update_freq = 60
    Tue Nov 06 05:50:15 2007 us=343000   occ = ENABLED
    Tue Nov 06 05:50:15 2007 us=343000   rcvbuf = 0
    Tue Nov 06 05:50:15 2007 us=343000   sndbuf = 0
    Tue Nov 06 05:50:15 2007 us=343000   sockflags = 0
    Tue Nov 06 05:50:15 2007 us=343000   socks_proxy_server = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   socks_proxy_port = 0
    Tue Nov 06 05:50:15 2007 us=359000   socks_proxy_retry = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   fast_io = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   lzo = 7
    Tue Nov 06 05:50:15 2007 us=359000   route_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   route_default_gateway = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   route_default_metric = 0
    Tue Nov 06 05:50:15 2007 us=359000   route_noexec = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   route_delay = 5
    Tue Nov 06 05:50:15 2007 us=359000   route_delay_window = 30
    Tue Nov 06 05:50:15 2007 us=359000   route_delay_defined = ENABLED
    Tue Nov 06 05:50:15 2007 us=359000   route_nopull = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   management_addr = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   management_port = 0
    Tue Nov 06 05:50:15 2007 us=359000   management_user_pass = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   management_log_history_cache = 250
    Tue Nov 06 05:50:15 2007 us=359000   management_echo_buffer_size = 100
    Tue Nov 06 05:50:15 2007 us=359000   management_query_passwords = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   management_hold = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   management_client = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   management_write_peer_info_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   shared_secret_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=359000   key_direction = 0
    Tue Nov 06 05:50:15 2007 us=359000   ciphername_defined = ENABLED
    Tue Nov 06 05:50:15 2007 us=359000   ciphername = 'BF-CBC'
    Tue Nov 06 05:50:15 2007 us=359000   authname_defined = ENABLED
    Tue Nov 06 05:50:15 2007 us=359000   authname = 'SHA1'
    Tue Nov 06 05:50:15 2007 us=359000   keysize = 0
    Tue Nov 06 05:50:15 2007 us=359000   engine = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   replay = ENABLED
    Tue Nov 06 05:50:15 2007 us=359000   mute_replay_warnings = DISABLED
    Tue Nov 06 05:50:15 2007 us=359000   replay_window = 64
    Tue Nov 06 05:50:15 2007 us=375000   replay_time = 15
    Tue Nov 06 05:50:15 2007 us=375000   packet_id_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   use_iv = ENABLED
    Tue Nov 06 05:50:15 2007 us=375000   test_crypto = DISABLED
    Tue Nov 06 05:50:15 2007 us=375000   tls_server = DISABLED
    Tue Nov 06 05:50:15 2007 us=375000   tls_client = ENABLED
    Tue Nov 06 05:50:15 2007 us=375000   key_method = 2
    Tue Nov 06 05:50:15 2007 us=375000   ca_file = 'ca.crt'
    Tue Nov 06 05:50:15 2007 us=375000   ca_path = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   dh_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   cert_file = 'client.crt'
    Tue Nov 06 05:50:15 2007 us=375000   priv_key_file = 'client.key'
    Tue Nov 06 05:50:15 2007 us=375000   pkcs12_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   cryptoapi_cert = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   cipher_list = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   tls_verify = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   tls_remote = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   crl_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=375000   ns_cert_type = 64
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=375000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=390000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=390000   remote_cert_ku[i] = 0
    Tue Nov 06 05:50:15 2007 us=390000   remote_cert_eku = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=390000   tls_timeout = 2
    Tue Nov 06 05:50:15 2007 us=390000   renegotiate_bytes = 0
    Tue Nov 06 05:50:15 2007 us=390000   renegotiate_packets = 0
    Tue Nov 06 05:50:15 2007 us=390000   renegotiate_seconds = 3600
    Tue Nov 06 05:50:15 2007 us=390000   handshake_window = 60
    Tue Nov 06 05:50:15 2007 us=390000   transition_window = 3600
    Tue Nov 06 05:50:15 2007 us=390000   single_session = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   tls_exit = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   tls_auth_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=390000   pkcs11_protected_authentication = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_cert_private = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_pin_cache_period = -1
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_slot_type = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_slot = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_id_type = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=406000   pkcs11_id = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=406000   server_network = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=406000   server_netmask = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=406000   server_bridge_ip = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=406000   server_bridge_netmask = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=406000   server_bridge_pool_start = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=406000   server_bridge_pool_end = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=406000   ifconfig_pool_defined = DISABLED
    Tue Nov 06 05:50:15 2007 us=406000   ifconfig_pool_start = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=421000   ifconfig_pool_end = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=421000   ifconfig_pool_netmask = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=421000   ifconfig_pool_persist_filename = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   ifconfig_pool_persist_refresh_freq = 600
    Tue Nov 06 05:50:15 2007 us=421000   n_bcast_buf = 256
    Tue Nov 06 05:50:15 2007 us=421000   tcp_queue_limit = 64
    Tue Nov 06 05:50:15 2007 us=421000   real_hash_size = 256
    Tue Nov 06 05:50:15 2007 us=421000   virtual_hash_size = 256
    Tue Nov 06 05:50:15 2007 us=421000   client_connect_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   learn_address_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   client_disconnect_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   client_config_dir = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   ccd_exclusive = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   tmp_dir = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   push_ifconfig_defined = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   push_ifconfig_local = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=421000   push_ifconfig_remote_netmask = 0.0.0.0
    Tue Nov 06 05:50:15 2007 us=421000   enable_c2c = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   duplicate_cn = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   cf_max = 0
    Tue Nov 06 05:50:15 2007 us=421000   cf_per = 0
    Tue Nov 06 05:50:15 2007 us=421000   max_clients = 1024
    Tue Nov 06 05:50:15 2007 us=421000   max_routes_per_client = 256
    Tue Nov 06 05:50:15 2007 us=421000   client_cert_not_required = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   username_as_common_name = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   auth_user_pass_verify_script = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   auth_user_pass_verify_script_via_file = DISABLED
    Tue Nov 06 05:50:15 2007 us=421000   client = ENABLED
    Tue Nov 06 05:50:15 2007 us=421000   pull = ENABLED
    Tue Nov 06 05:50:15 2007 us=421000   auth_user_pass_file = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=421000   show_net_up = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000   route_method = 0
    Tue Nov 06 05:50:15 2007 us=437000   ip_win32_defined = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000   ip_win32_type = 3
    Tue Nov 06 05:50:15 2007 us=437000   dhcp_masq_offset = 0
    Tue Nov 06 05:50:15 2007 us=437000   dhcp_lease_time = 31536000
    Tue Nov 06 05:50:15 2007 us=437000   tap_sleep = 0
    Tue Nov 06 05:50:15 2007 us=437000   dhcp_options = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000   dhcp_renew = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000   dhcp_pre_release = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000   dhcp_release = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000   domain = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=437000   netbios_scope = '[UNDEF]'
    Tue Nov 06 05:50:15 2007 us=437000   netbios_node_type = 0
    Tue Nov 06 05:50:15 2007 us=437000   disable_nbt = DISABLED
    Tue Nov 06 05:50:15 2007 us=437000 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
    Tue Nov 06 05:50:15 2007 us=437000 PKCS#11: pkcs11_initialize - entered
    Tue Nov 06 05:50:15 2007 us=437000 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
    Tue Nov 06 05:50:15 2007 us=437000 WE_INIT maxevents=4 flags=0x00000002
    Tue Nov 06 05:50:15 2007 us=437000 WE_INIT maxevents=4 capacity=8
    Tue Nov 06 05:50:15 2007 us=437000 LZO compression initialized
    Tue Nov 06 05:50:15 2007 us=437000 MTU DYNAMIC mtu=0, flags=1, 0 -> 138
    Tue Nov 06 05:50:15 2007 us=437000 TLS: tls_session_init: entry
    Tue Nov 06 05:50:15 2007 us=437000 PID packet_id_init seq_backtrack=64 time_backtrack=15
    Tue Nov 06 05:50:15 2007 us=437000 PID packet_id_init seq_backtrack=64 time_backtrack=15
    Tue Nov 06 05:50:15 2007 us=437000 TLS: tls_session_init: new session object, sid=c087de34 76db66a2
    Tue Nov 06 05:50:15 2007 us=437000 TLS: tls_session_init: entry
    Tue Nov 06 05:50:15 2007 us=437000 PID packet_id_init seq_backtrack=64 time_backtrack=15
    Tue Nov 06 05:50:15 2007 us=437000 PID packet_id_init seq_backtrack=64 time_backtrack=15
    Tue Nov 06 05:50:15 2007 us=453000 TLS: tls_session_init: new session object, sid=7c88b977 8eaa6042
    Tue Nov 06 05:50:15 2007 us=453000 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Nov 06 05:50:15 2007 us=453000 MTU DYNAMIC mtu=1450, flags=2, 1574 -> 1450
    Tue Nov 06 05:50:15 2007 us=453000 REMOTE_LIST len=1 current=0
    Tue Nov 06 05:50:15 2007 us=453000 [0] xx.xx.xxx.xxx:1194
    Tue Nov 06 05:50:15 2007 us=484000 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=1
    Tue Nov 06 05:50:15 2007 us=484000 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Tue Nov 06 05:50:15 2007 us=484000 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Tue Nov 06 05:50:15 2007 us=484000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Tue Nov 06 05:50:15 2007 us=484000 Local Options hash (VER=V4): 'd79ca330'
    Tue Nov 06 05:50:15 2007 us=484000 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Tue Nov 06 05:50:15 2007 us=484000 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Nov 06 05:50:15 2007 us=484000 UDPv4 link local (bound): [undef]:1194
    Tue Nov 06 05:50:15 2007 us=484000 UDPv4 link remote: xx.xx.xxx.xxx:1194
    Tue Nov 06 05:50:15 2007 us=484000 TLS Warning: no data channel send key available:  [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
    Tue Nov 06 05:50:15 2007 us=484000 SENT PING
    Tue Nov 06 05:50:15 2007 us=484000 TIMER: coarse timer wakeup 1 seconds
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=c087de34 76db66a2, stored-sid=00000000 00000000, stored-ip=xx.xx.xxx.xxx:1194
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_process: chg=0 ks=S_INITIAL lame=S_UNDEF to_link->len=0 wakeup=604800
    Tue Nov 06 05:50:15 2007 us=484000 ACK mark active outgoing ID 0
    Tue Nov 06 05:50:15 2007 us=484000 TLS: Initial Handshake, sid=c087de34 76db66a2
    Tue Nov 06 05:50:15 2007 us=484000 ACK reliable_can_send active=1 current=1 : [1] 0
    Tue Nov 06 05:50:15 2007 us=484000 ACK reliable_send ID 0 (size=4 to=2)
    Tue Nov 06 05:50:15 2007 us=484000 Reliable -> TCP/UDP
    Tue Nov 06 05:50:15 2007 us=484000 ACK reliable_send_timeout 2 [1] 0
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_process: timeout set to 2
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=7c88b977 8eaa6042, stored-sid=00000000 00000000, stored-ip=[undef]
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Tue Nov 06 05:50:15 2007 us=484000 RANDOM USEC=231114
    Tue Nov 06 05:50:15 2007 us=484000 WE_CTL n=0 ev=0x00483bf4 rwflags=0x0001 arg=0x00467658
    Tue Nov 06 05:50:15 2007 us=484000 WIN32 I/O: Socket Receive queued [1574]
    Tue Nov 06 05:50:15 2007 us=484000 WE_CTL n=1 ev=0x00d3611c rwflags=0x0003 arg=0x00467650
    Tue Nov 06 05:50:15 2007 us=484000 I/O WAIT T?|T?|SRQ|SW0 [1/231114]
    Tue Nov 06 05:50:15 2007 us=484000 WE_WAIT enter n=3 to=1231
    Tue Nov 06 05:50:15 2007 us=484000 [0] ev=0x00000724 rwflags=0x0001 arg=0x00467658
    Tue Nov 06 05:50:15 2007 us=484000 [1] ev=0x00000704 rwflags=0x0002 arg=0x00467650
    Tue Nov 06 05:50:15 2007 us=484000 [2] ev=0x00000700 rwflags=0x0001 arg=0x00467650
    Tue Nov 06 05:50:15 2007 us=484000 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00467650
    Tue Nov 06 05:50:15 2007 us=484000  event_wait returned 1
    Tue Nov 06 05:50:15 2007 us=484000 I/O WAIT status=0x0002
    Tue Nov 06 05:50:15 2007 us=484000 UDPv4 WRITE [14] to xx.xx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c087de34 76db66a2 [ ] pid=0 DATA 
    Tue Nov 06 05:50:15 2007 us=484000 WIN32 I/O: Socket Send queued [14]
    Tue Nov 06 05:50:15 2007 us=484000 UDPv4 write returned 14
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c087de34 76db66a2, stored-sid=00000000 00000000, stored-ip=xx.xx.xxx.xxx:1194
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
    Tue Nov 06 05:50:15 2007 us=484000 ACK reliable_can_send active=1 current=0 : [1] 0
    Tue Nov 06 05:50:15 2007 us=484000 SSL state (connect): before/connect initialization
    Tue Nov 06 05:50:15 2007 us=484000 SSL state (connect): SSLv3 write client hello A
    Tue Nov 06 05:50:15 2007 us=484000 ACK reliable_send_timeout 2 [1] 0
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_process: timeout set to 2
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=7c88b977 8eaa6042, stored-sid=00000000 00000000, stored-ip=[undef]
    Tue Nov 06 05:50:15 2007 us=484000 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Tue Nov 06 05:50:15 2007 us=500000 WE_CTL n=0 ev=0x00483bf4 rwflags=0x0001 arg=0x00467658
    Tue Nov 06 05:50:15 2007 us=500000 WE_CTL n=1 ev=0x00d3611c rwflags=0x0001 arg=0x00467650
    Tue Nov 06 05:50:15 2007 us=500000 I/O WAIT T?|T?|SRQ|SwQ [1/231114]
    Tue Nov 06 05:50:15 2007 us=500000 WE_WAIT enter n=2 to=1231
    Tue Nov 06 05:50:15 2007 us=500000 [0] ev=0x00000724 rwflags=0x0001 arg=0x00467658
    Tue Nov 06 05:50:15 2007 us=500000 [1] ev=0x00000700 rwflags=0x0001 arg=0x00467650
     
