DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 1st February 2011
Emile Emile is offline
Port Guard
 
Join Date: Feb 2011
Posts: 25
Thanked 0 Times in 0 Posts
Default Does pf conflict with OpenVPN?

I pkg_added openvpn and am testing it out with a VPN service. So I copied the client.ovpn and cert.dat to /etc/openvpn/.

Here is the config:

Code:
# VPN client config
ns-cert-type server
tls-client
pull
verb 3
tls-timeout 6
cipher BF-CBC
keysize 256
pkcs12 cert.dat
keepalive 30 120
hand-window 120
route-delay 2
persist-tun
persist-key
redirect-gateway def1
remote-random
route-metric 2
route-method exe
dev tun0
topology subnet
<connection>
proto tcp-client
remote [vpn url] [vpn port]
remote [vpn IP] [vpn port]
connect-retry 10
</connection>
<connection>
proto udp
remote [vpn url] [vpn port]
remote [vpn IP] [vpn port]
</connection>
The bolded options within brackets are information I substituted accordingly as to not spam/advertise the VPN service.

I changed a couple things: I changed "dev tun" to "dev tun0" for OpenBSD, and I deleted the last line of the config which was "win-sys 'env'" because I got an error about it and removing it seemed safe.

So here I am starting it up:

Code:
$ sudo openvpn client.ovpn 
Tue Feb  1 10:47:09 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010
Tue Feb  1 10:47:09 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb  1 10:47:09 2011 WARNING: file 'cert.dat' is group or others accessible
Tue Feb  1 10:47:09 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Feb  1 10:47:09 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Tue Feb  1 10:47:09 2011 Local Options hash (VER=V4): 'bf6006bf'
Tue Feb  1 10:47:09 2011 Expected Remote Options hash (VER=V4): '3ce6ab7f'
Tue Feb  1 10:47:09 2011 Attempting to establish TCP connection with [VPN IP]:[VPN port] [nonblock]
Tue Feb  1 10:47:10 2011 TCP connection established with [VPN IP]:[VPN port]
Tue Feb  1 10:47:10 2011 Socket Buffers: R=[16384->65536] S=[16384->65536]
Tue Feb  1 10:47:10 2011 TCPv4_CLIENT link local: [undef]
Tue Feb  1 10:47:10 2011 TCPv4_CLIENT link remote: [VPN IP]:[VPN port]
Tue Feb  1 10:47:10 2011 TLS: Initial packet from [VPN IP]:[VPN port], sid=33085865 6f786d04
Tue Feb  1 10:47:12 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=New_York/O=example.com/CN=example.com_CA/emailAddress=admin@example.com
Tue Feb  1 10:47:12 2011 VERIFY OK: nsCertType=SERVER
Tue Feb  1 10:47:12 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=New_York/O=example.com/CN=server/emailAddress=admin@example.com
Tue Feb  1 10:47:16 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 256 bit key
Tue Feb  1 10:47:16 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb  1 10:47:16 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 256 bit key
Tue Feb  1 10:47:16 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb  1 10:47:16 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Feb  1 10:47:16 2011 [server] Peer Connection Initiated with [VPN IP]:[VPN port]
Tue Feb  1 10:47:19 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Feb  1 10:47:19 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.100.1.0 255.255.255.0,redirect-gateway,dhcp-option DNS 10.100.1.1,route-gateway 10.100.1.1,topology subnet,ping 120,ping-restart 360,socket-flags TCP_NODELAY,ifconfig 10.100.1.9 255.255.255.0'
Tue Feb  1 10:47:19 2011 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb  1 10:47:19 2011 OPTIONS IMPORT: --socket-flags option modified
Tue Feb  1 10:47:19 2011 NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)
Tue Feb  1 10:47:19 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb  1 10:47:19 2011 OPTIONS IMPORT: route options modified
Tue Feb  1 10:47:19 2011 OPTIONS IMPORT: route-related options modified
Tue Feb  1 10:47:19 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb  1 10:47:19 2011 ROUTE default_gateway=192.168.1.1
Tue Feb  1 10:47:19 2011 /sbin/ifconfig tun0 destroy
Tue Feb  1 10:47:19 2011 /sbin/ifconfig tun0 create
Tue Feb  1 10:47:19 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Tue Feb  1 10:47:19 2011 /sbin/ifconfig tun0 10.100.1.9 netmask 255.255.255.0 mtu 1500 broadcast 10.100.1.255 link0
Tue Feb  1 10:47:19 2011 TUN/TAP device /dev/tun0 opened
Tue Feb  1 10:47:21 2011 /sbin/route add -net [VPN IP] 192.168.1.1 -netmask 255.255.255.255
add net [VPN IP]: gateway 192.168.1.1
Tue Feb  1 10:47:21 2011 /sbin/route add -net 0.0.0.0 10.100.1.1 -netmask 128.0.0.0
add net 0.0.0.0: gateway 10.100.1.1
Tue Feb  1 10:47:21 2011 /sbin/route add -net 128.0.0.0 10.100.1.1 -netmask 128.0.0.0
add net 128.0.0.0: gateway 10.100.1.1
Tue Feb  1 10:47:21 2011 /sbin/route add -net 10.100.1.0 10.100.1.1 -netmask 255.255.255.0
add net 10.100.1.0: gateway 10.100.1.1
Tue Feb  1 10:47:21 2011 Initialization Sequence Completed
So it seems successful there, but once connected I do not seem to have internet access.

Here is me attempting to ping Google:

Code:
$ ping google.com
PING google.com (74.125.79.99): 56 data bytes
ping: sendto: No route to host
ping: wrote google.com 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote google.com 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote google.com 64 chars, ret=-1
--- google.com ping statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss
What can I do to debug the situation and find out what's preventing my access to the internet?

At first I was inclined to believe it had something to do with pf but I'm not sure. Could it be an issue with pf? If not, what else can I do to figure out the issue? (I am currently attempting to contact the VPN provider but they only support Windows, Mac, and Linux.)

Last edited by Emile; 1st February 2011 at 07:12 PM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN BSD_Auth There0 OpenBSD Installation and Upgrading 0 8th May 2010 09:53 AM
Cannot set up OpenVPN guitarscn OpenBSD Security 8 5th October 2009 05:19 PM
SSH tunneling vs. OpenVPN revzalot OpenBSD Security 8 31st May 2009 06:45 AM
OpenVPN management bichumo General software and network 0 15th July 2008 09:05 AM
OpenVPN - Problem with connections MME General software and network 2 26th May 2008 06:42 PM


All times are GMT. The time now is 11:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick