|
|
|||||||
| OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
 |
|
|
Thread Tools | Display Modes |
1st February 2011
|
|||
|
|||
Does pf conflict with OpenVPN?
I pkg_added openvpn and am testing it out with a VPN service. So I copied the client.ovpn and cert.dat to /etc/openvpn/.
Here is the config: Code:
# VPN client config ns-cert-type server tls-client pull verb 3 tls-timeout 6 cipher BF-CBC keysize 256 pkcs12 cert.dat keepalive 30 120 hand-window 120 route-delay 2 persist-tun persist-key redirect-gateway def1 remote-random route-metric 2 route-method exe dev tun0 topology subnet <connection> proto tcp-client remote [vpn url] [vpn port] remote [vpn IP] [vpn port] connect-retry 10 </connection> <connection> proto udp remote [vpn url] [vpn port] remote [vpn IP] [vpn port] </connection> I changed a couple things: I changed "dev tun" to "dev tun0" for OpenBSD, and I deleted the last line of the config which was "win-sys 'env'" because I got an error about it and removing it seemed safe. So here I am starting it up: Code:
$ sudo openvpn client.ovpn Tue Feb 1 10:47:09 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010 Tue Feb 1 10:47:09 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Feb 1 10:47:09 2011 WARNING: file 'cert.dat' is group or others accessible Tue Feb 1 10:47:09 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Feb 1 10:47:09 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Feb 1 10:47:09 2011 Local Options hash (VER=V4): 'bf6006bf' Tue Feb 1 10:47:09 2011 Expected Remote Options hash (VER=V4): '3ce6ab7f' Tue Feb 1 10:47:09 2011 Attempting to establish TCP connection with [VPN IP]:[VPN port] [nonblock] Tue Feb 1 10:47:10 2011 TCP connection established with [VPN IP]:[VPN port] Tue Feb 1 10:47:10 2011 Socket Buffers: R=[16384->65536] S=[16384->65536] Tue Feb 1 10:47:10 2011 TCPv4_CLIENT link local: [undef] Tue Feb 1 10:47:10 2011 TCPv4_CLIENT link remote: [VPN IP]:[VPN port] Tue Feb 1 10:47:10 2011 TLS: Initial packet from [VPN IP]:[VPN port], sid=33085865 6f786d04 Tue Feb 1 10:47:12 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=New_York/O=example.com/CN=example.com_CA/emailAddress=admin@example.com Tue Feb 1 10:47:12 2011 VERIFY OK: nsCertType=SERVER Tue Feb 1 10:47:12 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=New_York/O=example.com/CN=server/emailAddress=admin@example.com Tue Feb 1 10:47:16 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 256 bit key Tue Feb 1 10:47:16 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 1 10:47:16 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 256 bit key Tue Feb 1 10:47:16 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 1 10:47:16 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Tue Feb 1 10:47:16 2011 [server] Peer Connection Initiated with [VPN IP]:[VPN port] Tue Feb 1 10:47:19 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Feb 1 10:47:19 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.100.1.0 255.255.255.0,redirect-gateway,dhcp-option DNS 10.100.1.1,route-gateway 10.100.1.1,topology subnet,ping 120,ping-restart 360,socket-flags TCP_NODELAY,ifconfig 10.100.1.9 255.255.255.0' Tue Feb 1 10:47:19 2011 OPTIONS IMPORT: timers and/or timeouts modified Tue Feb 1 10:47:19 2011 OPTIONS IMPORT: --socket-flags option modified Tue Feb 1 10:47:19 2011 NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support) Tue Feb 1 10:47:19 2011 OPTIONS IMPORT: --ifconfig/up options modified Tue Feb 1 10:47:19 2011 OPTIONS IMPORT: route options modified Tue Feb 1 10:47:19 2011 OPTIONS IMPORT: route-related options modified Tue Feb 1 10:47:19 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Feb 1 10:47:19 2011 ROUTE default_gateway=192.168.1.1 Tue Feb 1 10:47:19 2011 /sbin/ifconfig tun0 destroy Tue Feb 1 10:47:19 2011 /sbin/ifconfig tun0 create Tue Feb 1 10:47:19 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Tue Feb 1 10:47:19 2011 /sbin/ifconfig tun0 10.100.1.9 netmask 255.255.255.0 mtu 1500 broadcast 10.100.1.255 link0 Tue Feb 1 10:47:19 2011 TUN/TAP device /dev/tun0 opened Tue Feb 1 10:47:21 2011 /sbin/route add -net [VPN IP] 192.168.1.1 -netmask 255.255.255.255 add net [VPN IP]: gateway 192.168.1.1 Tue Feb 1 10:47:21 2011 /sbin/route add -net 0.0.0.0 10.100.1.1 -netmask 128.0.0.0 add net 0.0.0.0: gateway 10.100.1.1 Tue Feb 1 10:47:21 2011 /sbin/route add -net 128.0.0.0 10.100.1.1 -netmask 128.0.0.0 add net 128.0.0.0: gateway 10.100.1.1 Tue Feb 1 10:47:21 2011 /sbin/route add -net 10.100.1.0 10.100.1.1 -netmask 255.255.255.0 add net 10.100.1.0: gateway 10.100.1.1 Tue Feb 1 10:47:21 2011 Initialization Sequence Completed Here is me attempting to ping Google: Code:
$ ping google.com PING google.com (74.125.79.99): 56 data bytes ping: sendto: No route to host ping: wrote google.com 64 chars, ret=-1 ping: sendto: No route to host ping: wrote google.com 64 chars, ret=-1 ping: sendto: No route to host ping: wrote google.com 64 chars, ret=-1 --- google.com ping statistics --- 9 packets transmitted, 0 packets received, 100.0% packet loss At first I was inclined to believe it had something to do with pf but I'm not sure. Could it be an issue with pf? If not, what else can I do to figure out the issue? (I am currently attempting to contact the VPN provider but they only support Windows, Mac, and Linux.) Last edited by Emile; 1st February 2011 at 07:12 PM. 