  48. habskilla

    habskilla Network Guru Member

    roadkill,

    thanks for the offer.

    I did get it to work using tcp. I had to use port 8080 instead of 443.
     
  49. drelkata

    drelkata LI Guru Member

    habskilla if you try to use tcp proto on port 443 ( like in my conf post :) ), and if you use for web access to your router https ....how do you expect to work :)?!?!
    :)
     
  50. occamsrazor

    occamsrazor Network Guru Member

    Latest OpenVPN build

    Hi,

    I'm currently running v1.10.1189 with the OPenVPN mod.

    What's the latest version with OpenVPN, and where do I get it?

    The recent flurry of development in Tomato versions is most welcome, but frankly I'm finding it a bit confusing keeping track of what is happening with the different builds and wonder if this forum thread is the best place? Not sure what might be better, perhaps some sort of wiki on the Tomato site with the latest official and unofficial builds and their changelogs... what do you think?

    Regardless.... thanks to everyone for all the hard work. Streaming my home music library to my office iTunes over an openvpn tunnel is just great.

    Regards,

    Ben
     
  51. roadkill

    roadkill Super Moderator Staff Member Member

    the first post on this thread contains all the details.
     
  52. occamsrazor

    occamsrazor Network Guru Member

    Roadkill - thanks so much for all your work on the development of this. So the link "Tomato v1.11.1219 - Binary" contains the OpenVPN functionality, yes? Sorry if I'm being stupid. Thanks in advance... Ben
     
  53. roadkill

    roadkill Super Moderator Staff Member Member

    your welcome,
    when a major new version is released I tend to add LibLZO,OpenVPN,TAP/TUN Device Support and release it occasionally people ask for more extra stuff IPtables Quota, Serial Add on, etc the clean version for this release cycle is Tomato Mod v1.11.1218 it has only the basic package I add....
     
  54. u3gyxap

    u3gyxap Network Guru Member

    Hey folks. As you may already know, roadkill was nice enough to put some extra stuff in tomato regarding serial mods. Since WRT54G/S/L has 2 UARTS, I have done a dual serial mod, and now I have 2 serial consoles at my disposal. I used the HOWTO provided by Rod Whitby here:
    http://www.rwhitby.net/projects/wrt54gs
    I used MAX232 since it was available, but the end result is the same.
    I have two serial consoles now. Console 0 is connected directly to COM1 on my PC. Console 2 is connected to a regular modem, providing dial-in access for router administration. This is useful if your network depends on internet access and you need to have remote access to your router for management purposes from a place where www and ssh are not applicable or unavailable.
    So, this is what needs to be done.
    1. By default only tts0 is initialized. You need to initialize tts1 as well, by having this early in the init script:
    Code:
    /usr/sbin/setserial /dev/tts/1 irq 3
    Now tts1 is initialized. It uses 9600 bauds as a standard secondary linux console.
    2. mgetty dies after every successful connection. In normal linux-run routers, we have it with "respawn" in the inittab. Here things are quite different, so I ended up making a simple script that reruns mgetty every time 3 seconds after it exits. I called it mgettyd:
    Code:
    #mgettyd - simple mgetty daemonizer
    cd /tmp
    while [ 1 ]
    do
    mgetty -n8 -x0 -s 9600 -p "Serial Console Login: " -D /dev/tts/1
    sleep 3
    done
    The "n8" is for having the modem answering the call after 8 rings, you can change that with whatever you want. X0 is for disregarding the log capabilities, though x4 is recommended. You can change it to whatever you want. The speed used is set at 9600 bauds and we look for the modem on /dev/tts/1. It is also best to have the modem itself setup for 9600 bauds too, either with the AT commands, or by DIP switches if the modem has those. My US Robotics Sportster can do either.
    In my case the script resides on the jffs partition. It needs to have "chmod a+x /jffs/mgettyd" done, so it is executable.
    3. You need to call it in the init like this:
    Code:
    /jffs/./mgettyd &
    With all that, mgetty provides us with dial-in access if we need to access the router for debugging, to reboot it, forward a port and so on. I can do it from anywhere even with my cellphone. The only thing that needs to be remembered is always to exit with "exit" or "logout" when done.

    This can be applied also to other routers such as ASUS WL-500g and even routers with only 1 serial port, such as WHR-G54S, WHR-HP-G54 and so on.
     
  55. linkfox

    linkfox Guest

    The field "script_wanup" is invalid

    Code:
    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    echo "
    mode server
    dev tap0
    daemon
    comp-lzo
    client-to-client
    tls-server
    ca ca.crt
    dh dh1024.pem
    cert server.crt
    key server.key
    " > openvpn.conf
    echo "
    -----BEGIN CERTIFICATE-----
    
    
    -----END CERTIFICATE-----
    " > ca.crt
    echo "
    -----BEGIN RSA PRIVATE KEY-----
    
    -----END CERTIFICATE-----
    " > server.crt
    echo "
    -----BEGIN DH PARAMETERS-----
    
    -----END DH PARAMETERS-----
    " > dh1024.pem
    sleep 5
    ln -s /usr/sbin/openvpn /tmp/myvpn
    /tmp/myvpn --config openvpn.conf
    

    Unable to save the Config:

    The field "script_wanup" is invalid. Please report this problem.

    I Can't get the content smaler 4096. How can i fix the Problem?
    Thank you.

    UPDATE: I pu the key-data in the init-field . now it runs ;-)
     
  56. u3gyxap

    u3gyxap Network Guru Member

    I have updated the info on mgetty...
    EDITED - back to jffs, seems to work best..
     
  57. eRd12

    eRd12 LI Guru Member

    Ho roadkill, on what stage is the integrating mmc mod to tomato? You said that you're working with it so I ask. I would like to use mmc or sd to write there syslogd and get logs of my users there. After a month i would get this file to my computer.
     
  58. dontbotherme

    dontbotherme Network Guru Member

    Can anyone explain in simple terms as to what this mod does and how do I enable it? I don't really see any wiki explaining it clearly.

    Thx.
     
  59. TheGIZ

    TheGIZ Network Guru Member

    I have tried to generate certificates. I followed the link on this thread for the "how to"
    http://www.runpcrun.com/howtoopenvpn

    but, it didn't seem to work. Would someone be willing to post a step by step?

    I have the static key VPN working. I would like to be able to make my router except more then one connection.

    So it all has to be don in the command line.. ohhhh.
     
  60. homa1978

    homa1978 LI Guru Member

    IPSEC Feature Request

    First off all congratulations to this great firmware.

    But one thing I will realy love, is the ipsec feature.

    Are there any plans to integrate it ???

    Is it possible to integrate it ???

    Thanks for an answer.

    homa
     
  61. puddle

    puddle LI Guru Member

    I would'nt mind iptables -m time. This could work really well with mod quota for some things I have to do.
    Thanks.
     
  62. roadkill

    roadkill Super Moderator Staff Member Member

    ipsec is a little problematic...
    I'll get into it when USB/SD MMC Mod is finally done ;)

    no problems next version ...
     
