View Single Post
  #5   (View Single Post)  
Old 1st February 2011
Emile Emile is offline
Port Guard
 
Join Date: Feb 2011
Posts: 25
Default

On another thought, I had to remove some metadata (the ^M character) from the config file. Is it possible that the cert.key might be messed up from this too?

Anyway, back on the topic:

Code:
$ sudo pfctl -vvf /etc/pf.conf
Loaded 696 passive OS fingerprints
set skip on { lo }
@0 pass all flags S/SA keep state
@1 block drop in on ! lo0 proto tcp from any to any port 6000:6010
@2 block drop log all

$ ifconfig pflog0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
        priority: 0
        groups: pflog

$ sudo openvpn client.ovpn
Tue Feb  1 14:15:47 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010
Tue Feb  1 14:15:47 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb  1 14:15:47 2011 WARNING: file 'cert.dat' is group or others accessible
Tue Feb  1 14:15:47 2011 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb  1 14:15:47 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Tue Feb  1 14:15:47 2011 Local Options hash (VER=V4): '91138c76'
Tue Feb  1 14:15:47 2011 Expected Remote Options hash (VER=V4): 'f5a300ca'
Tue Feb  1 14:15:47 2011 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Feb  1 14:15:47 2011 UDPv4 link local (bound): [undef]:1194
Tue Feb  1 14:15:47 2011 UDPv4 link remote: [VPN IP]:[VPN port]
Tue Feb  1 14:15:47 2011 write UDPv4: No route to host (code=65)
Tue Feb  1 14:15:53 2011 write UDPv4: No route to host (code=65)

etc.

$ sudo tcpdump -eni /dev/pflog0 
tcpdump: Failed to open bpf device for /dev/pflog0: Device not configured

$ ifconfig pflog0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
        priority: 0
        groups: pflog
I don't understand...?
Reply With Quote