|
|
1st February 2011
|
|||
|
|||
|
If you use a block log all in your pf.conf, the blocked packets will be logged to /dev/pflog0. You can view these with running tcpdump:
Code:
# tcpdump -eni /dev/pflog0 
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
I'd also like to mention that this is almost a default install...with just OpenVPN, Firefox, and scrotwm on it. Also I patched it to -stable. I don't know pf syntax so I left it alone as it is, but I read somewhere that starting with a certain version of OpenBSD, it was enabled by default. So I think right now it allows all traffic.
In any case, it might be my lack of pf skill but I added block log all to the bottom of my pf.conf (that's correct, right?) and ran OpenVPN accordingly...I tried to ping Google and also browse to Yahoo, then stopped the VPN. I did this: Code:
$ sudo tcpdump -eni /dev/pflog0 tcpdump: Failed to open bpf device for /dev/pflog0: Device not configured Last edited by Emile; 1st February 2011 at 07:40 PM.
|
|
1st February 2011
|
|||
|
|||
|
Do a sudo pfctl -sr to show the rules. If you don't see the block rule, you added, you forgot to reload pf with
Code:
# pfctl -vvf /etc/pf.conf You can check that with: Code:
$ ifconfig pflog0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33160
priority: 0
groups: pflog
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
On another thought, I had to remove some metadata (the ^M character) from the config file. Is it possible that the cert.key might be messed up from this too?
Anyway, back on the topic: Code:
$ sudo pfctl -vvf /etc/pf.conf
Loaded 696 passive OS fingerprints
set skip on { lo }
@0 pass all flags S/SA keep state
@1 block drop in on ! lo0 proto tcp from any to any port 6000:6010
@2 block drop log all
$ ifconfig pflog0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
$ sudo openvpn client.ovpn
Tue Feb 1 14:15:47 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010
Tue Feb 1 14:15:47 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb 1 14:15:47 2011 WARNING: file 'cert.dat' is group or others accessible
Tue Feb 1 14:15:47 2011 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb 1 14:15:47 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Tue Feb 1 14:15:47 2011 Local Options hash (VER=V4): '91138c76'
Tue Feb 1 14:15:47 2011 Expected Remote Options hash (VER=V4): 'f5a300ca'
Tue Feb 1 14:15:47 2011 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Feb 1 14:15:47 2011 UDPv4 link local (bound): [undef]:1194
Tue Feb 1 14:15:47 2011 UDPv4 link remote: [VPN IP]:[VPN port]
Tue Feb 1 14:15:47 2011 write UDPv4: No route to host (code=65)
Tue Feb 1 14:15:53 2011 write UDPv4: No route to host (code=65)
etc.
$ sudo tcpdump -eni /dev/pflog0
tcpdump: Failed to open bpf device for /dev/pflog0: Device not configured
$ ifconfig pflog0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
|
|
1st February 2011
|
|||
|
|||
|
I have to apologize. I made a mistake in the syntax
 The proper syntax is: Code:
$ sudo tcpdump -eni pflog0
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
Alright, so without the block log all rule, I fired up tcpdump and it didn't catch anything at all while I connected to the VPN or when I tried to ping/browse to any website after I was "connected". So I doubt it's pf, then I have no idea what's wrong with this OpenVPN/OpenBSD setup...