  63. Maggard

    Maggard LI Guru Member

    OpenVPN w/ certificates woring for me

    Just to encourage those having problems, I followed the instructions and have no problem connecting from my laptop to my router via OpenVPN using certificates, from behind some pretty annoying firewalls.

    My eventual goal is to link routers at several locations in a VPN, so I went with certificates. If anyone has gotten multiple routers connected this way please be encouraged to report such, and pass along any notes you may have on this.

    It would be great if an OpenVPN were eventually integrated into mainline Tomato, with paste-key-here screens, even possibly built-in key generation (copy-this-key). I’m regularly impressed with how well thought out the Tomato GUI is; I’d love to see it offer this typically complex feature with it’s characteristic élan.

    My thanks to those who’ve make OpenVPN on Tomato, and Tomato, possible.
     
  64. Leeoniya

    Leeoniya LI Guru Member

    After failing to get a bridged site-site VPN working, i tried a routed one first...with more success, but still not complete:

    the client router has DHCP turned off and the internal LAN interface is 192.168.0.200
    my server router has DHCP turned on and a LAN ip of 192.168.1.1

    After going through the handshaking and certificate auth...my server router gives me this in the logs when i boot up my client router:
    Code:
    Nov 27 20:09:37  daemon.notice openvpn[314]: xx.xxx.xxx.xx:2049 [clientRouter] Peer Connection Initiated with xx.xxx.xxx.xx:2049
    Nov 27 20:09:37  daemon.err openvpn[314]: clientRouter/xx.xxx.xxx.xx:2049 MULTI: no dynamic or static remote --ifconfig address is available for clientRouter/xx.xxx.xxx.xx:2049
    Nov 27 20:09:39  daemon.notice openvpn[314]: clientRouter/xx.xxx.xxx.xx:2049 PUSH: Received control message: 'PUSH_REQUEST'
    Nov 27 20:09:39  daemon.notice openvpn[314]: clientRouter/xx.xxx.xxx.xx:2049 SENT CONTROL [clientRouter]: 'PUSH_REPLY,ping 15,ping-restart 60' (status=1)
    i'm using the instructions on page 5 of this thread without modifications. do i need to add an ifconfig-push or pool or something?

    thanks,
    Leon
     
  65. roadkill

    roadkill Super Moderator Staff Member Member

    pull or push options are relevant when you got dhcp server available however you can set the interface manually.

    ifconfig tap0 x.x.x.x promisc up
     
  66. Leeoniya

    Leeoniya LI Guru Member

    so do i change that on client or server router? or both?

    what IPs do they need to be? the same subnet as each router's internal interface network? so like 192.168.0.201 for client and 192.168.1.2 for server?

    ifconfig tap0 192.168.0.201 promisc up (client)
    ifconfig tap0 192.168.1.2 promisc up (server)

    ??
    thanks
    Leon
     
  67. roadkill

    roadkill Super Moderator Staff Member Member

    it's the client and the server...

    I think the easiest solution for you will be to enable dhcp server on either end and activate push or pull.
    or you can copy one of the configurations posted in this thread..
     
  68. cHarOn

    cHarOn Network Guru Member

    I have an Problem i made everything like roadkill mades it on Post 92 i used his configs and cant get it working?!

    Code:
    Jan  1 01:00:08 unknown user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: started, version 2.40 cachesize 150
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: DHCP, IP range 192.168.0.100 -- 192.168.0.149, lease time 1d
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: reading /etc/resolv.dnsmasq
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: using nameserver 217.237.151.115#53
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: using nameserver 217.237.148.102#53
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: read /etc/hosts - 0 addresses
    Jan  1 01:00:09 unknown daemon.info dnsmasq[120]: read /etc/hosts.dnsmasq - 1 addresses
    Jan  1 01:00:11 unknown user.info kernel: device tap0 entered promiscuous mode
    Jan  1 01:00:11 unknown user.info kernel: br0: port 3(tap0) entering learning state
    Jan  1 01:00:11 unknown user.info kernel: br0: port 3(tap0) entering forwarding state
    Jan  1 01:00:11 unknown user.info kernel: br0: topology change detected, propagating
    Dec  2 20:30:10 unknown daemon.notice openvpn[251]: OpenVPN 2.1_rc4 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Nov  1 2007
    Dec  2 20:30:10 unknown daemon.notice openvpn[251]: Diffie-Hellman initialized with 384 bit key
    Dec  2 20:30:10 unknown daemon.err openvpn[251]: Cannot load certificate file server.crt: error:0D081072:asn1 encoding routines:d2i_ASN1_OBJECT:expecting an object: error:0D0A0004:asn1 encoding routines:d2i_X509_ALGOR:nested asn1 error: error:0D0A2004:asn1 encoding routi
    Dec  2 20:30:10 unknown daemon.notice openvpn[251]: Exiting
    Dec  2 20:30:11 unknown user.warn kernel: nvram_commit(): init
    Dec  2 20:30:13 unknown user.warn kernel: nvram_commit(): end
    Dec  2 20:30:54 unknown cron.warn crond[98]: time disparity of 19943730 minutes detected 
    
    why i get this i tried now many different parts 284bit 1024bit, ...................
    and on the server i get everytime the

    Dec 2 20:30:10 unknown daemon.err openvpn[251]: Cannot load certificate file server.crt: error:0D081072:asn1 encoding routines:d2i_ASN1_OBJECT:expecting an object: error:0D0A0004:asn1 encoding routines:d2i_X509_ALGOR:nested asn1 error: error:0D0A2004:asn1 encoding routi

    please can anyone tell me what i made wrong?!
    I generated all keys under Windows Vista without errors the only thing what is different and i cant find out i get no server and client crt files mine are called csr?!?! is this wrong then?!?!

    tia cHarOn
     
  69. cHarOn

    cHarOn Network Guru Member

    ok i sort some problems out under vista i cant make working Certificates i made it now over Windows XP and now no errors anymore but now my client dont gets an IP?! over dhcp how can i change that to an static ip, sub, gatew, dns?!

    cHarOn
     
  70. cHarOn

    cHarOn Network Guru Member

    Server WRT54GL:

    INIT:
    Code:
    sleep 5
    insmod tun.o
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    cd /tmp
    
    echo "
    mode server
    proto udp
    port 1194
    dev tap0
    keepalive 15 60
    daemon
    verb 3
    comp-lzo
    
    client-to-client
    duplicate-cn
    tls-server
    ca ca.crt
    dh dh512.pem
    cert server.crt
    key server.key
    " > openvpn.conf
    
    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    " > ca.crt
    echo "
    -----BEGIN RSA PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END RSA PRIVATE KEY-----
    " > server.key
    chmod 600 server.key
    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    " > server.crt
    echo "
    -----BEGIN DH PARAMETERS-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END DH PARAMETERS-----
    " > dh512.pem
    ln -s /usr/sbin/openvpn /tmp/myvpn
    
    Firewall:
    Code:
    iptables -I INPUT 1 -p udp  --dport 1194 -j ACCEPT
    
    WAN UP:
    Code:
    sleep 5
    /tmp/myvpn --config openvpn.conf
    


    CLIENT WRT54GL

    INIT:
    Code:
    sleep 5
    insmod tun.o
    ./myvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    
    echo "
    client
    dev tap0
    proto udp
    remote *******.dyndns.org 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    ns-cert-type server
    comp-lzo
    verb 0
    " > /tmp/client.conf
    
    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    " > /tmp/ca.crt
    
    echo "
    -----BEGIN RSA PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END RSA PRIVATE KEY-----
    " > /tmp/client.key
    chmod 600 /tmp/client.key
    
    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    " > /tmp/client.crt
    
    FIREWALL:
    Code:
    iptables -I INPUT 1 -p udp  --dport 1194 -j ACCEPT
    
    WAN UP:
    Code:
    ./myvpn --config client.conf
    

    and thats the Log output i get on the server

    Code:
    Dec  3 09:01:48 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:01:50 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: MULTI: multi_create_instance called
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Re-using SSL/TLS context
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 LZO compression initialized
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 TLS: Initial packet from ++.++.++.+++:2049, sid=aa62ea78 08b5ce1b
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 VERIFY OK: depth=1, /C=DE/ST=AB/L=++++/O=+++++/CN=+++++++/Email=+++++++++
    Dec  3 09:02:07 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 VERIFY OK: depth=0, /C=DE/ST=AB/O=++++++/CN=++++++++/Email=++++++++++
    Dec  3 09:02:08 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Dec  3 09:02:08 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec  3 09:02:08 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Dec  3 09:02:08 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec  3 09:02:08 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 512 bit RSA
    Dec  3 09:02:08 unknown daemon.notice openvpn[251]: ++.++.+++.+++:2049 [Client1] Peer Connection Initiated with ++.++.++.++:2049
    Dec  3 09:02:08 unknown daemon.err openvpn[251]: Client1/++.++.+++.+++:2049 MULTI: no dynamic or static remote --ifconfig address is available for Client1/++.++.++.++:2049
    Dec  3 09:02:09 unknown daemon.notice openvpn[251]: Client1/++.++.+++.+++:2049 PUSH: Received control message: 'PUSH_REQUEST'
    Dec  3 09:02:09 unknown daemon.notice openvpn[251]: Client1/++.++.+++.+++:2049 SENT CONTROL [Client1]: 'PUSH_REPLY,ping 15,ping-restart 60' (status=1)
    Dec  3 09:02:14 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:02:18 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:02:20 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:02:27 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:02:38 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:03:00 unknown daemon.err openvpn[251]: read UDPv4 [ENETUNREACH]: Network is unreachable (code=128)
    Dec  3 09:03:29 unknown daemon.notice openvpn[251]: Client1/++.++.+++.++:2049 [Client1] Inactivity timeout (--ping-restart), restarting
    Dec  3 09:03:29 unknown daemon.notice openvpn[251]: Client1/++.++.++.++:2049 SIGUSR1[soft,ping-restart] received, client-instance restarting
    

    Please help me?!

    regards cHarOn
     
  71. cHarOn

    cHarOn Network Guru Member

    or is there an mistake on how i setup the routers only to show more detailed.

