FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-21-2012, 02:38 PM
 
Default OpenVPN TAP interface problem.

Rafał Radecki wrote:
> Hi all.
>
> I have an OpenVPN server:
> 2.2.1-1 x86_64
<snip>
> After successful start of openvpn service (Tue Aug 21 16:12:24 2012
> us=644993 Initialization Sequence Completed in logfile) I have:
> Client interface:
> 9: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
> link/ether 4a:3d:52:dc:51:c3 brd ff:ff:ff:ff:ff:ff
>
> When I start the tunnel I am not able to ping 1.2.3.4 IP on server, the
> TAP interface is also in DOWN state. I have no firewall configured. My
client
> log file is attached.
> Should I have an IP addres on my TAP interface?

I know nothing at all about OpenVPN, but the first thing I'd look at is
why it's in a DOWN state.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-21-2012, 02:43 PM
Leon Fauster
 
Default OpenVPN TAP interface problem.

Am 21.08.2012 um 16:27 schrieb Rafał Radecki:
> When I start the tunnel I am not able to ping 1.2.3.4 IP on server, the TAP
> interface is also in DOWN state. I have no firewall configured. My client
> log file is attached.
> Should I have an IP addres on my TAP interface?



What are your goals?

A bridged setup (dev tap) or a routed network (dev tun)?

LF




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-22-2012, 11:51 AM
Rafał Radecki
 
Default OpenVPN TAP interface problem.

The situation has changed a little bit

Now I am using a routed setup (bridged setup was an old remnant).
My server is:
CentOS release 6.2 (Final)
2.6.32-220.el6.x86_64
openvpn-2.2.1-1.x86_64
My server config file is:
local 1.2.3.4
port 123
proto tcp-server
dev tun0
tls-server
remote-cert-tls client
tls-auth /etc/openvpn/keys/ta.key 0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
;crl-verify /etc/openvpn/keys/crl.pem
server 172.16.1.0 255.255.255.0
;ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 192.168.0.0 255.255.255.0 172.16.1.1"
push "route 172.17.0.0 255.255.0.0 172.16.1.1"
push "dhcp-option DNS 192.168.0.2"
push "dhcp-option DNS 192.168.0.1"
client-to-client
duplicate-cn
keepalive 10 60
cipher AES-256-CBC # AES
comp-lzo
max-clients 20
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 4

My client file is:
Ubuntu 12.04.1 LTS
3.2.0-29-generic x86_64
openvpn-2.2.1-8ubuntu1
My client config file is:
remote 1.2.3.4
port 123
dev tun0
proto tcp-client
resolv-retry 120
;persist-key
;persist-tun
remote-cert-tls server
tls-remote server.example.com
tls-client
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/client.key
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
verb 4
log /var/log/openvpn.log
status /var/log/openvpn-status.log
comp-lzo

When I start the openvpn server I get the output in server.log.gz.
Also I get one new interface
20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 172.16.1.1 peer 172.16.1.2/32 scope global tun0

In iptables I have (default policies DROP, only for OUTPUT ACCEPT):
-A INPUT -s 172.16.1.0/255.255.255.0 -i tun0 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -d 172.16.1.0/255.255.255.0 -o tun0 -j ACCEPT
-A FORWARD -s 172.16.1.0/255.255.255.0 -i tun0 -j ACCEPT

When I start openvpn on client in the logfile (client.log.gz) I have
"Initialization Sequence Completed" but in ip a s:

14: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen
100
link/none

The DOWN state is the problem as I think, also there is no IP configuration
assigned.

At the same moment on server I have output in server2.log.gz.
There are lines
Peer Connection Initiated with 1.2.3.4:44638
and
Wed Aug 22 13:37:53 2012 us=331639 client/1.2.3.4:44638 MULTI: Learn:
172.16.1.6 -> client/1.2.3.4:44638
Wed Aug 22 13:37:53 2012 us=331648 client/1.2.3.4:44638 MULTI: primary
virtual IP for client/1.2.3.4:44638: 172.16.1.6
But also a line
Wed Aug 22 13:38:07 2012 us=418282 client/1.2.3.4:44638 Connection reset,
restarting [0]

I have no firewall on my client host.

Any suggestions?

Best regards,
Rafał.

2012/8/21 Leon Fauster <leonfauster@googlemail.com>

> Am 21.08.2012 um 16:27 schrieb Rafał Radecki:
> > When I start the tunnel I am not able to ping 1.2.3.4 IP on server, the
> TAP
> > interface is also in DOWN state. I have no firewall configured. My client
> > log file is attached.
> > Should I have an IP addres on my TAP interface?
>
>
>
> What are your goals?
>
> A bridged setup (dev tap) or a routed network (dev tun)?
>
> LF
>
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 02:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org