And here it is with the rule on: Code:
$ sudo openvpn client.ovpn Tue Feb 1 14:30:50 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010 Tue Feb 1 14:30:50 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Feb 1 14:30:50 2011 WARNING: file 'cert.dat' is group or others accessible Tue Feb 1 14:30:50 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Feb 1 14:30:50 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Feb 1 14:30:50 2011 Local Options hash (VER=V4): 'bf6006bf' Tue Feb 1 14:30:50 2011 Expected Remote Options hash (VER=V4): '3ce6ab7f' Tue Feb 1 14:30:50 2011 Attempting to establish TCP connection with [VPN IP]:[VPN port] [nonblock] Tue Feb 1 14:30:50 2011 TCP: connect to [VPN IP]:[VPN port] failed, will try again in 10 seconds: No route to host Tue Feb 1 14:30:50 2011 SIGUSR1[soft,init_instance] received, process restarting Tue Feb 1 14:30:50 2011 Restart pause, 2 second(s) Tue Feb 1 14:30:52 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Feb 1 14:30:52 2011 Re-using SSL/TLS context Tue Feb 1 14:30:52 2011 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 1 14:30:52 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ] Tue Feb 1 14:30:52 2011 Local Options hash (VER=V4): '91138c76' Tue Feb 1 14:30:52 2011 Expected Remote Options hash (VER=V4): 'f5a300ca' Tue Feb 1 14:30:52 2011 Socket Buffers: R=[41600->65536] S=[9216->65536] Tue Feb 1 14:30:52 2011 UDPv4 link local (bound): [undef]:1194 Tue Feb 1 14:30:52 2011 UDPv4 link remote: [VPN IP]:[VPN port] Tue Feb 1 14:30:52 2011 write UDPv4: No route to host (code=65) Tue Feb 1 14:30:58 2011 write UDPv4: No route to host (code=65) Tue Feb 1 14:31:04 2011 write UDPv4: No route to host (code=65) Tue Feb 1 14:31:10 2011 write UDPv4: No route to host (code=65) Code:
$ sudo tcpdump -eni pflog0 tcpdump: listening on pflog0, link-type PFLOG 14:30:50.529549 rule 2/(match) block out on nfe0: 192.168.1.4.43665 > [VPN IP]:[VPN port]: S 2351877163:2351877163(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp]> (DF) 14:30:52.538155 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14 14:30:58.787580 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14 14:31:04.677419 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14 14:31:10.027260 rule 2/(match) block out on nfe0: 192.168.1.4.1194 > [VPN IP]:[VPN port]: udp 14 ^C 5 packets received by filter 0 packets dropped by kernel
|
|
1st February 2011
|
|||
|
|||
|
Packets are being blocked. The first one is the first of the 3-way TCP handshake to set up a TCP connection. The others are blocked UDP packets.
Add this rule and retry. Code:
pass out quick on egress inet proto { tcp, udp } to VPN_IP port VPN_port
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 1st February 2011 at 08:03 PM. Reason: Added remark about VPN port
|
|
1st February 2011
|
||||
|
||||
|
Since you were never using PF until today, you are driving down a rat hole which is likely not the root cause of your problem. The default implementation should not be getting in the way of normal traffic, and OpenVPN uses standard UDP or TCP protocols.
However, OpenVPN mucks about with your routing tables, because it creates virtual subnets for VPN users. I have not used OpenVPN in a good number of years, so I cannot look at a configuration file and have something obvious jump out at me. But I would set PF aside and look for an OpenBSD user with a functioning OpenVPN environment. A quick use of the martial arts -- Google Fu -- finds a bunch of guidance. Much of it is dated, but you may find it helpful nevertheless, including some more recent stuff from this very forum: http://www.undeadly.org/cgi?action=a...20050727020729 http://www.daemonforums.org/showthread.php?t=527 http://www.daemonforums.org/showthread.php?t=3750 http://www.kernel-panic.it/openbsd/vpn/vpn4.html EDIT: Ah, I see that two posts jumped in. A log that does show blocking, and J65's response. I type slow.