    Router WRT54GL OpenVPN Server
    Router IP Address 192.168.0.254
    Subnet Mask 255.255.255.0
    DHCP 192.168.0.100 - 149


    Router WRT54GL OpenVPN Client
    Router IP Address 192.168.0.253
    Subnet Mask 255.255.255.0
    DHCP 192.168.0.10 - 20


    If anyone needs more info let me know it :)

    cHarOn
     
  72. azeari

    azeari LI Guru Member

    i think i did have a earlier post on the vista issues, its to do with openssl incompatibilities.
    upgrade to the latest version (beta) to fix it. as for ur config, i'm not sure (= gotta wait for someone to take a look
     
  73. cHarOn

    cHarOn Network Guru Member

    yes on vista the problem is clear for me now but the other part i dont understand it because the client dont gets an ip ;-(

    cHarOn
     
  74. vsboost

    vsboost LI Guru Member

    Hi guys thought i would try this whole vpn thing, i only have one question is there any way to stop logging all this info, it seems to repeat every min or so.
    ----------------------------------------------------------------------

    Dec 5 21:50:05 daemon.notice openvpn[310]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec 5 21:50:05 daemon.notice openvpn[310]: LZO compression initialized
    Dec 5 21:50:05 daemon.notice openvpn[310]: TUN/TAP device tap0 opened
    Dec 5 21:50:05 daemon.notice openvpn[310]: TUN/TAP TX queue length set to 100
    Dec 5 21:50:05 daemon.notice openvpn[310]: Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:135 ET:32 EL:0 AF:3/1 ]
    Dec 5 21:50:05 daemon.notice openvpn[310]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Dec 5 21:50:05 daemon.notice openvpn[310]: UDPv4 link local (bound): [undef]:1194
    Dec 5 21:50:05 daemon.notice openvpn[310]: UDPv4 link remote: [undef]
    Dec 5 21:51:05 daemon.notice openvpn[310]: Inactivity timeout (--ping-restart), restarting
    Dec 5 21:51:05 daemon.notice openvpn[310]: TCP/UDP: Closing socket
    Dec 5 21:51:05 daemon.notice openvpn[310]: Closing TUN/TAP interface
    Dec 5 21:51:05 daemon.notice openvpn[310]: SIGUSR1[soft,ping-restart] received, process restarting
    Dec 5 21:51:05 daemon.notice openvpn[310]: Restart pause, 2 second(s)
    Dec 5 21:51:07 daemon.warn openvpn[310]: WARNING: file '/tmp/static.key' is group or others accessible
    Dec 5 21:51:07 daemon.notice openvpn[310]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Dec 5 21:51:07 daemon.notice openvpn[310]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec 5 21:51:08 daemon.notice openvpn[310]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Dec 5 21:51:08 daemon.notice openvpn[310]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Dec 5 21:51:08 daemon.notice openvpn[310]: LZO compression initialized
    Dec 5 21:51:08 daemon.notice openvpn[310]: TUN/TAP device tap0 opened
    Dec 5 21:51:08 daemon.notice openvpn[310]: TUN/TAP TX queue length set to 100
    Dec 5 21:51:08 daemon.notice openvpn[310]: Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:135 ET:32 EL:0 AF:3/1 ]
    Dec 5 21:51:08 daemon.notice openvpn[310]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Dec 5 21:51:08 daemon.notice openvpn[310]: UDPv4 link local (bound): [undef]:1194
    Dec 5 21:51:08 daemon.notice openvpn[310]: UDPv4 link remote: [undef]
     
  75. Trunkz

    Trunkz LI Guru Member

    OpenVPN is not working. (Specifically, nothing in the logs point to openvpn even running). Here's my config:

    Init:

    PHP:
    sleep 5
    insmod tun
    .o
    ./myvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    cd 
    /tmp
    ln 
    -/usr/sbin/openvpn /tmp/myvpn

    echo "
    client
    dev tap0
    proto udp
    remote 195.178.106.139 1194
    http-proxy cache.lsbu.ac.uk 8080
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    ns-cert-type server
    comp-lzo
    verb 3
    > /tmp/client.conf

    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    > /tmp/ca.crt 

    echo "
    -----BEGIN RSA PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END RSA PRIVATE KEY-----
    > /tmp/client.key
    chmod 600 
    /tmp/client.key

    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    > /tmp/client.crt

    ./myvpn --config client.conf
    Firewall:

    PHP:
    iptables -I INPUT 1 -p udp  --dport 1194 -j ACCEPT
    Wan Up:

    PHP:
    ./myvpn --config client.conf
    I am behind an http proxy, but I've put the relevant settings in the init section to reflect this. (I think, dont mind you guys double checking this) I've got a VPN which I'd like to connect to, so I guess this is a client-side install.
     
  76. roadkill

    roadkill Super Moderator Staff Member Member

    change the verb value to 9 and post the log the connection log
     
  77. cHarOn

    cHarOn Network Guru Member

    roadkill do you have any idea why it dont works on my setup i cant get an ip on clientside?! olease help me :)

    regards cHarOn
     
  78. roadkill

    roadkill Super Moderator Staff Member Member

    run openvpn from telnet/ssh with verb 9 and post the log
    you can also telnet to the router after boot and do a killall myvpn and killall openvpn change the verb value and rerun /tmp/myvpn
     
  79. Trunkz

    Trunkz LI Guru Member

    Changed it from verb 3 to verb 9, saved, and restarted the router. Here's the log:

    Code:
    Dec 31 16:00:07 unknown syslog.info syslogd started: BusyBox v1.2.2
    Dec 31 16:00:07 unknown user.notice kernel: klogd started: BusyBox v1.2.2 (2007.10.30-21:42+0000)
    Dec 31 16:00:07 unknown user.warn kernel: CPU revision is: 00029008
    Dec 31 16:00:07 unknown user.warn kernel: Primary instruction cache 16kb, linesize 16 bytes (2 ways)
    Dec 31 16:00:07 unknown user.warn kernel: Primary data cache 8kb, linesize 16 bytes (2 ways)
    Dec 31 16:00:07 unknown user.warn kernel: Linux version 2.4.20 (ofer@ofer-desktop) (gcc version 3.2.3 with Broadcom modifications) #8 Thu Nov 1 22:11:51 IST 2007
    Dec 31 16:00:07 unknown user.warn kernel: Setting the PFC value as 0x15
    Dec 31 16:00:07 unknown user.warn kernel: Determined physical RAM map:
    Dec 31 16:00:07 unknown user.warn kernel:  memory: 01000000 @ 00000000 (usable)
    Dec 31 16:00:07 unknown user.warn kernel: On node 0 totalpages: 4096
    Dec 31 16:00:07 unknown user.warn kernel: zone(0): 4096 pages.
    Dec 31 16:00:07 unknown user.warn kernel: zone(1): 0 pages.
    Dec 31 16:00:07 unknown user.warn kernel: zone(2): 0 pages.
    Dec 31 16:00:07 unknown user.warn kernel: Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
    Dec 31 16:00:07 unknown user.warn kernel: CPU: BCM5352 rev 0 at 200 MHz
    Dec 31 16:00:07 unknown user.warn kernel: Calibrating delay loop... 199.47 BogoMIPS
    Dec 31 16:00:07 unknown user.info kernel: Memory: 14480k/16384k available (1316k kernel code, 1904k reserved, 108k data, 64k init, 0k highmem)
    Dec 31 16:00:07 unknown user.info kernel: Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
    Dec 31 16:00:07 unknown user.info kernel: Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
    Dec 31 16:00:07 unknown user.warn kernel: Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
    Dec 31 16:00:07 unknown user.warn kernel: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
    Dec 31 16:00:07 unknown user.warn kernel: Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
    Dec 31 16:00:07 unknown user.warn kernel: Checking for 'wait' instruction...  unavailable.
    Dec 31 16:00:07 unknown user.warn kernel: POSIX conformance testing by UNIFIX
    Dec 31 16:00:07 unknown user.warn kernel: PCI: no core
    Dec 31 16:00:07 unknown user.warn kernel: PCI: Fixing up bus 0
    Dec 31 16:00:07 unknown user.info kernel: Linux NET4.0 for Linux 2.4
    Dec 31 16:00:07 unknown user.info kernel: Based upon Swansea University Computer Society NET3.039
    Dec 31 16:00:07 unknown user.warn kernel: Initializing RT netlink socket
    Dec 31 16:00:07 unknown user.warn kernel: Starting kswapd
    Dec 31 16:00:07 unknown user.info kernel: devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
    Dec 31 16:00:07 unknown user.info kernel: devfs: boot_options: 0x1
    Dec 31 16:00:07 unknown user.info kernel: Squashfs 2.2-r2 (released 2005/09/08) (C) 2002-2005 Phillip Lougher
    Dec 31 16:00:07 unknown user.warn kernel: pty: 256 Unix98 ptys configured
    Dec 31 16:00:07 unknown user.info kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
    Dec 31 16:00:07 unknown user.info kernel: ttyS00 at 0xb8000300 (irq = 3) is a 16550A
    Dec 31 16:00:07 unknown user.info kernel: ttyS01 at 0xb8000400 (irq = 0) is a 16550A
    Dec 31 16:00:07 unknown user.warn kernel: HDLC line discipline: version $Revision: 1.1.1.4 $, maxframe=4096
    Dec 31 16:00:07 unknown user.info kernel: N_HDLC line discipline registered.
    Dec 31 16:00:07 unknown user.info kernel: PPP generic driver version 2.4.2
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x400000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0xc00000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1400000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1c00000 for the chip at 0x0
    Dec 31 16:00:08 unknown user.notice kernel:  Amd/Fujitsu Extended Query Table v1.1 at 0x0040
    Dec 31 16:00:08 unknown user.notice kernel: number of CFI chips: 1
    Dec 31 16:00:08 unknown user.notice kernel: Flash device: 0x400000 at 0x1c000000
    Dec 31 16:00:08 unknown user.notice kernel: Creating 5 MTD partitions on "Physically mapped flash":
    Dec 31 16:00:08 unknown user.notice kernel: 0x00000000-0x00040000 : "pmon"
    Dec 31 16:00:08 unknown user.notice kernel: 0x00040000-0x003f0000 : "linux"
    Dec 31 16:00:08 unknown user.notice kernel: 0x000e103c-0x00350000 : "rootfs"
    Dec 31 16:00:08 unknown user.notice kernel: 0x00350000-0x003f0000 : "jffs2"
    Dec 31 16:00:08 unknown user.notice kernel: 0x003f0000-0x00400000 : "nvram"
    Dec 31 16:00:08 unknown user.err kernel: sflash: found no supported devices
    Dec 31 16:00:08 unknown user.info kernel: NET4: Linux TCP/IP 1.0 for NET4.0
    Dec 31 16:00:08 unknown user.info kernel: IP Protocols: ICMP, UDP, TCP, IGMP
    Dec 31 16:00:08 unknown user.info kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
    Dec 31 16:00:08 unknown user.info kernel: TCP: Hash tables configured (established 1024 bind 2048)
    Dec 31 16:00:08 unknown user.info kernel: Linux IP multicast router 0.06 plus PIM-SM
    Dec 31 16:00:08 unknown user.warn kernel: ip_conntrack version 2.1 (4099 buckets, 2048 max) - 368 bytes per conntrack
    Dec 31 16:00:08 unknown user.warn kernel: ip_tables: (C) 2000-2002 Netfilter core team
    Dec 31 16:00:08 unknown user.info kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
    Dec 31 16:00:08 unknown user.info kernel: NET4: Ethernet Bridge 008 for NET4.0
    Dec 31 16:00:08 unknown user.alert kernel: 802.1Q VLAN Support v1.7 Ben Greear <greearb@candelatech.com>
    Dec 31 16:00:08 unknown user.alert kernel: All bugs added by David S. Miller <davem@redhat.com>
    Dec 31 16:00:08 unknown user.warn kernel: VFS: Mounted root (squashfs filesystem) readonly.
    Dec 31 16:00:08 unknown user.info kernel: Mounted devfs on /dev
    Dec 31 16:00:08 unknown user.info kernel: Freeing unused kernel memory: 64k freed
    Dec 31 16:00:08 unknown user.warn kernel: Algorithmics/MIPS FPU Emulator v1.5
    Dec 31 16:00:08 unknown user.warn kernel: ip_conntrack_pptp version 1.9 loaded
    Dec 31 16:00:08 unknown user.warn kernel: ip_nat_pptp version 1.5 loaded
    Dec 31 16:00:08 unknown user.warn kernel: ip_conntrack_rtsp v0.01 loading
    Dec 31 16:00:08 unknown user.warn kernel: ip_nat_rtsp v0.01 loading
    Dec 31 16:00:08 unknown user.warn kernel: eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.38.0
    Dec 31 16:00:08 unknown user.warn kernel: eth1: Broadcom BCM4318 802.11 Wireless Controller 3.90.38.0
    Dec 31 16:00:08 unknown user.warn kernel: tomato_ct.c [Oct 30 2007 23:19:52]
    Dec 31 16:00:08 unknown user.info kernel: vlan0: dev_set_promiscuity(master, 1)
    Dec 31 16:00:08 unknown user.info kernel: device eth0 entered promiscuous mode
    Dec 31 16:00:08 unknown user.info kernel: device vlan0 entered promiscuous mode
    Dec 31 16:00:08 unknown user.info kernel: device eth1 entered promiscuous mode
    Dec 31 16:00:08 unknown user.info kernel: br0: port 2(eth1) entering learning state
    Dec 31 16:00:08 unknown user.info kernel: br0: port 1(vlan0) entering learning state
    Dec 31 16:00:08 unknown user.warn kernel: 7 f2 f0 2a 04.
    Dec 31 16:00:08 unknown user.info kernel: br0: port 2(eth1) entering forwarding state
    Dec 31 16:00:08 unknown user.info kernel: br0: topology change detected, propagating
    Dec 31 16:00:08 unknown user.info kernel: br0: port 1(vlan0) entering forwarding state
    Dec 31 16:00:08 unknown user.info kernel: br0: topology change detected, propagating
    Dec 31 16:00:08 unknown user.info kernel: vlan1: add 01:00:5e:00:00:01 mcast address to master interface
    Dec 31 16:00:08 unknown cron.notice crond[98]: crond 2.3.2 dillon, started, log level 9 
    Dec 31 16:00:08 unknown daemon.info dnsmasq[104]: started, version 2.40 cachesize 150
    Dec 31 16:00:08 unknown daemon.info dnsmasq[104]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Dec 31 16:00:08 unknown daemon.info dnsmasq[104]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    Dec 31 16:00:08 unknown daemon.warn dnsmasq[104]: failed to access /etc/resolv.dnsmasq: No such file or directory
    Dec 31 16:00:08 unknown daemon.info dnsmasq[104]: read /etc/hosts - 0 addresses
    Dec 31 16:00:08 unknown daemon.info dnsmasq[104]: read /etc/hosts.dnsmasq - 1 addresses
    Dec 31 16:00:09 unknown local0.debug udhcpc[79]: Sending select for 10.0.22.174...
    Dec 31 16:00:09 unknown local0.info udhcpc[79]: Lease of 10.0.22.174 obtained, lease time 600
    Dec 31 16:00:09 unknown daemon.info dnsmasq[104]: exiting on receipt of SIGTERM
    Dec 31 16:00:09 unknown user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: started, version 2.40 cachesize 150
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: reading /etc/resolv.dnsmasq
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: using nameserver 136.148.224.21#53
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: using nameserver 136.148.108.21#53
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: read /etc/hosts - 0 addresses
    Dec 31 16:00:10 unknown daemon.info dnsmasq[125]: read /etc/hosts.dnsmasq - 1 addresses
    
