View Single Post
  #7   (View Single Post)  
Old 16th May 2009
michaelk michaelk is offline
New User
 
Join Date: May 2008
Posts: 9
Default

Quote:
Originally Posted by BSDfan666 View Post
Can you post the output of the following?

$ route show -inet
$ ifconfig -a # or just tun0.

Hopefully we'll know more about your setup this way, it's likely a configuration issue.. posting the output of /etc/mygate in [code][/code] blocks might also be helpful.

The provider I try to connect to is http://ivacy.com

on freebsd:

Code:
~> Sat May 16 10:33:01 2009 OpenVPN 2.1_rc15 i386-portbld-freebsd7.1 [SSL] [LZO2] built on May  9 2009
Sat May 16 10:33:01 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat May 16 10:33:01 2009 Control Channel Authentication: using 'keys/ivacy-tls.key' as a OpenVPN static key file
Sat May 16 10:33:01 2009 LZO compression initialized
Sat May 16 10:33:01 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 2 addresses, choosing one by random
Sat May 16 10:33:01 2009 UDPv4 link local: [undef]
Sat May 16 10:33:01 2009 UDPv4 link remote: 85.249.223.29:1194
Sat May 16 10:33:01 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat May 16 10:33:02 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Sat May 16 10:33:04 2009 TUN/TAP device /dev/tun0 opened
Sat May 16 10:33:04 2009 /sbin/ifconfig tun0 1.2.116.141 1.2.116.141 netmask 255.255.252.0 mtu 1500 up
add net 1.2.116.0: gateway 1.2.116.141
Sat May 16 10:33:04 2009 /usr/local/etc/openvpn/ivacy-up.sh tun0 1500 1542 1.2.116.141 255.255.252.0 init
add net 85.249.223.29: gateway 192.168.0.1
delete net 0.0.0.0: gateway 192.168.0.1
add net 0.0.0.0: gateway 1.2.116.1
Sat May 16 10:33:04 2009 WARNING: potential route subnet conflict between local LAN [1.2.116.0/255.255.255.0] and remote VPN [1.0.0.0/255.0.0.0]
add net 1.0.0.0: gateway 1.2.116.1
Sat May 16 10:33:04 2009 Initialization Sequence Completed

~> ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        inet 1.2.116.141 --> 1.2.116.141 netmask 0xfffffc00 
        Opened by PID 11411
~> netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            1.2.116.1          UGS         0        0   tun0
1.0.0.0/8          1.2.116.1          UGS         0        0   tun0
1.2.116.0/22       1.2.116.141        UGS         2        0   tun0
1.2.116.141        1.2.116.141        UH          1        0   tun0
85.249.223.29/32   192.168.0.1        UGS         0        2    le0
127.0.0.1          127.0.0.1          UH          0      244    lo0
192.168.0.0/24     link#1             UC          0        0    le0
192.168.0.1        00:0f:66:c8:90:fd  UHLW        2     2368    le0   1193
192.168.0.102      00:e0:4c:15:0c:1f  UHLW        1      188    le0   1180

> nslookup www.yahoo.se
Server:         1.254.2.2
Address:        1.254.2.2#53

Non-authoritative answer:
www.yahoo.se    canonical name = www.euro.fyeu.b.yahoo.com.
Name:   www.euro.fyeu.b.yahoo.com
Address: 87.248.120.129

~> ping 1.254.2.2
PING 1.254.2.2 (1.254.2.2): 56 data bytes
64 bytes from 1.254.2.2: icmp_seq=0 ttl=63 time=65.528 ms
64 bytes from 1.254.2.2: icmp_seq=1 ttl=63 time=65.315 ms
64 bytes from 1.254.2.2: icmp_seq=2 ttl=63 time=52.479 ms
^C
--- 1.254.2.2 ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 52.479/61.107/65.528/6.102 ms
Works great!

The same thing on openbsd:

Code:
openbsd ~ # Sat May 16 10:35:09 2009 OpenVPN 2.1_rc15 i386-unknown-openbsd4.5 [SSL] [LZO1] built on May 12 2009
Sat May 16 10:35:09 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat May 16 10:35:09 2009 Control Channel Authentication: using 'keys/ivacy-tls.key' as a OpenVPN static key file
Sat May 16 10:35:09 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:09 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:09 2009 LZO compression initialized
Sat May 16 10:35:09 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat May 16 10:35:09 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat May 16 10:35:09 2009 Local Options hash (VER=V4): '504e774e'
Sat May 16 10:35:09 2009 Expected Remote Options hash (VER=V4): '14168603'
Sat May 16 10:35:09 2009 Socket Buffers: R=[41600->65536] S=[9216->65536]
Sat May 16 10:35:09 2009 UDPv4 link local: [undef]
Sat May 16 10:35:09 2009 UDPv4 link remote: 85.249.223.29:1194
Sat May 16 10:35:09 2009 TLS: Initial packet from 85.249.223.29:1194, sid=a435a05c 7c5e375c
Sat May 16 10:35:09 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat May 16 10:35:10 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sat May 16 10:35:10 2009 VERIFY OK: nsCertType=SERVER
Sat May 16 10:35:10 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sat May 16 10:35:10 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 16 10:35:10 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:10 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 16 10:35:10 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:10 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat May 16 10:35:10 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Sat May 16 10:35:12 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sat May 16 10:35:12 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.143 255.255.252.0'
Sat May 16 10:35:12 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: route options modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: route-related options modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat May 16 10:35:12 2009 ROUTE default_gateway=192.168.0.1
Sat May 16 10:35:12 2009 /sbin/ifconfig tun0 destroy
ifconfig: SIOCIFDESTROY: Device not configured
Sat May 16 10:35:12 2009 /sbin/ifconfig tun0 create
Sat May 16 10:35:12 2009 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Sat May 16 10:35:12 2009 /sbin/ifconfig tun0 1.2.116.143 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255 link0
Sat May 16 10:35:12 2009 TUN/TAP device /dev/tun0 opened
Sat May 16 10:35:12 2009 /etc/openvpn/ivacy-up.sh tun0 1500 1542 1.2.116.143 255.255.252.0 init
Sat May 16 10:35:12 2009 /sbin/route add -net 85.249.223.29 192.168.0.1 -netmask 255.255.255.255
add net 85.249.223.29: gateway 192.168.0.1
Sat May 16 10:35:12 2009 /sbin/route delete -net 0.0.0.0 192.168.0.1 -netmask 0.0.0.0
delete net 0.0.0.0: gateway 192.168.0.1
Sat May 16 10:35:12 2009 /sbin/route add -net 0.0.0.0 1.2.116.1 -netmask 0.0.0.0
add net 0.0.0.0: gateway 1.2.116.1
Sat May 16 10:35:12 2009 WARNING: potential route subnet conflict between local LAN [1.2.116.0/255.255.255.0] and remote VPN [1.0.0.0/255.0.0.0]
Sat May 16 10:35:12 2009 /sbin/route add -net 1.0.0.0 1.2.116.1 -netmask 255.0.0.0
add net 1.0.0.0: gateway 1.2.116.1
Sat May 16 10:35:12 2009 Initialization Sequence Completed

# route show -inet
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            1.2.116.1          UGS        0        0     -     8 tun0
1/8                1.2.116.1          UGS        0        8     -     8 tun0
1.2.116/22         link#4             UC         1        0     -     4 tun0
1.2.116.1          link#4             UHRLc      2        0     -     4 tun0
85.249.223.29/32   192.168.0.1        UGS        1       20     -     8 vic0
loopback           localhost          UGRS       0        0 33204     8 lo0
localhost          localhost          UH         2      314 33204     4 lo0
192.168.0/24       link#1             UC         2        0     -     4 vic0
192.168.0.1        00:0f:66:c8:90:fd  UHLc       2       19     -     4 vic0
192.168.0.102      00:e0:4c:15:0c:1f  UHLc       2      608     -     4 vic0
192.168.0.126      localhost          UGHS       0        0 33204     8 lo0
BASE-ADDRESS.MCAST localhost          URS        0        0 33204     8 lo0

openbsd ~ # ifconfig tun0
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
        lladdr 00:bd:a9:7c:44:01
        priority: 0
        groups: egress
        inet 1.2.116.141 netmask 0xfffffc00 broadcast 1.2.119.255
        inet6 fe80::2bd:a9ff:fe7c:4401%tun0 prefixlen 64 scopeid 0x4
        
openbsd ~ # nslookup www.yahoo.com   <<= just hangs!!!


openbsd ~ # cat /etc/resolv.conf
domain vpn
nameserver 1.254.2.2
nameserver 1.254.2.3
lookup file bind
openbsd ~ # ping 1.254.2.2

PING 1.254.2.2 (1.254.2.2): 56 data bytes
ping: sendto: No route to host
ping: wrote 1.254.2.2 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote 1.254.2.2 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote 1.254.2.2 64 chars, ret=-1
--- 1.254.2.2 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
Notice that openvpn is linked with lzo1 while freebsd is linked with lzo2

I also compiled a version on openbsd which is linked with lzo2 but unfortunatly
without any luck

Any clues?

Michael
Reply With Quote