|
|
1st February 2011
|
|||
|
|||
|
Quote:
Anyway, here it is: Code:
$ sudo openvpn client.ovpn Tue Feb 1 15:13:47 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010 Tue Feb 1 15:13:47 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Feb 1 15:13:47 2011 WARNING: file 'cert.dat' is group or others accessible Tue Feb 1 15:13:47 2011 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 1 15:13:47 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ] Tue Feb 1 15:13:47 2011 Local Options hash (VER=V4): '91138c76' Tue Feb 1 15:13:47 2011 Expected Remote Options hash (VER=V4): 'f5a300ca' Tue Feb 1 15:13:47 2011 Socket Buffers: R=[41600->65536] S=[9216->65536] Tue Feb 1 15:13:47 2011 UDPv4 link local (bound): [undef]:1194 Tue Feb 1 15:13:47 2011 UDPv4 link remote: [VPN IP]:3074 Tue Feb 1 15:13:47 2011 TLS: Initial packet from [VPN IP]:3074, sid=5f02f614 7ce7e591 Tue Feb 1 15:13:56 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=New_York/O=example.com/CN=example.com_CA/emailAddress=admin@example.com Tue Feb 1 15:13:56 2011 VERIFY OK: nsCertType=SERVER Tue Feb 1 15:13:56 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=New_York/O=example.com/CN=server/emailAddress=admin@example.com Tue Feb 1 15:13:58 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 256 bit key Tue Feb 1 15:13:58 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 1 15:13:58 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 256 bit key Tue Feb 1 15:13:58 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 1 15:13:58 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Tue Feb 1 15:13:58 2011 [server] Peer Connection Initiated with [VPN IP]:3074 Tue Feb 1 15:14:00 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Feb 1 15:14:00 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.100.2.0 255.255.255.0,redirect-gateway,dhcp-option DNS 10.100.2.1,route-gateway 10.100.2.1,topology subnet,ping 30,ping-restart 120,ifconfig 10.100.2.106 255.255.255.0' Tue Feb 1 15:14:00 2011 OPTIONS IMPORT: timers and/or timeouts modified Tue Feb 1 15:14:00 2011 OPTIONS IMPORT: --ifconfig/up options modified Tue Feb 1 15:14:00 2011 OPTIONS IMPORT: route options modified Tue Feb 1 15:14:00 2011 OPTIONS IMPORT: route-related options modified Tue Feb 1 15:14:00 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Feb 1 15:14:00 2011 ROUTE default_gateway=192.168.1.1 Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 destroy Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 create Tue Feb 1 15:14:00 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 10.100.2.106 netmask 255.255.255.0 mtu 1500 broadcast 10.100.2.255 link0 Tue Feb 1 15:14:00 2011 TUN/TAP device /dev/tun0 opened Tue Feb 1 15:14:02 2011 /sbin/route add -net [VPN IP] 192.168.1.1 -netmask 255.255.255.255 add net [VPN IP]: gateway 192.168.1.1 Tue Feb 1 15:14:02 2011 /sbin/route add -net 0.0.0.0 10.100.2.1 -netmask 128.0.0.0 add net 0.0.0.0: gateway 10.100.2.1 Tue Feb 1 15:14:02 2011 /sbin/route add -net 128.0.0.0 10.100.2.1 -netmask 128.0.0.0 add net 128.0.0.0: gateway 10.100.2.1 Tue Feb 1 15:14:02 2011 /sbin/route add -net 10.100.2.0 10.100.2.1 -netmask 255.255.255.0 add net 10.100.2.0: gateway 10.100.2.1 Tue Feb 1 15:14:02 2011 Initialization Sequence Completed Code:
$ sudo tcpdump -eni pflog0 tcpdump: listening on pflog0, link-type PFLOG 15:14:01.138655 rule 2/(match) block out on tun0: :: > ff02::1:ffd8:a554: [|icmp6] 15:14:08.588467 rule 2/(match) block out on nfe0: 192.168.1.4.16561 > 128.255.70.89.123: v4 client strat 0 poll 0 prec 0 [tos 0x10] 15:14:08.751031 rule 2/(match) block out on tun0: 10.100.2.106.42436 > 66.102.13.105.80: S 2924801927:2924801927(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp]> (DF) 15:14:19.297303 rule 2/(match) block out on tun0: 10.100.2.106 > 66.102.13.147: icmp: echo request 15:14:20.298122 rule 2/(match) block out on tun0: 10.100.2.106 > 66.102.13.147: icmp: echo request ^C 5 packets received by filter 0 packets dropped by kernel Quote:
I think I am currently leaning towards this problem, that I didn't set up virtual IPs correctly like all this 10.100.2.1 and stuff. Customer service guy tried to help me out anyway because they don't support *BSD and he told me to ping 10.100.1.1, 10.100.2.1 and 8.8.8.8, then a paste of route -n show. He said if I can't ping 10.100.1.1, then I am not actually on the VPN, so...I have no idea. He said he's not sure because I can't ping the gateway nor are there any error messages, so it looked like a dead end even though I was technically "connected". He told me to ask the OpenBSD people and so I Googled this forum and here I am. Here is a route should it be of any assistance: Code:
$ route -n show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface 0/1 10.100.1.1 UGS 0 0 - 8 tun0 default 192.168.1.1 UGS 9 62319 - 8 nfe0 10.100.1/24 link#6 UC 1 0 - 4 tun0 10.100.1/24 10.100.1.1 UGS 0 0 - 8 tun0 10.100.1.1 link#6 UHLc 3 0 - 4 tun0 92.241.168.20/32 192.168.1.1 UGS 0 0 - 8 nfe0 127/8 127.0.0.1 UGRS 0 0 33200 8 lo0 127.0.0.1 127.0.0.1 UH 7 134400 33200 4 lo0 128/1 10.100.1.1 UGS 0 0 - 8 tun0 192.168.1/24 link#1 UC 1 0 - 4 nfe0 192.168.1.1 00:xx:xx:xx:xx:xx UHLc 2 1643 - 4 nfe0 192.168.1.4 127.0.0.1 UGHS 0 0 33200 8 lo0 224/4 127.0.0.1 URS 0 0 33200 8 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface ::/104 ::1 UGRS 0 0 - 8 lo0 ::/96 ::1 UGRS 0 0 - 8 lo0 ::1 ::1 UH 14 0 33200 4 lo0 ::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0 ::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::ffff:0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0 2002::/24 ::1 UGRS 0 0 - 8 lo0 2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0 2002:e000::/20 ::1 UGRS 0 0 - 8 lo0 2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0 fe80::/10 ::1 UGRS 18 0 - 8 lo0 fe80::%nfe0/64 link#1 UC 0 0 - 4 nfe0 fe80::2xx:xxff:fexx:xxxx%nfe0 00:xx:xx:xx:xx:xx HL 0 0 - 4 lo0 fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0 fe80::1%lo0 link#3 UHL 0 0 - 4 lo0 fe80::%tun0/64 link#6 UC 0 0 - 4 tun0 fe80::fcxx:xxff:fexx:xxxx%tun0 fe:xx:xx:xx:xx:xx HL 0 0 - 4 lo0 fec0::/10 ::1 UGRS 0 0 - 8 lo0 ff01::/16 ::1 UGRS 0 0 - 8 lo0 ff01::%nfe0/32 link#1 UC 0 0 - 4 nfe0 ff01::%lo0/32 ::1 UC 0 0 - 4 lo0 ff01::%tun0/32 link#6 UC 0 0 - 4 tun0 ff02::/16 ::1 UGRS 38 0 - 8 lo0 ff02::%nfe0/32 link#1 UC 0 0 - 4 nfe0 ff02::%lo0/32 ::1 UC 0 0 - 4 lo0 ff02::%tun0/32 link#6 UC 0 0 - 4 tun0 Last edited by Emile; 1st February 2011 at 08:42 PM.
|
|
1st February 2011
|
|||
|
|||
|
Try this simple pf wich allows all traffic from both your NIC and tun0 device
Code:
#IF = re0 IF = nfe0 VPN_IF = tun0 set skip on lo0 block log all pass out quick on $IF pass out quick on $VPN_IF
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
Ok, it seems all is fine and dandy with pf (no need to post repetitive logs; the OpenVPN output is the same, and there is no blocked packets from tcpdump) but I still can't ping anything on the VPN network or access the internet.
So does this clear pf as not the culprit once and for all? I'm really unsure of this networking setup, especially VPN...is editing /etc/hostname.tun0 neccessary? I don't have anything in that file and don't know what to put inside it either.. Last edited by Emile; 1st February 2011 at 09:13 PM.
|
|
1st February 2011
|
|||
|
|||
|
The new pf.conf does clear pf , but in the beginning it was blocking some packets
What is the output of Code:
# ifconfig tun0 Code:
# ifconfig -A
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
Well in the VERY beginning my pf didn't even have any rules (well it did, but just blocking X server port) so nothing was being dropped, really since it was just the default pf.conf after all. But I guess it doesn't hurt to learn pf sometime soon for future purposes.