    As you can see, it doesnt seem that OpenVPN is actually being started. Now I changed the proto variable in the client.conf bit from udp to tcp, and SSH'd into the router, and ran ./myvpn --config client.conf. Here's what I got:

    Code:
    Wed Dec 31 16:07:02 1969 us=390079 OpenVPN 2.1_rc4 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Nov  1 2007
    Wed Dec 31 16:07:02 1969 us=421873 LZO compression initialized
    Wed Dec 31 16:07:02 1969 us=429150 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Wed Dec 31 16:07:02 1969 us=435688 RESOLVE: NOTE: cache.lsbu.ac.uk resolves to 4 addresses, choosing one by random
    Wed Dec 31 16:07:02 1969 us=438077 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Dec 31 16:07:02 1969 us=440911 Attempting to establish TCP connection with 136.148.0.181:8080 [nonblock]
    Wed Dec 31 16:07:03 1969 us=444778 TCP connection established with 136.148.0.181:8080
    Wed Dec 31 16:07:03 1969 us=447086 Send to HTTP proxy: 'CONNECT 195.178.106.139:1194 HTTP/1.0'
    Wed Dec 31 16:07:09 1969 us=454903 recv_line: TCP port read timeout expired: Operation now in progress (errno=150)
    Wed Dec 31 16:07:09 1969 us=458666 TCP/UDP: Closing socket
    Wed Dec 31 16:07:09 1969 us=461450 SIGTERM[soft,init_instance] received, process exiting
    
    Any ideas?
     
  80. roadkill

    roadkill Super Moderator Staff Member Member

    I only require OpenVPN log and this is not verb 9
     
  81. Trunkz

    Trunkz LI Guru Member

    How do I get a verb 9 output?
     
  82. vsboost

    vsboost LI Guru Member

    Hi there any chance somebody could tell me what is wrong with my settings


    1) this is my home.ovpn file on my xp computer

    dev tap0
    ifconfig 192.168.1.100 255.255.255.0
    secret static.key
    proto udp
    remote (my external ip) 1194
    keepalive 10 60
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    cipher BF-CBC
    comp-lzo
    verb 3
    float

    2) my init on my router

    sleep 5
    insmod tun.o

    3) my firewall on my router

    iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT

    4) my WAN up on my router

    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    echo "
    -----BEGIN OpenVPN Static key V1-----
    (My Key)
    -----END OpenVPN Static key V1-----

    " > /tmp/static.key

    sleep 5
    ln -s /usr/sbin/openvpn /tmp/myvpn
    /tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 1194 --cipher BF-CBC --proto udp --keepalive 10 60 --verb 3 --daemon



    My router is set up on 192.168.1.1 and DHCP is set to 192.168.1.2-192.168.1.8


    also does anybody know what this means, its in my log

    Dec 6 15:34:57 daemon.warn openvpn[310]: WARNING: file '/tmp/static.key' is group or others accessible

    Any help much appreciated.
     
  83. roadkill

    roadkill Super Moderator Staff Member Member

    try this before running the vpn chmod 600 /tmp/static.key
     
  84. vsboost

    vsboost LI Guru Member


    That fixed it

    Cheers
     
  85. roadkill

    roadkill Super Moderator Staff Member Member

    Code:
    [COLOR=#0000bb]sleep 5 
    insmod tun[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]o 
    [/COLOR][COLOR=#007700]./[/COLOR][COLOR=#0000bb]myvpn [/COLOR][COLOR=#007700]--[/COLOR][COLOR=#0000bb]mktun [/COLOR][COLOR=#007700]--[/COLOR][COLOR=#0000bb]dev tap0 
    brctl addif br0 tap0 
    ifconfig tap0 0.0.0.0 promisc up 
    cd [/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]tmp 
    ln [/COLOR][COLOR=#007700]-[/COLOR][COLOR=#0000bb]s [/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]usr[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]sbin[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]openvpn [/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]tmp[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]myvpn 
    
    [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#dd0000]" 
    client 
    dev tap0 
    proto udp 
    remote 195.178.106.139 1194 
    http-proxy cache.lsbu.ac.uk 8080 
    resolv-retry infinite 
    nobind 
    persist-key 
    persist-tun 
    ca ca.crt 
    cert client.crt 
    key client.key 
    ns-cert-type server 
    comp-lzo 
    [B]verb 3 << 9[/B]
    " [/COLOR][COLOR=#007700]> /[/COLOR][COLOR=#0000bb]tmp[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]client[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]conf 
    
    [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#dd0000]" 
    -----BEGIN CERTIFICATE----- 
    xxxxxxxxxxxxxxxxxxxxxxxxxx 
    -----END CERTIFICATE----- 
    " [/COLOR][COLOR=#007700]> /[/COLOR][COLOR=#0000bb]tmp[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]ca[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]crt  
    
    [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#dd0000]" 
    -----BEGIN RSA PRIVATE KEY----- 
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
    -----END RSA PRIVATE KEY----- 
    " [/COLOR][COLOR=#007700]> /[/COLOR][COLOR=#0000bb]tmp[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]client[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]key 
    chmod 600 [/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]tmp[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]client[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]key 
    
    [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#dd0000]" 
    -----BEGIN CERTIFICATE----- 
    xxxxxxxxxxxxxxxxxxxxxxxxxx 
    -----END CERTIFICATE----- 
    " [/COLOR][COLOR=#007700]> /[/COLOR][COLOR=#0000bb]tmp[/COLOR][COLOR=#007700]/[/COLOR][COLOR=#0000bb]client[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]crt 
    
    [/COLOR][COLOR=#007700]./[/COLOR][COLOR=#0000bb]myvpn [/COLOR][COLOR=#007700]--[/COLOR][COLOR=#0000bb]config client[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000bb]conf  
    [/COLOR]
     
  86. Trunkz

    Trunkz LI Guru Member

    Okey, I'm now using the .conf file provided by my VPN provider. Its as follows:

    PHP:
    sleep 5
    insmod tun
    .o
    ./myvpn --mktun --dev tun
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    cd 
    /tmp
    ln 
    -/usr/sbin/openvpn /tmp/myvpn

    echo "
    remote 195.178.106.139 # tree load: 0 
    auth-user-pass 
    client 
    ca ca.crt 
    cert trunkz.crt 
    key trunkz.key 
    dev tun 
    topology subnet 
    ns-cert-type server 
    proto tcp 
    port 443 
    nobind 
    persist-key 
    persist-tun 
    ping 15 
    ping-restart 45 
    ping-timer-rem 
    tls-client 
    pull 
    comp-lzo  
    http-proxy cache.lsbu.ac.uk 8080
    verb 9
    > /tmp/client.conf

