View Single Post
  #7   (View Single Post)  
Old 1st February 2011
Emile Emile is offline
Port Guard
 
Join Date: Feb 2011
Posts: 25
Default

Alright, so without the block log all rule, I fired up tcpdump and it didn't catch anything at all while I connected to the VPN or when I tried to ping/browse to any website after I was "connected". So I doubt it's pf, then I have no idea what's wrong with this OpenVPN/OpenBSD setup...

And here it is with the rule on:

Code:
$ sudo openvpn client.ovpn 
Tue Feb  1 14:30:50 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010
Tue Feb  1 14:30:50 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb  1 14:30:50 2011 WARNING: file 'cert.dat' is group or others accessible
Tue Feb  1 14:30:50 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Feb  1 14:30:50 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Tue Feb  1 14:30:50 2011 Local Options hash (VER=V4): 'bf6006bf'
Tue Feb  1 14:30:50 2011 Expected Remote Options hash (VER=V4): '3ce6ab7f'
Tue Feb  1 14:30:50 2011 Attempting to establish TCP connection with [VPN IP]:[VPN port] [nonblock]
Tue Feb  1 14:30:50 2011 TCP: connect to [VPN IP]:[VPN port] failed, will try again in 10 seconds: No route to host
Tue Feb  1 14:30:50 2011 SIGUSR1[soft,init_instance] received, process restarting
Tue Feb  1 14:30:50 2011 Restart pause, 2 second(s)
Tue Feb  1 14:30:52 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb  1 14:30:52 2011 Re-using SSL/TLS context
Tue Feb  1 14:30:52 2011 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb  1 14:30:52 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Tue Feb  1 14:30:52 2011 Local Options hash (VER=V4): '91138c76'
Tue Feb  1 14:30:52 2011 Expected Remote Options hash (VER=V4): 'f5a300ca'
Tue Feb  1 14:30:52 2011 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Feb  1 14:30:52 2011 UDPv4 link local (bound): [undef]:1194
Tue Feb  1 14:30:52 2011 UDPv4 link remote: [VPN IP]:[VPN port]
Tue Feb  1 14:30:52 2011 write UDPv4: No route to host (code=65)
Tue Feb  1 14:30:58 2011 write UDPv4: No route to host (code=65)
Tue Feb  1 14:31:04 2011 write UDPv4: No route to host (code=65)
Tue Feb  1 14:31:10 2011 write UDPv4: No route to host (code=65)
tcpdump:
Code:
$ sudo tcpdump -eni pflog0
tcpdump: listening on pflog0, link-type PFLOG
14:30:50.529549 rule 2/(match) block out on nfe0: 192.168.1.4.43665 > [VPN IP]:[VPN port]: S 2351877163:2351877163(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp]> (DF)
14:30:52.538155 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14
14:30:58.787580 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14
14:31:04.677419 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14
14:31:10.027260 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14
^C
5 packets received by filter
0 packets dropped by kernel
(nfe0 is my network card and 192.168.1.4 is my IP from my home router.)
Reply With Quote