Code:
$ sudo ifconfig tun0
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:34
priority: 0
groups: tun
status: active
inet 10.100.2.106 netmask 0xffffff00 broadcast 10.100.2.255
inet6 fe80::fce1:xxff:fexx:xx34%tun0 prefixlen 64 scopeid 0x8
Code:
$ sudo ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:xx:xx:xx:xx:86
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
tun1: flags=9803<UP,BROADCAST,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:a9
priority: 0
groups: tun
status: no carrier
inet 10.100.1.9 netmask 0xffffff00 broadcast 10.100.1.255
inet6 fe80::fcxx:xxff:fexx:xxa9%tun1 prefixlen 64 scopeid 0x7
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:34
priority: 0
groups: tun
status: active
inet 10.100.2.106 netmask 0xffffff00 broadcast 10.100.2.255
inet6 fe80::fcxx:xxff:fexx:xx34%tun0 prefixlen 64 scopeid 0x8
|
|
1st February 2011
|
|||
|
|||
|
The address of your nfe0 NIC is 192.168.1.4, but in the routing table it is 192.168.1.1
Code:
$ route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
0/1 10.100.1.1 UGS 0 0 - 8 tun0
default 192.168.1.1 UGS 9 62319 - 8 nfe0
10.100.1/24 link#6 UC 1 0 - 4 tun0
10.100.1/24 10.100.1.1 UGS 0 0 - 8 tun0
10.100.1.1 link#6 UHLc 3 0 - 4 tun0
92.241.168.20/32 192.168.1.1 UGS 0 0 - 8 nfe0
127/8 127.0.0.1 UGRS 0 0 33200 8 lo0
127.0.0.1 127.0.0.1 UH 7 134400 33200 4 lo0
128/1 10.100.1.1 UGS 0 0 - 8 tun0
192.168.1/24 link#1 UC 1 0 - 4 nfe0
192.168.1.1 00:xx:xx:xx:xx:xx UHLc 2 1643 - 4 nfe0
192.168.1.4 127.0.0.1 UGHS 0 0 33200 8 lo0
224/4 127.0.0.1 URS 0 0 33200 8 lo0
$ ifconfig nfe0
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:xx:xx:xx:xx:86
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
Because of these two abnormalities you are getting these 'no routes to host' messages. Code:
tun1: flags=9803<UP,BROADCAST,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:a9
priority: 0
groups: tun
status: no carrier
inet 10.100.1.9 netmask 0xffffff00 broadcast 10.100.1.255
inet6 fe80::fcxx:xxff:fexx:xxa9%tun1 prefixlen 64 scopeid 0x7
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:34
priority: 0
groups: tun
status: active
inet 10.100.2.106 netmask 0xffffff00 broadcast 10.100.2.255
inet6 fe80::fcxx:xxff:fexx:xx34%tun0 prefixlen 64 scopeid 0x8
OpenVPN seems to configure tun0 Code:
Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 destroy Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 create Tue Feb 1 15:14:00 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Tue Feb 1 15:14:00 2011 /sbin/ifconfig tun0 10.100.2.106 netmask 255.255.255.0 mtu 1500 broadcast 10.100.2.255 link0 Tue Feb 1 15:14:00 2011 TUN/TAP device /dev/tun0 opened How about the Windows approach, rebooting the system?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
Does $ pkg_info -M openvpn give any clue about configuring OpenVPN?
Have you seen http://www.daemonforums.org/showthread.php?t=527 ?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|
|
1st February 2011
|
|||
|
|||
|
Okay, just as documentation, I've just rebooted and here is my fresh ifconfig:
Code:
$ sudo ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:xx:xx:xx:xx:86
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
tun0: flags=10<POINTOPOINT> mtu 1500
priority: 0
groups: tun
status: down
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
|
|
1st February 2011
|
|||
|
|||
|
Quote:
Code:
$ pkg_info -M openvpn Information for inst:openvpn-2.1.0p0 Install notice: OpenVPN re-creates the tun(4) interface at startup; compatibility with PF is improved by starting it from hostname.if(5). For example: # cat << EOF > /etc/hostname.tun0 up !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf EOF Yes I'm trying to understand the configuration given in that thread and I messaged the thread creator for help but it seems this individual has not been on these forums since October of 2010. Doesn't OpenVPN automatically create the routes anyway?
|
|
1st February 2011
|
|||
|
|||
|
And here's when I try to connect again...