    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    > /tmp/ca.crt 

    echo "
    -----BEGIN RSA PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END RSA PRIVATE KEY-----
    > /tmp/trunkz.key
    chmod 600 
    /tmp/trunkz.key

    echo "
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
    > /tmp/trunkz.crt
    The output of doing ./myvpn --config client.conf:

    Code:
    Wed Dec 31 16:02:12 1969 us=768875 OpenVPN 2.1_rc4 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Nov  1 2007
    Enter Auth Username:Trunkz
    Enter Auth Password:
    Wed Dec 31 16:02:18 1969 us=622522 LZO compression initialized
    Wed Dec 31 16:02:18 1969 us=629811 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Wed Dec 31 16:02:18 1969 us=646415 RESOLVE: NOTE: cache.lsbu.ac.uk resolves to 4 addresses, choosing one by random
    Wed Dec 31 16:02:18 1969 us=648804 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Dec 31 16:02:18 1969 us=651646 Attempting to establish TCP connection with 136.148.0.181:8080 [nonblock]
    Wed Dec 31 16:02:19 1969 us=654779 TCP connection established with 136.148.0.181:8080
    Wed Dec 31 16:02:19 1969 us=657057 Send to HTTP proxy: 'CONNECT 195.178.106.139:443 HTTP/1.0'
    Wed Dec 31 16:02:20 1969 us=692308 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
    Wed Dec 31 16:02:22 1969 us=694702 Socket Buffers: R=[43689->65534] S=[16384->65534]
    Wed Dec 31 16:02:22 1969 us=696838 TCPv4_CLIENT link local: [undef]
    Wed Dec 31 16:02:22 1969 us=698935 TCPv4_CLIENT link remote: 136.148.0.181:8080
    Wed Dec 31 16:02:22 1969 us=703028  event_wait returned 1
    Wed Dec 31 16:02:22 1969 us=706020 TCPv4_CLIENT WRITE [14] to 136.148.0.181:8080: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=712f4ed0 3640578b [ ] pid=0 DATA 
    Wed Dec 31 16:02:22 1969 us=708452 TCPv4_CLIENT write returned 16
    Wed Dec 31 16:02:22 1969 us=726526  event_wait returned 1
    Wed Dec 31 16:02:22 1969 us=728624 TCPv4_CLIENT read returned 26
    Wed Dec 31 16:02:22 1969 us=731598 TCPv4_CLIENT READ [26] from 136.148.0.181:8080: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=948d16a1 3b3e0afa [ 0 sid=712f4ed0 3640578b ] pid=0 DATA 
    Wed Dec 31 16:02:22 1969 us=734321 TLS: Initial packet from 136.148.0.181:8080, sid=948d16a1 3b3e0afa
    Wed Dec 31 16:02:22 1969 us=737251  event_wait returned 1
    Wed Dec 31 16:02:22 1969 us=740118 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 0 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:22 1969 us=742544 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:22 1969 us=746072  event_wait returned 1
    Wed Dec 31 16:02:22 1969 us=751486 TCPv4_CLIENT WRITE [104] to 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=712f4ed0 3640578b [ ] pid=1 DATA 16030100 55010000 51030100 00008ebd 6c47f3ad ff75a1f8 0bcfdd0e e6c1434[more...]
    Wed Dec 31 16:02:22 1969 us=753808 TCPv4_CLIENT write returned 106
    Wed Dec 31 16:02:22 1969 us=978589  event_wait returned 1
    Wed Dec 31 16:02:22 1969 us=980663 TCPv4_CLIENT read returned 126
    Wed Dec 31 16:02:22 1969 us=986877 TCPv4_CLIENT READ [126] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ 1 sid=712f4ed0 3640578b ] pid=1 DATA 16030100 2a020000 26030147 57b6887c 5f6d4166 08a04d0f cd26f3b6 e791b72[more...]
    Wed Dec 31 16:02:22 1969 us=990963  event_wait returned 1
    Wed Dec 31 16:02:22 1969 us=993826 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 1 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:22 1969 us=996292 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=8542  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=10647 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=16503 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=2 DATA 03550406 13022e2e 310b3009 06035504 0813022e 2e310a30 08060355 0407130[more...]
    Wed Dec 31 16:02:23 1969 us=20293 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=26199 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=3 DATA 31373032 32333231 32363231 5a305531 0b300906 03550406 13022e2e 310b300[more...]
    Wed Dec 31 16:02:23 1969 us=29628 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=35521 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=4 DATA 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00bdaab[more...]
    Wed Dec 31 16:02:23 1969 us=38976 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=45101 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=5 DATA 3402ca02 6e3c8685 2daa64a1 99cc42d7 86b94579 e96a3aab a4aa1bbf 6e8e160[more...]
    Wed Dec 31 16:02:23 1969 us=48562  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=51399 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 2 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=53825 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=56585  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=59500 TCPv4_CLIENT WRITE [30] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 3 4 5 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=61690 TCPv4_CLIENT write returned 32
    Wed Dec 31 16:02:23 1969 us=67243  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=69358 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=75174 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=6 DATA 30340609 60864801 86f84201 0d042716 25456173 792d5253 41204765 6e65726[more...]
    Wed Dec 31 16:02:23 1969 us=78679  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=81810 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 6 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=84237 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=87002  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=89057 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=94978 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=7 DATA 7a792213 7488d144 81845dfe aeed13f4 4052a15a a4583056 310b3009 0603550[more...]
    Wed Dec 31 16:02:23 1969 us=98823  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=101675 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 7 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=104100 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=106856  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=108924 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=115112 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=8 DATA 86f70d01 09011602 2e2e8201 00301306 03551d25 040c300a 06082b06 0105050[more...]
    Wed Dec 31 16:02:23 1969 us=118550 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=124757 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=9 DATA 139e7e07 d3593219 2ccaeb59 a0268096 ca47bb3a 7079ae55 3342a3d4 7f45e51[more...]
    Wed Dec 31 16:02:23 1969 us=128217  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=131068 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 8 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=133492 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=136253  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=139154 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 9 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=141357 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=144037  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=146166 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=152466 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=10 DATA d3308202 3ca00302 01020201 00300d06 092a8648 86f70d01 01050500 3056310[more...]
    Wed Dec 31 16:02:23 1969 us=156036  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=158895 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 10 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=161092 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=164274  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=166428 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=172187 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=11 DATA 0f06092a 864886f7 0d010901 16022e2e 301e170d 30373032 31353231 3535313[more...]
    Wed Dec 31 16:02:23 1969 us=175667 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=181712 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=12 DATA 2e310e30 0c060355 04031305 2e2e2043 41311130 0f06092a 864886f7 0d01090[more...]
    Wed Dec 31 16:02:23 1969 us=185246  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=188123 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 11 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=190545 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=193273  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=196156 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 12 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=198362 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=201042  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=203106 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=209503 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=13 DATA 5328a63c c8a50a3a 315904f9 e443c139 e8d06811 95129901 edff6e30 605b99c[more...]
    Wed Dec 31 16:02:23 1969 us=213014  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=215922 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 13 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=218122 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=221265  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=223403 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=229209 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=14 DATA b03081ad 301d0603 551d0e04 160414d6 d27a7922 137488d1 4481845d feaeed1[more...]
    Wed Dec 31 16:02:23 1969 us=232630 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=238452 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=15 DATA 310a3008 06035504 0713012e 310b3009 06035504 0a13022e 2e310e30 0c06035[more...]
    Wed Dec 31 16:02:23 1969 us=242224  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=245192 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 14 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=247615 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=250348  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=253192 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 15 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=255422 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=256730  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=257419 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=262291 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=16 DATA e239eebc c112c1ad 4492fa9d d23a817b 0870514d 23a84044 4f984751 c518352[more...]
    Wed Dec 31 16:02:23 1969 us=264229  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=265782 TCPv4_CLIENT WRITE [22] to 136.148.0.181:8080: P_ACK_V1 kid=0 sid=712f4ed0 3640578b [ 16 sid=948d16a1 3b3e0afa ]
    Wed Dec 31 16:02:23 1969 us=266480 TCPv4_CLIENT write returned 24
    Wed Dec 31 16:02:23 1969 us=267759  event_wait returned 1
    Wed Dec 31 16:02:23 1969 us=268446 TCPv4_CLIENT read returned 114
    Wed Dec 31 16:02:23 1969 us=272829 TCPv4_CLIENT READ [114] from 136.148.0.181:8080: P_CONTROL_V1 kid=0 sid=948d16a1 3b3e0afa [ ] pid=17 DATA 2065af1b 36af56ee a75a1801 6f240978 28aefad3 bc1a58d2 16030101 8d0c000[more...]
    Wed Dec 31 16:02:23 1969 us=298833 VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=../ST=../L=./O=../CN=.._CA/Email=..
    Wed Dec 31 16:02:23 1969 us=301374 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Wed Dec 31 16:02:23 1969 us=302013 TLS Error: TLS object -> incoming plaintext read error
    Wed Dec 31 16:02:23 1969 us=302572 TLS Error: TLS handshake failed
    Wed Dec 31 16:02:23 1969 us=305484 Fatal TLS error (check_tls_errors_co), restarting
    Wed Dec 31 16:02:23 1969 us=306568 TCP/UDP: Closing socket
    Wed Dec 31 16:02:23 1969 us=307646 SIGUSR1[soft,tls-error] received, process restarting
    Wed Dec 31 16:02:23 1969 us=308363 Restart pause, 5 second(s)
    
     
  87. roadkill

    roadkill Super Moderator Staff Member Member

    Wed Dec 31 16:02:23 1969 us=301374 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Wed Dec 31 16:02:23 1969 us=302013 TLS Error: TLS object -> incoming plaintext read error
    Wed Dec 31 16:02:23 1969 us=302572 TLS Error: TLS handshake failed
    Wed Dec 31 16:02:23 1969 us=305484 Fatal TLS error (check_tls_errors_co), restarting
    Wed Dec 31 16:02:23 1969 us=306568 TCP/UDP: Closing socket
    Wed Dec 31 16:02:23 1969 us=307646 SIGUSR1[soft,tls-error] received, process restarting
    Wed Dec 31 16:02:23 1969 us=308363 Restart pause, 5 second(s)


    time zone data must match!, TLS certificate is expired so encryption negotiation is not completed.
     
  88. Trunkz

    Trunkz LI Guru Member

    Errm, I dont understand lol. What can I do to remedy this? I can connect to my VPN fine via their little OpenVPN-app. (i.e. the generic ones you get with pretty much every VPN provider out there) I got the certificate files from there as well, so it cant be that.
     
