View Single Post
  #1   (View Single Post)  
Old 5th May 2008
MME MME is offline
New User
 
Join Date: May 2008
Posts: 1
Default OpenVPN - Problem with connections

Hi,

I've set up OpenVPN on our firewall running FreeBSD 7.0, but I'm having trouble with getting everything to work ok.

My setup looks like this:

Internet --- (1.2.3.4) Firewall (192.168.0.33) --- Internal Network

Clients on the Internet can connect to the firewall without problems, and I can for example ssh to 192.168.0.33 after connecting with openvpn, but I can't reach anything else on my internal network. I have plenty of machines on the internal network but I can't reach any of them, not even with ping. Maybe a routing problem?

Firewall configuration:
Code:
dev tun
local 1.2.3.4
port 1194
proto udp

server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt

ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem

push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.10"
push "dhcp-option DNS 192.168.0.25"
push "dhcp-option DOMAIN starwars.local"

comp-lzo

keepalive 10 60
ping-timer-rem
persist-tun
persist-key

group nobody
daemon
Client configuration:
Code:
client
remote 1.2.3.4 1194
dev tun

ca ca.crt
cert client.crt
key client.key

comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

verb 3
Routing info on the client while being connected to the vpn:
Code:
          0.0.0.0          0.0.0.0      192.168.4.1    192.168.4.78       25
          0.0.0.0          0.0.0.0      192.168.4.1    192.168.4.83       20
       10.10.10.1  255.255.255.255       10.10.10.5      10.10.10.6       1
       10.10.10.4  255.255.255.252       10.10.10.6      10.10.10.6       30
       10.10.10.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255       10.10.10.6      10.10.10.6       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0       10.10.10.5      10.10.10.6       1
      192.168.4.0    255.255.255.0     192.168.4.78    192.168.4.78       25
      192.168.4.0    255.255.255.0     192.168.4.83    192.168.4.83       20
     192.168.4.78  255.255.255.255        127.0.0.1       127.0.0.1       25
     192.168.4.83  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.4.255  255.255.255.255     192.168.4.78    192.168.4.78       25
    192.168.4.255  255.255.255.255     192.168.4.83    192.168.4.83       20
        224.0.0.0        240.0.0.0       10.10.10.6      10.10.10.6       30
        224.0.0.0        240.0.0.0     192.168.4.78    192.168.4.78       25
        224.0.0.0        240.0.0.0     192.168.4.83    192.168.4.83       20
  255.255.255.255  255.255.255.255       10.10.10.6      10.10.10.6       1
  255.255.255.255  255.255.255.255     192.168.4.78    192.168.4.78       1
  255.255.255.255  255.255.255.255     192.168.4.83    192.168.4.83       1
Gateway:       192.168.4.1
Log from the client during connection:
Code:
Mon May 05 13:02:22 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Mon May 05 13:02:22 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon May 05 13:02:22 2008 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon May 05 13:02:22 2008 LZO compression initialized
Mon May 05 13:02:22 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon May 05 13:02:22 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon May 05 13:02:22 2008 Local Options hash (VER=V4): '41690919'
Mon May 05 13:02:22 2008 Expected Remote Options hash (VER=V4): '530fdded'
Mon May 05 13:02:22 2008 UDPv4 link local (bound): [undef]:1194
Mon May 05 13:02:22 2008 UDPv4 link remote: 1.2.3.4:1194
Mon May 05 13:02:22 2008 TLS: Initial packet from 1.2.3.4:1194, sid=4ae4907e 12cd6dc6
Mon May 05 13:02:24 2008 VERIFY OK: depth=1, <HIDDEN>
Mon May 05 13:02:24 2008 VERIFY OK: depth=0, <HIDDEN>
Mon May 05 13:02:25 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 05 13:02:25 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 05 13:02:25 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 05 13:02:25 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 05 13:02:25 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon May 05 13:02:25 2008 [SERVER] Peer Connection Initiated with 1.2.3.4:1194
Mon May 05 13:02:27 2008 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
Mon May 05 13:02:27 2008 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,dhcp-option DNS 192.168.0.10,dhcp-option DNS 192.168.0.25,dhcp-option DOMAIN starwars.local,route 10.10.10.1,ping 10,ping-restart 60,ifconfig 10.10.10.6 10.10.10.5'
Mon May 05 13:02:27 2008 OPTIONS IMPORT: timers and/or timeouts modified
Mon May 05 13:02:27 2008 OPTIONS IMPORT: --ifconfig/up options modified
Mon May 05 13:02:27 2008 OPTIONS IMPORT: route options modified
Mon May 05 13:02:27 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon May 05 13:02:27 2008 TAP-WIN32 device [Anslutning till lokalt nätverk 8] opened: \\.\Global\{3C96F03B-BB81-451A-8090-FF62E86FB252}.tap
Mon May 05 13:02:27 2008 TAP-Win32 Driver Version 8.4 
Mon May 05 13:02:27 2008 TAP-Win32 MTU=1500
Mon May 05 13:02:27 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.10.6/255.255.255.252 on interface {3C96F03B-BB81-451A-8090-FF62E86FB252} [DHCP-serv: 10.10.10.5, lease-time: 31536000]
Mon May 05 13:02:27 2008 Successful ARP Flush on interface [4] {3C96F03B-BB81-451A-8090-FF62E86FB252}
Mon May 05 13:02:27 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Mon May 05 13:02:27 2008 Route: Waiting for TUN/TAP interface to come up...
Mon May 05 13:02:28 2008 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Mon May 05 13:02:28 2008 route ADD 192.168.0.0 MASK 255.255.255.0 10.10.10.5
Mon May 05 13:02:28 2008 Route addition via IPAPI succeeded
Mon May 05 13:02:28 2008 route ADD 10.10.10.1 MASK 255.255.255.255 10.10.10.5
Mon May 05 13:02:28 2008 Route addition via IPAPI succeeded
Mon May 05 13:02:28 2008 Initialization Sequence Completed
Help appreciated!
Reply With Quote