Code:
$ sudo openvpn client.ovpn Tue Feb 1 17:27:17 2011 OpenVPN 2.1.0 i386-unknown-openbsd4.8 [SSL] [LZO2] built on Aug 10 2010 Tue Feb 1 17:27:17 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Feb 1 17:27:17 2011 WARNING: file 'cert.dat' is group or others accessible Tue Feb 1 17:27:17 2011 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 1 17:27:17 2011 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ] Tue Feb 1 17:27:17 2011 Local Options hash (VER=V4): '91138c76' Tue Feb 1 17:27:17 2011 Expected Remote Options hash (VER=V4): 'f5a300ca' Tue Feb 1 17:27:17 2011 Socket Buffers: R=[41600->65536] S=[9216->65536] Tue Feb 1 17:27:17 2011 UDPv4 link local (bound): [undef]:1194 Tue Feb 1 17:27:17 2011 UDPv4 link remote: [VPN IP]:3074 Tue Feb 1 17:27:18 2011 TLS: Initial packet from [VPN IP]:3074, sid=119e7e18 7e8b693a Tue Feb 1 17:27:19 2011 VERIFY OK: depth=1, /C=US/ST=NY/L=New_York/O=example.com/CN=example.com_CA/emailAddress=admin@example.com Tue Feb 1 17:27:19 2011 VERIFY OK: nsCertType=SERVER Tue Feb 1 17:27:19 2011 VERIFY OK: depth=0, /C=US/ST=NY/L=New_York/O=example.com/CN=server/emailAddress=admin@example.com Tue Feb 1 17:27:21 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 256 bit key Tue Feb 1 17:27:21 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 1 17:27:21 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 256 bit key Tue Feb 1 17:27:21 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 1 17:27:21 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Tue Feb 1 17:27:21 2011 [server] Peer Connection Initiated with [VPN IP]:3074 Tue Feb 1 17:27:23 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Feb 1 17:27:23 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.100.2.0 255.255.255.0,redirect-gateway,dhcp-option DNS 10.100.2.1,route-gateway 10.100.2.1,topology subnet,ping 30,ping-restart 120,ifconfig 10.100.2.106 255.255.255.0' Tue Feb 1 17:27:23 2011 OPTIONS IMPORT: timers and/or timeouts modified Tue Feb 1 17:27:23 2011 OPTIONS IMPORT: --ifconfig/up options modified Tue Feb 1 17:27:23 2011 OPTIONS IMPORT: route options modified Tue Feb 1 17:27:23 2011 OPTIONS IMPORT: route-related options modified Tue Feb 1 17:27:23 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Feb 1 17:27:23 2011 ROUTE default_gateway=192.168.1.1 Tue Feb 1 17:27:23 2011 /sbin/ifconfig tun0 destroy Tue Feb 1 17:27:23 2011 /sbin/ifconfig tun0 create Tue Feb 1 17:27:23 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Tue Feb 1 17:27:23 2011 /sbin/ifconfig tun0 10.100.2.106 netmask 255.255.255.0 mtu 1500 broadcast 10.100.2.255 link0 Tue Feb 1 17:27:23 2011 TUN/TAP device /dev/tun0 opened Tue Feb 1 17:27:25 2011 /sbin/route add -net [VPN IP] 192.168.1.1 -netmask 255.255.255.255 add net [VPN IP]: gateway 192.168.1.1 Tue Feb 1 17:27:25 2011 /sbin/route add -net 0.0.0.0 10.100.2.1 -netmask 128.0.0.0 add net 0.0.0.0: gateway 10.100.2.1 Tue Feb 1 17:27:25 2011 /sbin/route add -net 128.0.0.0 10.100.2.1 -netmask 128.0.0.0 add net 128.0.0.0: gateway 10.100.2.1 Tue Feb 1 17:27:25 2011 /sbin/route add -net 10.100.2.0 10.100.2.1 -netmask 255.255.255.0 add net 10.100.2.0: gateway 10.100.2.1 Tue Feb 1 17:27:25 2011 Initialization Sequence Completed Code:
$ ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:xx:xx:xx:xx:86
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:2c
priority: 0
groups: tun
status: active
inet 10.100.1.112 netmask 0xffffff00 broadcast 10.100.1.255
inet6 fe80::fcxx:xxff:fexx:xx2c%tun0 prefixlen 64 scopeid 0x6
Code:
Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface 0/1 10.100.1.1 UGS 0 0 - 8 tun0 default 192.168.1.1 UGS 10 1849 - 8 nfe0 10.100.1/24 link#6 UC 1 0 - 4 tun0 10.100.1/24 10.100.1.1 UGS 0 0 - 8 tun0 10.100.1.1 link#6 UHLc 3 0 - 4 tun0 [VPN IP]/32 192.168.1.1 UGS 0 0 - 8 nfe0 127/8 127.0.0.1 UGRS 0 0 33200 8 lo0 127.0.0.1 127.0.0.1 UH 5 1233 33200 4 lo0 128/1 10.100.1.1 UGS 0 0 - 8 tun0 192.168.1/24 link#1 UC 1 0 - 4 nfe0 192.168.1.1 00:xx:xx:xx:xx:8c UHLc 2 54 - 4 nfe0 192.168.1.4 127.0.0.1 UGHS 0 0 33200 8 lo0 224/4 127.0.0.1 URS 0 0 33200 8 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface ::/104 ::1 UGRS 0 0 - 8 lo0 ::/96 ::1 UGRS 0 0 - 8 lo0 ::1 ::1 UH 14 0 33200 4 lo0 ::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0 ::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::ffff:0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0 2002::/24 ::1 UGRS 0 0 - 8 lo0 2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0 2002:e000::/20 ::1 UGRS 0 0 - 8 lo0 2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0 fe80::/10 ::1 UGRS 2 0 - 8 lo0 fe80::%nfe0/64 link#1 UC 0 0 - 4 nfe0 fe80::2xx:xxff:fexx:xx86%nfe0 00:xx:xx:xx:xx:86 HL 0 0 - 4 lo0 fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0 fe80::1%lo0 link#3 UHL 0 0 - 4 lo0 fe80::%tun0/64 link#6 UC 0 0 - 4 tun0 fe80::fcxx:xxff:fexx:xxa0%tun0 fe:xx:xx:xx:xx:a0 HL 0 0 - 4 lo0 fec0::/10 ::1 UGRS 0 0 - 8 lo0 ff01::/16 ::1 UGRS 0 0 - 8 lo0 ff01::%nfe0/32 link#1 UC 0 0 - 4 nfe0 ff01::%lo0/32 ::1 UC 0 0 - 4 lo0 ff01::%tun0/32 link#6 UC 0 0 - 4 tun0 ff02::/16 ::1 UGRS 6 0 - 8 lo0 ff02::%nfe0/32 link#1 UC 0 0 - 4 nfe0 ff02::%lo0/32 ::1 UC 0 0 - 4 lo0 ff02::%tun0/32 link#6 UC 0 0 - 4 tun0 Last edited by Emile; 1st February 2011 at 10:38 PM.
