Cannot set up OpenVPN

guitarscn · #1 **(View Single Post)** 17th September 2009

Code:

# /usr/local/sbin/openvpn --config /etc/openvpn/openvpn.conf 
Thu Sep 17 13:23:29 2009 OpenVPN 2.1_rc15 i386-unknown-openbsd4.5 [SSL] [LZO1] built on Mar  1 2009
Enter Auth Username:guitarscn
Enter Auth Password:
Thu Sep 17 13:23:32 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Sep 17 13:23:32 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Sep 17 13:23:32 2009 LZO compression initialized
Thu Sep 17 13:23:32 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Sep 17 13:23:33 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 17 13:23:33 2009 Local Options hash (VER=V4): '69109d17'
Thu Sep 17 13:23:33 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Sep 17 13:23:33 2009 Attempting to establish TCP connection with 87.98.181.223:443 [nonblock]
Thu Sep 17 13:23:34 2009 TCP: connect to x.x.x.x:443 failed, will try again in 5 seconds: Connection refused
Thu Sep 17 13:23:34 2009 SIGUSR1[soft,init_instance] received, process restarting
Thu Sep 17 13:23:34 2009 Restart pause, 5 second(s)
Thu Sep 17 13:23:39 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Sep 17 13:23:39 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Sep 17 13:23:39 2009 Re-using SSL/TLS context
Thu Sep 17 13:23:39 2009 LZO compression initialized
Thu Sep 17 13:23:39 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Sep 17 13:23:39 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 17 13:23:39 2009 Local Options hash (VER=V4): '69109d17'
Thu Sep 17 13:23:39 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Sep 17 13:23:39 2009 Attempting to establish TCP connection with x.x.173.x:443 [nonblock]
Thu Sep 17 13:23:40 2009 TCP connection established with x.x.173.x:443
Thu Sep 17 13:23:40 2009 Socket Buffers: R=[16384->65536] S=[16384->65536]
Thu Sep 17 13:23:40 2009 TCPv4_CLIENT link local: [undef]
Thu Sep 17 13:23:40 2009 TCPv4_CLIENT link remote: x.98.173.x:443
Thu Sep 17 13:23:40 2009 TLS: Initial packet from x.98.173.x:443, sid=60191c71 3ab1c059
Thu Sep 17 13:23:40 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 17 13:23:41 2009 VERIFY OK: depth=1, /C=FR/ST=NA/L=BISHKEK/O=OpenVPN-TEST/CN=ludwig/emailAddress=me@myhost.mydomain
Thu Sep 17 13:23:41 2009 VERIFY OK: depth=0, /C=FR/ST=NA/O=OpenVPN-TEST/CN=ludwig/emailAddress=me@myhost.mydomain
Thu Sep 17 13:23:43 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Sep 17 13:23:43 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 17 13:23:43 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Sep 17 13:23:43 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 17 13:23:43 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Sep 17 13:23:43 2009 [ludwig] Peer Connection Initiated with x.98.173.x:443
Thu Sep 17 13:23:44 2009 SENT CONTROL [ludwig]: 'PUSH_REQUEST' (status=1)
Thu Sep 17 13:23:44 2009 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 94.23.39.201,dhcp-option DNS x.251.133.x,route x.13.0.x,topology net30,ping 10,ping-restart 120,ifconfig 1x.13.51.x x.13.51.x'
Thu Sep 17 13:23:44 2009 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 17 13:23:44 2009 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 17 13:23:44 2009 OPTIONS IMPORT: route options modified
Thu Sep 17 13:23:44 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Sep 17 13:23:44 2009 ROUTE default_gateway=x.17.4.x
Thu Sep 17 13:23:44 2009 /sbin/ifconfig tun destroy
ifconfig: SIOCIFDESTROY: Invalid argument
Thu Sep 17 13:23:44 2009 /sbin/ifconfig tun create
ifconfig: SIOCIFCREATE: Invalid argument
Thu Sep 17 13:23:44 2009 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu Sep 17 13:23:44 2009 /sbin/ifconfig tun x.13.51.x x.13.51.x mtu 1500 netmask 255.255.255.255 up
ifconfig: SIOCSIFMTU: Device not configured
ifconfig: SIOCGIFFLAGS: Device not configured
Thu Sep 17 13:23:44 2009 OpenBSD ifconfig failed: external program exited with error status: 1
Thu Sep 17 13:23:44 2009 Exiting

jggimi · #2 **(View Single Post)** 17th September 2009

See the man pages for ifconfig(8) and tun(4). Your script has a typo. The same typo over and over.

guitarscn · #3 **(View Single Post)** 17th September 2009

Which script? The config file works fine on another OS

jggimi · #4 **(View Single Post)** 18th September 2009

Quote:

Originally Posted by guitarscn

...on another OS...

A short test for guitarscn:

Question #1: How are devices numbered by the OpenBSD kernel?

Question #2: What number device is your first and only tun(4) device?

Question #3 (for extra credit): Why are your ifconfig commands all failing?

I want you to find the answers to these questions on your own. It is the only way you will learn anything.

guitarscn · #5 **(View Single Post)** 30th September 2009

I use rl0 for my ehternet line so number come after the device name starting with 0, right? I didn't have tun in my ifconfig so I did "ifconfig tun up" but the device didn't exist, so I did "ifconfig tun0 up" and it's up.

Oh, I just looked in the connect script and now it works after I changed tun to tun0. Wow I figured this out slow. I am thickheaded.

jggimi · #6 **(View Single Post)** 1st October 2009

Quote:

Originally Posted by guitarscn

...number come after the device name starting with 0, right?

Right.

Quote:

...so I did "ifconfig tun0 up" and it's up.

Good!

Quote:

...Wow I figured this out slow....

But you -did- figure it out. And, you solved the immediate problem. Congratulations on your accomplishment!

guitarscn · #7 **(View Single Post)** 1st October 2009

I was familiar with ifconfig but not tun. I had to read up what tun was and then I understood. Thanks

s2scott · #8 **(View Single Post)** 5th October 2009

Here's what I have in my hostname.tun0 to support openvpn. In openBSD, I found the tun won't come up WITHOUT an IP address. Somewhere in the chicken-and-an-egg dance that openVPN-BSD do, I found this the best way to satisfy both.

Code:

root@gw:/etc/ovpn # pg /etc/hostname.tun0
inet 169.254.235.1 255.255.255.252 169.254.235.2
!/sbin/route add 169.254.235.0/24 169.254.235.1

I'm sure other openvpn.conf and hostname.tun0 combinations work as well.

/S

s2scott · #9 **(View Single Post)** 5th October 2009

I posted this thread a while back; it may help.

http://www.daemonforums.org/showthre...light=hostname

/S

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
openvpn on openbsd problem....	michaelk	OpenBSD Security	8	9th February 2011 04:49 AM
SSH tunneling vs. OpenVPN	revzalot	OpenBSD Security	8	31st May 2009 06:45 AM
OpenVPN management	bichumo	General software and network	0	15th July 2008 09:05 AM
OpenVPN - Problem with connections	MME	General software and network	2	26th May 2008 06:42 PM
openvpn 2.1_rc7 from ports (not packages)	s2scott	OpenBSD Packages and Ports	14	23rd May 2008 02:30 AM