Quote:
Originally Posted by BSDfan666
Can you post the output of the following?
$ route show -inet
$ ifconfig -a # or just tun0.
Hopefully we'll know more about your setup this way, it's likely a configuration issue.. posting the output of /etc/mygate in [code][/code] blocks might also be helpful.
|
The provider I try to connect to is
http://ivacy.com
on freebsd:
Code:
~> Sat May 16 10:33:01 2009 OpenVPN 2.1_rc15 i386-portbld-freebsd7.1 [SSL] [LZO2] built on May 9 2009
Sat May 16 10:33:01 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat May 16 10:33:01 2009 Control Channel Authentication: using 'keys/ivacy-tls.key' as a OpenVPN static key file
Sat May 16 10:33:01 2009 LZO compression initialized
Sat May 16 10:33:01 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 2 addresses, choosing one by random
Sat May 16 10:33:01 2009 UDPv4 link local: [undef]
Sat May 16 10:33:01 2009 UDPv4 link remote: 85.249.223.29:1194
Sat May 16 10:33:01 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat May 16 10:33:02 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Sat May 16 10:33:04 2009 TUN/TAP device /dev/tun0 opened
Sat May 16 10:33:04 2009 /sbin/ifconfig tun0 1.2.116.141 1.2.116.141 netmask 255.255.252.0 mtu 1500 up
add net 1.2.116.0: gateway 1.2.116.141
Sat May 16 10:33:04 2009 /usr/local/etc/openvpn/ivacy-up.sh tun0 1500 1542 1.2.116.141 255.255.252.0 init
add net 85.249.223.29: gateway 192.168.0.1
delete net 0.0.0.0: gateway 192.168.0.1
add net 0.0.0.0: gateway 1.2.116.1
Sat May 16 10:33:04 2009 WARNING: potential route subnet conflict between local LAN [1.2.116.0/255.255.255.0] and remote VPN [1.0.0.0/255.0.0.0]
add net 1.0.0.0: gateway 1.2.116.1
Sat May 16 10:33:04 2009 Initialization Sequence Completed
~> ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
inet 1.2.116.141 --> 1.2.116.141 netmask 0xfffffc00
Opened by PID 11411
~> netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 1.2.116.1 UGS 0 0 tun0
1.0.0.0/8 1.2.116.1 UGS 0 0 tun0
1.2.116.0/22 1.2.116.141 UGS 2 0 tun0
1.2.116.141 1.2.116.141 UH 1 0 tun0
85.249.223.29/32 192.168.0.1 UGS 0 2 le0
127.0.0.1 127.0.0.1 UH 0 244 lo0
192.168.0.0/24 link#1 UC 0 0 le0
192.168.0.1 00:0f:66:c8:90:fd UHLW 2 2368 le0 1193
192.168.0.102 00:e0:4c:15:0c:1f UHLW 1 188 le0 1180
> nslookup www.yahoo.se
Server: 1.254.2.2
Address: 1.254.2.2#53
Non-authoritative answer:
www.yahoo.se canonical name = www.euro.fyeu.b.yahoo.com.
Name: www.euro.fyeu.b.yahoo.com
Address: 87.248.120.129
~> ping 1.254.2.2
PING 1.254.2.2 (1.254.2.2): 56 data bytes
64 bytes from 1.254.2.2: icmp_seq=0 ttl=63 time=65.528 ms
64 bytes from 1.254.2.2: icmp_seq=1 ttl=63 time=65.315 ms
64 bytes from 1.254.2.2: icmp_seq=2 ttl=63 time=52.479 ms
^C
--- 1.254.2.2 ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 52.479/61.107/65.528/6.102 ms
Works great!
The same thing on openbsd:
Code:
openbsd ~ # Sat May 16 10:35:09 2009 OpenVPN 2.1_rc15 i386-unknown-openbsd4.5 [SSL] [LZO1] built on May 12 2009
Sat May 16 10:35:09 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat May 16 10:35:09 2009 Control Channel Authentication: using 'keys/ivacy-tls.key' as a OpenVPN static key file
Sat May 16 10:35:09 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:09 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:09 2009 LZO compression initialized
Sat May 16 10:35:09 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat May 16 10:35:09 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat May 16 10:35:09 2009 Local Options hash (VER=V4): '504e774e'
Sat May 16 10:35:09 2009 Expected Remote Options hash (VER=V4): '14168603'
Sat May 16 10:35:09 2009 Socket Buffers: R=[41600->65536] S=[9216->65536]
Sat May 16 10:35:09 2009 UDPv4 link local: [undef]
Sat May 16 10:35:09 2009 UDPv4 link remote: 85.249.223.29:1194
Sat May 16 10:35:09 2009 TLS: Initial packet from 85.249.223.29:1194, sid=a435a05c 7c5e375c
Sat May 16 10:35:09 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat May 16 10:35:10 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sat May 16 10:35:10 2009 VERIFY OK: nsCertType=SERVER
Sat May 16 10:35:10 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sat May 16 10:35:10 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 16 10:35:10 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:10 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 16 10:35:10 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 16 10:35:10 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat May 16 10:35:10 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.29:1194
Sat May 16 10:35:12 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sat May 16 10:35:12 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.116.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.116.143 255.255.252.0'
Sat May 16 10:35:12 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: route options modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: route-related options modified
Sat May 16 10:35:12 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat May 16 10:35:12 2009 ROUTE default_gateway=192.168.0.1
Sat May 16 10:35:12 2009 /sbin/ifconfig tun0 destroy
ifconfig: SIOCIFDESTROY: Device not configured
Sat May 16 10:35:12 2009 /sbin/ifconfig tun0 create
Sat May 16 10:35:12 2009 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Sat May 16 10:35:12 2009 /sbin/ifconfig tun0 1.2.116.143 netmask 255.255.252.0 mtu 1500 broadcast 1.2.119.255 link0
Sat May 16 10:35:12 2009 TUN/TAP device /dev/tun0 opened
Sat May 16 10:35:12 2009 /etc/openvpn/ivacy-up.sh tun0 1500 1542 1.2.116.143 255.255.252.0 init
Sat May 16 10:35:12 2009 /sbin/route add -net 85.249.223.29 192.168.0.1 -netmask 255.255.255.255
add net 85.249.223.29: gateway 192.168.0.1
Sat May 16 10:35:12 2009 /sbin/route delete -net 0.0.0.0 192.168.0.1 -netmask 0.0.0.0
delete net 0.0.0.0: gateway 192.168.0.1
Sat May 16 10:35:12 2009 /sbin/route add -net 0.0.0.0 1.2.116.1 -netmask 0.0.0.0
add net 0.0.0.0: gateway 1.2.116.1
Sat May 16 10:35:12 2009 WARNING: potential route subnet conflict between local LAN [1.2.116.0/255.255.255.0] and remote VPN [1.0.0.0/255.0.0.0]
Sat May 16 10:35:12 2009 /sbin/route add -net 1.0.0.0 1.2.116.1 -netmask 255.0.0.0
add net 1.0.0.0: gateway 1.2.116.1
Sat May 16 10:35:12 2009 Initialization Sequence Completed
# route show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 1.2.116.1 UGS 0 0 - 8 tun0
1/8 1.2.116.1 UGS 0 8 - 8 tun0
1.2.116/22 link#4 UC 1 0 - 4 tun0
1.2.116.1 link#4 UHRLc 2 0 - 4 tun0
85.249.223.29/32 192.168.0.1 UGS 1 20 - 8 vic0
loopback localhost UGRS 0 0 33204 8 lo0
localhost localhost UH 2 314 33204 4 lo0
192.168.0/24 link#1 UC 2 0 - 4 vic0
192.168.0.1 00:0f:66:c8:90:fd UHLc 2 19 - 4 vic0
192.168.0.102 00:e0:4c:15:0c:1f UHLc 2 608 - 4 vic0
192.168.0.126 localhost UGHS 0 0 33204 8 lo0
BASE-ADDRESS.MCAST localhost URS 0 0 33204 8 lo0
openbsd ~ # ifconfig tun0
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr 00:bd:a9:7c:44:01
priority: 0
groups: egress
inet 1.2.116.141 netmask 0xfffffc00 broadcast 1.2.119.255
inet6 fe80::2bd:a9ff:fe7c:4401%tun0 prefixlen 64 scopeid 0x4
openbsd ~ # nslookup www.yahoo.com <<= just hangs!!!
openbsd ~ # cat /etc/resolv.conf
domain vpn
nameserver 1.254.2.2
nameserver 1.254.2.3
lookup file bind
openbsd ~ # ping 1.254.2.2
PING 1.254.2.2 (1.254.2.2): 56 data bytes
ping: sendto: No route to host
ping: wrote 1.254.2.2 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote 1.254.2.2 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote 1.254.2.2 64 chars, ret=-1
--- 1.254.2.2 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
Notice that openvpn is linked with lzo1 while freebsd is linked with lzo2
I also compiled a version on openbsd which is linked with lzo2 but unfortunatly
without any luck
Any clues?
Michael