  89. roadkill

    roadkill Super Moderator Staff Member Member

    match the time zone data in server and client GMT+something is not the same so TLS certificate is expiring before reaching the destination...
     
  90. Trunkz

    Trunkz LI Guru Member

    Yeah that problem just got fixed. Since I'm behind an HTTP proxy, I cant access NTP servers (which is what the router relies on for its time / date) A simple date -s solved that. However, now I just get this, repeated over and over and over:

    Code:
    # ./myvpn --config client.conf
    Thu Dec  6 14:14:16 2007 us=630418 OpenVPN 2.1_rc4 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Nov  1 2007
    Enter Auth Username:Trunkz
    Enter Auth Password:
    Thu Dec  6 14:14:21 2007 us=652814 LZO compression initialized
    Thu Dec  6 14:14:21 2007 us=660093 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Thu Dec  6 14:14:21 2007 us=666544 RESOLVE: NOTE: cache.lsbu.ac.uk resolves to 4 addresses, choosing one by random
    Thu Dec  6 14:14:21 2007 us=668953 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
    Thu Dec  6 14:14:21 2007 us=671932 Attempting to establish TCP connection with 136.148.109.155:8080 [nonblock]
    Thu Dec  6 14:14:22 2007 us=684452 TCP connection established with 136.148.109.155:8080
    Thu Dec  6 14:14:22 2007 us=686712 Send to HTTP proxy: 'CONNECT 195.178.106.139:443 HTTP/1.0'
    Thu Dec  6 14:14:23 2007 us=732601 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
    Thu Dec  6 14:14:25 2007 us=734384 Socket Buffers: R=[43689->65534] S=[16384->65534]
    Thu Dec  6 14:14:25 2007 us=736492 TCPv4_CLIENT link local: [undef]
    Thu Dec  6 14:14:25 2007 us=738608 TCPv4_CLIENT link remote: 136.148.109.155:8080
    Thu Dec  6 14:14:25 2007 us=742570  event_wait returned 1
    Thu Dec  6 14:14:25 2007 us=745536 TCPv4_CLIENT WRITE [14] to 136.148.109.155:8080: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=97f0982d dfba8dcf [ ] pid=0 DATA 
    Thu Dec  6 14:14:25 2007 us=747978 TCPv4_CLIENT write returned 16
    Thu Dec  6 14:14:25 2007 us=877759  event_wait returned 1
    Thu Dec  6 14:14:25 2007 us=879844 TCPv4_CLIENT read returned 26
    Thu Dec  6 14:14:25 2007 us=882755 TCPv4_CLIENT READ [26] from 136.148.109.155:8080: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=10618516 0aaa818d [ 0 sid=97f0982d dfba8dcf ] pid=0 DATA 
    Thu Dec  6 14:14:25 2007 us=885527 TLS: Initial packet from 136.148.109.155:8080, sid=10618516 0aaa818d
    Thu Dec  6 14:14:25 2007 us=888352  event_wait returned 1
    Thu Dec  6 14:14:25 2007 us=891236 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 0 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:25 2007 us=893651 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:25 2007 us=897444  event_wait returned 1
    Thu Dec  6 14:14:25 2007 us=902848 TCPv4_CLIENT WRITE [104] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=1 DATA 16030100 55010000 51030147 5803c1e8 44b2949d c1a959fa 6ce81a60 1232cf0[more...]
    Thu Dec  6 14:14:25 2007 us=905420 TCPv4_CLIENT write returned 106
    Thu Dec  6 14:14:25 2007 us=960981  event_wait returned 1
    Thu Dec  6 14:14:25 2007 us=963071 TCPv4_CLIENT read returned 126
    Thu Dec  6 14:14:25 2007 us=969225 TCPv4_CLIENT READ [126] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ 1 sid=97f0982d dfba8dcf ] pid=1 DATA 16030100 2a020000 26030147 580405cd e306159f 00f07083 f10d8a11 d64f2b4[more...]
    Thu Dec  6 14:14:25 2007 us=973228 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:25 2007 us=979051 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=2 DATA 03550406 13022e2e 310b3009 06035504 0813022e 2e310a30 08060355 0407130[more...]
    Thu Dec  6 14:14:25 2007 us=982480 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:25 2007 us=988288 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=3 DATA 31373032 32333231 32363231 5a305531 0b300906 03550406 13022e2e 310b300[more...]
    Thu Dec  6 14:14:25 2007 us=991710 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:25 2007 us=997850 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=4 DATA 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00bdaab[more...]
    Thu Dec  6 14:14:26 2007 us=1320  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=4224 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 1 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=6635 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=9347  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=12379 TCPv4_CLIENT WRITE [30] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 2 3 4 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=14610 TCPv4_CLIENT write returned 32
    Thu Dec  6 14:14:26 2007 us=44815  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=46928 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=52686 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=5 DATA 3402ca02 6e3c8685 2daa64a1 99cc42d7 86b94579 e96a3aab a4aa1bbf 6e8e160[more...]
    Thu Dec  6 14:14:26 2007 us=56172 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=61914 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=6 DATA 30340609 60864801 86f84201 0d042716 25456173 792d5253 41204765 6e65726[more...]
    Thu Dec  6 14:14:26 2007 us=65390 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=71205 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=7 DATA 7a792213 7488d144 81845dfe aeed13f4 4052a15a a4583056 310b3009 0603550[more...]
    Thu Dec  6 14:14:26 2007 us=74662 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=80452 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=8 DATA 86f70d01 09011602 2e2e8201 00301306 03551d25 040c300a 06082b06 0105050[more...]
    Thu Dec  6 14:14:26 2007 us=83894  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=86783 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 5 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=89196 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=91905  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=94924 TCPv4_CLIENT WRITE [30] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 6 7 8 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=97102 TCPv4_CLIENT write returned 32
    Thu Dec  6 14:14:26 2007 us=124831  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=126920 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=132699 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=9 DATA 139e7e07 d3593219 2ccaeb59 a0268096 ca47bb3a 7079ae55 3342a3d4 7f45e51[more...]
    Thu Dec  6 14:14:26 2007 us=136248  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=139142 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 9 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=141333 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=172254  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=174381 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=180146 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=10 DATA d3308202 3ca00302 01020201 00300d06 092a8648 86f70d01 01050500 3056310[more...]
    Thu Dec  6 14:14:26 2007 us=183648  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=186549 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 10 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=188957 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=202238  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=204359 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=210162 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=11 DATA 0f06092a 864886f7 0d010901 16022e2e 301e170d 30373032 31353231 3535313[more...]
    Thu Dec  6 14:14:26 2007 us=213621 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=219455 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=12 DATA 2e310e30 0c060355 04031305 2e2e2043 41311130 0f06092a 864886f7 0d01090[more...]
    Thu Dec  6 14:14:26 2007 us=222921  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=225974 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 11 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=228390 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=231246  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=234078 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 12 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=236541 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=239220  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=241324 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=247141 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=13 DATA 5328a63c c8a50a3a 315904f9 e443c139 e8d06811 95129901 edff6e30 605b99c[more...]
    Thu Dec  6 14:14:26 2007 us=250649  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=253505 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 13 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=255738 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=270928  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=272996 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=278813 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=14 DATA b03081ad 301d0603 551d0e04 160414d6 d27a7922 137488d1 4481845d feaeed1[more...]
    Thu Dec  6 14:14:26 2007 us=282548 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=288366 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=15 DATA 310a3008 06035504 0713012e 310b3009 06035504 0a13022e 2e310e30 0c06035[more...]
    Thu Dec  6 14:14:26 2007 us=291834  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=294772 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 14 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=295740 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=297047  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=298495 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 15 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=299175 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=306715  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=307412 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=311793 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=16 DATA e239eebc c112c1ad 4492fa9d d23a817b 0870514d 23a84044 4f984751 c518352[more...]
    Thu Dec  6 14:14:26 2007 us=313701  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=315216 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 16 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=315898 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=337079  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=339181 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=345068 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=17 DATA 2065af1b 36af56ee a75a1801 6f240978 28aefad3 bc1a58d2 16030101 8d0c000[more...]
    Thu Dec  6 14:14:26 2007 us=373002 VERIFY OK: depth=1, /C=../ST=../L=./O=../CN=.._CA/Email=..
    Thu Dec  6 14:14:26 2007 us=387411 VERIFY OK: nsCertType=SERVER
    Thu Dec  6 14:14:26 2007 us=389398 VERIFY OK: depth=0, /C=../ST=../L=./O=../CN=tree/Email=..
    Thu Dec  6 14:14:26 2007 us=392546  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=395467 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 17 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=397878 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=400575  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=402919 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=409017 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=18 DATA 5281c70f 8e6e2587 b8679844 34fe6c1c b79920c7 d7dc8281 373e2862 bb059f6[more...]
    Thu Dec  6 14:14:26 2007 us=412756 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=418558 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=19 DATA 267dba5c faacd243 ce399e27 de6a3332 64c2753c ed8dcf45 d8e1d2fa 679ee8d[more...]
    Thu Dec  6 14:14:26 2007 us=420453  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=421907 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 18 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=422846 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=424230  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=425689 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 19 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=426363 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=427629  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=428298 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=432607 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=20 DATA 17229a3a 301f092d c4ccba8b eb691909 f5699f01 ae1efc9b 9bc5b572 53b0ff5[more...]
    Thu Dec  6 14:14:26 2007 us=434577  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=436032 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 20 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=436695 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=441180  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=443545 TCPv4_CLIENT read returned 114
    Thu Dec  6 14:14:26 2007 us=449417 TCPv4_CLIENT READ [114] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=21 DATA 999516da 078f40c2 69dd9053 cd1db255 98bf4a78 8dbc1928 a2081603 0100690[more...]
    Thu Dec  6 14:14:26 2007 us=468387  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=471225 TCPv4_CLIENT WRITE [22] to 136.148.109.155:8080: P_ACK_V1 kid=0 sid=97f0982d dfba8dcf [ 21 sid=10618516 0aaa818d ]
    Thu Dec  6 14:14:26 2007 us=473641 TCPv4_CLIENT write returned 24
    Thu Dec  6 14:14:26 2007 us=476383  event_wait returned 1
    Thu Dec  6 14:14:26 2007 us=478435 TCPv4_CLIENT read returned 50
    Thu Dec  6 14:14:26 2007 us=482194 TCPv4_CLIENT READ [50] from 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=10618516 0aaa818d [ ] pid=22 DATA 0c060355 04031305 2e2e2043 41311130 0f06092a 864886f7 0d010901 16022e2[more...]
    Thu Dec  6 14:14:27 2007 us=779003  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=785383 TCPv4_CLIENT WRITE [126] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ 22 sid=10618516 0aaa818d ] pid=2 DATA 16030106 0b0b0006 07000604 00032730 82032330 82028ca0 03020102 0202011[more...]
    Thu Dec  6 14:14:27 2007 us=787980 TCPv4_CLIENT write returned 128
    Thu Dec  6 14:14:27 2007 us=791053  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=796828 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=3 DATA 310e300c 06035504 0313052e 2e204341 3111300f 06092a86 4886f70d 0109011[more...]
    Thu Dec  6 14:14:27 2007 us=799371 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=802172  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=808086 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=4 DATA 03550407 13012e31 0b300906 0355040a 13022e2e 310f300d 06035504 0313067[more...]
    Thu Dec  6 14:14:27 2007 us=810615 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=813664  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=819389 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=5 DATA 5ab6903a 8a4d38f2 27e05985 f410c9e4 e286b7c8 fc28708d e0389b29 6e4d150[more...]
    Thu Dec  6 14:14:27 2007 us=822147 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=824947  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=827003 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=829863 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 2 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=832837  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=838582 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=6 DATA d2c8ed86 948e313f 08d969c9 3d020301 0001a381 fe3081fb 30090603 551d130[more...]
    Thu Dec  6 14:14:27 2007 us=840877 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=856446  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=858532 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=861380 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 3 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=864452  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=870166 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=7 DATA 47441562 b13edc2b 446767b7 a6307e06 03551d23 04773075 8014d6d2 7a79221[more...]
    Thu Dec  6 14:14:27 2007 us=872615 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=888186  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=890288 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=893159 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 4 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=896261 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=899114 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 5 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=902447  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=908198 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=8 DATA 022e2e31 0e300c06 03550403 13052e2e 20434131 11300f06 092a8648 86f70d0[more...]
    Thu Dec  6 14:14:27 2007 us=910493 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=912699  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=918412 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=9 DATA 4faf7498 05db1510 b019a4b1 e60a56c6 4b3e2c53 14c4aa64 3de6dc41 fb1d3f9[more...]
    Thu Dec  6 14:14:27 2007 us=921251 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=923908  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=926016 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=928880 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 6 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=931822  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=937630 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=10 DATA 3789225a df7be3b8 0134a32b b6f08647 044fb536 e9bc0002 d7308202 d330820[more...]
    Thu Dec  6 14:14:27 2007 us=939957 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=952515  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=954642 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=957806 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 7 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=961195  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=966957 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=11 DATA 06035504 0a13022e 2e310e30 0c060355 04031305 2e2e2043 41311130 0f06092[more...]
    Thu Dec  6 14:14:27 2007 us=969299 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:27 2007 us=984956  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=987045 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:27 2007 us=989906 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 8 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:27 2007 us=992859  event_wait returned 1
    Thu Dec  6 14:14:27 2007 us=998586 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=12 DATA 13022e2e 310a3008 06035504 0713012e 310b3009 06035504 0a13022e 2e310e3[more...]
    Thu Dec  6 14:14:28 2007 us=1065 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:28 2007 us=17177  event_wait returned 1
    Thu Dec  6 14:14:28 2007 us=19262 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:28 2007 us=22119 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 9 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:28 2007 us=25065 TCPv4_CLIENT read returned 22
    Thu Dec  6 14:14:28 2007 us=27928 TCPv4_CLIENT READ [22] from 136.148.109.155:8080: P_ACK_V1 kid=0 sid=10618516 0aaa818d [ 10 sid=97f0982d dfba8dcf ]
    Thu Dec  6 14:14:28 2007 us=31225  event_wait returned 1
    Thu Dec  6 14:14:28 2007 us=37001 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=13 DATA 228a7727 646bce78 59b39447 bab35065 40b025f9 67c3a4dc 4a6632a6 5328a63[more...]
    Thu Dec  6 14:14:28 2007 us=39298 TCPv4_CLIENT write returned 116
    Thu Dec  6 14:14:28 2007 us=41875  event_wait returned 1
    Thu Dec  6 14:14:28 2007 us=48270 TCPv4_CLIENT WRITE [114] to 136.148.109.155:8080: P_CONTROL_V1 kid=0 sid=97f0982d dfba8dcf [ ] pid=14 DATA 4035650b 77449120 1edde838 2190c14a 9fd36c3e e7020301 0001a381 b03081a[more...]
    