|
|
1st February 2011
|
|||
|
|||
|
Here is my ifconfig and route under normal circumstances (without starting the VPN). Everything works fine in this mode:
Code:
$ sudo ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:xx:xx:xx:xx:86
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
tun0: flags=9803<UP,BROADCAST,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr fe:xx:xx:xx:xx:a0
priority: 0
groups: tun
status: no carrier
inet 10.100.1.112 netmask 0xffffff00 broadcast 10.100.1.255
inet6 fe80::fcxx:xxff:fexx:xxa0%tun0 prefixlen 64 scopeid 0x6
Code:
Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 192.168.1.1 UGS 10 2197 - 8 nfe0 10.100.1/24 link#6 C 0 0 - 4 tun0 127/8 127.0.0.1 UGRS 0 0 33200 8 lo0 127.0.0.1 127.0.0.1 UH 5 1382 33200 4 lo0 192.168.1/24 link#1 UC 1 0 - 4 nfe0 192.168.1.1 00:xx:xx:xx:xx:8c UHLc 1 54 - 4 nfe0 192.168.1.4 127.0.0.1 UGHS 0 0 33200 8 lo0 224/4 127.0.0.1 URS 0 0 33200 8 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface ::/104 ::1 UGRS 0 0 - 8 lo0 ::/96 ::1 UGRS 0 0 - 8 lo0 ::1 ::1 UH 14 0 33200 4 lo0 ::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0 ::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::ffff:0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0 2002::/24 ::1 UGRS 0 0 - 8 lo0 2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0 2002:e000::/20 ::1 UGRS 0 0 - 8 lo0 2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0 fe80::/10 ::1 UGRS 2 0 - 8 lo0 fe80::%nfe0/64 link#1 UC 0 0 - 4 nfe0 fe80::2xx:xxff:fexx:xx86%nfe0 00:xx:xx:xx:xx:86 HL 0 0 - 4 lo0 fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0 fe80::1%lo0 link#3 UHL 0 0 - 4 lo0 fe80::%tun0/64 link#6 C 0 0 - 4 tun0 fe80::fcxx:xxff:fexx:xxa0%tun0 fe:xx:xx:xx:xx:a0 HL 0 0 - 4 lo0 fec0::/10 ::1 UGRS 0 0 - 8 lo0 ff01::/16 ::1 UGRS 0 0 - 8 lo0 ff01::%nfe0/32 link#1 UC 0 0 - 4 nfe0 ff01::%lo0/32 ::1 UC 0 0 - 4 lo0 ff01::%tun0/32 link#6 C 0 0 - 4 tun0 ff02::/16 ::1 UGRS 6 0 - 8 lo0 ff02::%nfe0/32 link#1 UC 0 0 - 4 nfe0 ff02::%lo0/32 ::1 UC 0 0 - 4 lo0 ff02::%tun0/32 link#6 C 0 0 - 4 tun0
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| OpenVPN BSD_Auth | There0 | OpenBSD Installation and Upgrading | 0 | 8th May 2010 09:53 AM |
| Cannot set up OpenVPN | guitarscn | OpenBSD Security | 8 | 5th October 2009 05:19 PM |
| SSH tunneling vs. OpenVPN | revzalot | OpenBSD Security | 8 | 31st May 2009 06:45 AM |
| OpenVPN management | bichumo | General software and network | 0 | 15th July 2008 09:05 AM |
| OpenVPN - Problem with connections | MME | General software and network | 2 | 26th May 2008 06:42 PM |
Linear Mode