    Now what? :D
     
  91. roadkill

    roadkill Super Moderator Staff Member Member

    move the log back to verb 3 and ping/traceroute the destination
     
  92. Trunkz

    Trunkz LI Guru Member

    Verb 3 Log:

    Code:
    # ./myvpn --config client.conf
    Thu Dec  6 15:56:14 2007 OpenVPN 2.1_rc4 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Nov  1 2007
    Enter Auth Username:Trunkz
    Enter Auth Password:
    Thu Dec  6 15:56:18 2007 LZO compression initialized
    Thu Dec  6 15:56:18 2007 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Thu Dec  6 15:56:18 2007 RESOLVE: NOTE: cache.lsbu.ac.uk resolves to 4 addresses, choosing one by random
    Thu Dec  6 15:56:18 2007 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
    Thu Dec  6 15:56:18 2007 Attempting to establish TCP connection with 136.148.109.154:8080 [nonblock]
    Thu Dec  6 15:56:19 2007 TCP connection established with 136.148.109.154:8080
    Thu Dec  6 15:56:19 2007 Send to HTTP proxy: 'CONNECT 195.178.106.139:443 HTTP/1.0'
    Thu Dec  6 15:56:20 2007 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
    Thu Dec  6 15:56:22 2007 Socket Buffers: R=[43689->65534] S=[16384->65534]
    Thu Dec  6 15:56:22 2007 TCPv4_CLIENT link local: [undef]
    Thu Dec  6 15:56:22 2007 TCPv4_CLIENT link remote: 136.148.109.154:8080
    Thu Dec  6 15:56:22 2007 TLS: Initial packet from 136.148.109.154:8080, sid=508759cf 3eba3040
    Thu Dec  6 15:56:23 2007 VERIFY OK: depth=1, /C=../ST=../L=./O=../CN=.._CA/Email=..
    Thu Dec  6 15:56:23 2007 VERIFY OK: nsCertType=SERVER
    Thu Dec  6 15:56:23 2007 VERIFY OK: depth=0, /C=../ST=../L=./O=../CN=tree/Email=..
    Thu Dec  6 15:56:25 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec  6 15:56:25 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec  6 15:56:25 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec  6 15:56:25 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec  6 15:56:25 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Thu Dec  6 15:56:25 2007 [tree] Peer Connection Initiated with 136.148.109.154:8080
    Thu Dec  6 15:56:26 2007 SENT CONTROL [tree]: 'PUSH_REQUEST' (status=1)
    Thu Dec  6 15:56:26 2007 PUSH: Received control message: 'PUSH_REPLY,route-gateway 195.178.106.1,redirect-gateway def1,dhcp-option DNS  195.178.106.162,dhcp-option DOMAIN tree.vpntunnel.co.uk,topology subnet,ping 10,ping-restart 40,ifconfig 195.178.106.225 255.255.255.0'
    Thu Dec  6 15:56:26 2007 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Dec  6 15:56:26 2007 OPTIONS IMPORT: --ifconfig/up options modified
    Thu Dec  6 15:56:26 2007 OPTIONS IMPORT: route options modified
    Thu Dec  6 15:56:26 2007 OPTIONS IMPORT: route-related options modified
    Thu Dec  6 15:56:26 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Thu Dec  6 15:56:26 2007 TUN/TAP device tap0 opened
    Thu Dec  6 15:56:26 2007 TUN/TAP TX queue length set to 100
    Thu Dec  6 15:56:26 2007 /sbin/ifconfig tap0 195.178.106.225 netmask 255.255.255.0 mtu 1500 broadcast 195.178.106.255
    Thu Dec  6 15:56:26 2007 /sbin/route add -net 136.148.109.154 netmask 255.255.255.255 gw 10.0.22.173
    Thu Dec  6 15:56:26 2007 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 195.178.106.1
    Thu Dec  6 15:56:26 2007 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 195.178.106.1
    Thu Dec  6 15:56:27 2007 Initialization Sequence Completed
    
    No luck with ping. (Tried pinging 195.178.106.255 thru the tamato webif, no luck) Where's my manners?! Sorry lol, thanks for helping me this far :D
     
  93. roadkill

    roadkill Super Moderator Staff Member Member

    looks good... maybe ip addresses on both ends are overlapping?
     
  94. Trunkz

    Trunkz LI Guru Member

    Cant be.. The IP address I get from my normal connection is 136.x.x.x whereas this one its more of 195.x.x.x, you can see that in the log anyways. Is there anythin else I need to change on the router? Turn off DHCP or wtv :eek:
     
  95. roadkill

    roadkill Super Moderator Staff Member Member

    you are right ip overlapping is out of the question..
    do you want to push or pull dhcp packets?
     
  96. Trunkz

    Trunkz LI Guru Member

    Not too sure by what you're meaning, but what I need is to 'move' traffic from here to my VPN server. (Specifically, get Xbox Live to work through this annoying university proxy :p)
     
  97. roadkill

    roadkill Super Moderator Staff Member Member

    do you mind posting a netstat -nr and ifconfig tap0
     
  98. Trunkz

    Trunkz LI Guru Member

    Netstat -nr:

    Code:
    # netstat -nr
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    136.148.109.154 10.0.22.173     255.255.255.255 UGH      40 0          0 vlan1
    10.0.22.172     0.0.0.0         255.255.255.252 U        40 0          0 vlan1
    192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 br0
    195.178.106.0   0.0.0.0         255.255.255.0   U        40 0          0 tap0
    127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
    0.0.0.0         195.178.106.1   128.0.0.0       UG       40 0          0 tap0
    128.0.0.0       195.178.106.1   128.0.0.0       UG       40 0          0 tap0
    0.0.0.0         10.0.22.173     0.0.0.0         UG       40 0          0 vlan1
    
    ifconfig tap0:

    Code:
    # ifconfig tap0
    tap0       Link encap:Ethernet  HWaddr 00:FF:B3:6F:54:75  
               inet addr:195.178.106.225  Bcast:195.178.106.255  Mask:255.255.255.0
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:0 errors:0 dropped:0 overruns:0 frame:0
               TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:100 
               RX bytes:0 (0.0 B)  TX bytes:1638 (1.5 KiB)
    
     
  99. roadkill

    roadkill Super Moderator Staff Member Member

    you suppose to have connectivity... try to traceroute the 195.x.x.x address and post the results maybe you need an additional to add an additional route please try to do it from the pc connected to the router and from the router itself using ssh/telnet.
     
  100. Trunkz

    Trunkz LI Guru Member

    Nothing. Neither can trace-route the IP =/
     

Share This Page