FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 08-30-2012, 11:30 AM
Darac Marjal
 
Default OpenVPN

On Thu, Aug 30, 2012 at 02:06:17AM -0700, cletusjenkins wrote:
> I'm trying to connect to a VPN service via openVPN. When I try to connect (via network manager's gui) I get an error saying the openvpn service is not running. I do not see any errors in messages, syslog, daemon.log or dmesg about this. When I manually start the service it just says that it is starting, but nothing else. However running ps -ef shows no new processes. Stopping the openvpn service makes no difference in the process list either. I've restarted network-manager and even rebooted to ensure everything is loading properly, but to no avail.
>
> To get to my current state i installed:
>
> sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome
>
> I created the VPN connection with the instructions from the VPN service, but since I can't get the OpenVPN software to even run I don't know what help they can provide.

Try adding the following lines to your server's vpn *.conf file:

verb 3
log-append /tmp/openvpn.log

and restart the openvpn service. If the file doesn't appear then you may
have a syntax error in your config. If the file does appear, check it
for errors.
 
Old 08-30-2012, 01:44 PM
cletusjenkins
 
Default OpenVPN

> On Thu, Aug 30, 2012 at 02:06:17AM -0700, cletusjenkins wrote:
> > I'm trying to connect to a VPN service via openVPN. When I try to connect (via network manager's gui) I get an error saying the openvpn service is not running. I do not see any errors in messages, syslog, daemon.log or dmesg about this. When I manually start the service it just says that it is starting, but nothing else. However running ps -ef shows no new processes. Stopping the openvpn service makes no difference in the process list either. I've restarted network-manager and even rebooted to ensure everything is loading properly, but to no avail.
> >
> > To get to my current state i installed:
> >
> > sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome
> >
> > I created the VPN connection with the instructions from the VPN service, but since I can't get the OpenVPN software to even run I don't know what help they can provide.
>
> Try adding the following lines to your server's vpn *.conf file:
>
> verb 3
> log-append /tmp/openvpn.log
>
> and restart the openvpn service. If the file doesn't appear then you may
> have a syntax error in your config. If the file does appear, check it
> for errors.
>

I don't quite follow what you are advising me. I don't have any vpn *.conf file at least not in /etc/, I'm not running a vpn server, I'm just trying to connect to an existing vpn server outside of my control. When I try to connect to the VPN, it says the connection fails because the openvpn service isn't running. I've tried running a dpkg-reconfigure on openvpn, but it doesn't ask for any configuration options from me, so whatever it sets up must be vanilla default settings. From the error message I thought the openvpn service would need to be running to support my outward connection, but wouldn't need any local configuration (other than the VPN certificate and settings I got from the company I signed up, which I entered into the network-manager's VPN gui).

(Oh, and BTW this is all on stable)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1421832127.847.1346334557006.JavaMail.sas@172.29.2 44.248
 
Old 08-30-2012, 06:41 PM
Registros Web
 
Default OpenVPN

On Thu, Aug 30, 2012 at 3:44 PM, cletusjenkins <cletusjenkins@zoho.com> wrote:
> > On Thu, Aug 30, 2012 at 02:06:17AM -0700, cletusjenkins wrote:
> > > I'm trying to connect to a VPN service via openVPN. When I try to connect (via network manager's gui) I get an error saying the openvpn service is not running. I do not see any errors in messages, syslog, daemon.log or dmesg about this. When I manually start the service it just says that it is starting, but nothing else. However running ps -ef shows no new processes. Stopping the openvpn service makes no difference in the process list either. I've restarted network-manager and even rebooted to ensure everything is loading properly, but to no avail.
> > >
> > > To get to my current state i installed:
> > >
> > > sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome
> > >
> > > I created the VPN connection with the instructions from the VPN service, but since I can't get the OpenVPN software to even run I don't know what help they can provide.
> >
> > Try adding the following lines to your server's vpn *.conf file:
> >
> > verb 3
> > log-append /tmp/openvpn.log
> >
> > and restart the openvpn service. If the file doesn't appear then you may
> > have a syntax error in your config. If the file does appear, check it
> > for errors.
> >
>
> I don't quite follow what you are advising me. I don't have any vpn *.conf file at least not in /etc/, I'm not running a vpn server, I'm just trying to connect to an existing vpn server outside of my control. When I try to connect to the VPN, it says the connection fails because the openvpn service isn't running. I've tried running a dpkg-reconfigure on openvpn, but it doesn't ask for any configuration options from me, so whatever it sets up must be vanilla default settings. From the error message I thought the openvpn service would need to be running to support my outward connection, but wouldn't need any local configuration (other than the VPN certificate and settings I got from the company I signed up, which I entered into the network-manager's VPN gui).

Whether you are acting as a server or a client you need to have a
config file (.conf) in the /etc/openvpn directory (wich is the default
location where the openvpn service will look for .conf files and will
try to start those connections automatically when the service is
started). Check if there is one. In case there is one, you can open a
console and try to start the connection manually so you could see if
it throws any errors with the following command:

# openvpn /etc/openvpn/<configfile>.conf

If there is no .conf file, you need to set one up. Check for examples
at the openvpn.net site
(http://openvpn.net/index.php/open-source.html).

Cheers!
Fred.


>
> (Oh, and BTW this is all on stable)
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/1421832127.847.1346334557006.JavaMail.sas@172.29.2 44.248
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAP4bfpyXvg_HL1S+z-uFC5AgacO_RNyg045cvhED99FTExcgSQ@mail.gmail.com">h ttp://lists.debian.org/CAP4bfpyXvg_HL1S+z-uFC5AgacO_RNyg045cvhED99FTExcgSQ@mail.gmail.com
 
Old 08-30-2012, 07:42 PM
Joe
 
Default OpenVPN

On Thu, 30 Aug 2012 20:41:00 +0200
Registros Web <registros.web@gmail.com> wrote:

> On Thu, Aug 30, 2012 at 3:44 PM, cletusjenkins
> <cletusjenkins@zoho.com> wrote:
> > > On Thu, Aug 30, 2012 at 02:06:17AM -0700, cletusjenkins wrote:
> > > > I'm trying to connect to a VPN service via openVPN. When I try
> > > > to connect (via network manager's gui) I get an error saying
> > > > the openvpn service is not running. I do not see any errors in
> > > > messages, syslog, daemon.log or dmesg about this. When I
> > > > manually start the service it just says that it is starting,
> > > > but nothing else. However running ps -ef shows no new
> > > > processes. Stopping the openvpn service makes no difference in
> > > > the process list either. I've restarted network-manager and
> > > > even rebooted to ensure everything is loading properly, but to
> > > > no avail.
> > > >
> > > > To get to my current state i installed:
> > > >
> > > > sudo apt-get install openvpn network-manager-openvpn
> > > > network-manager-openvpn-gnome
> > > >
> > > > I created the VPN connection with the instructions from the
> > > > VPN service, but since I can't get the OpenVPN software to
> > > > even run I don't know what help they can provide.
> > >
> > > Try adding the following lines to your server's vpn *.conf file:
> > >
> > > verb 3
> > > log-append /tmp/openvpn.log
> > >
> > > and restart the openvpn service. If the file doesn't appear then
> > > you may have a syntax error in your config. If the file does
> > > appear, check it for errors.
> > >
> >
> > I don't quite follow what you are advising me. I don't have any vpn
> > *.conf file at least not in /etc/, I'm not running a vpn server,
> > I'm just trying to connect to an existing vpn server outside of my
> > control. When I try to connect to the VPN, it says the connection
> > fails because the openvpn service isn't running. I've tried running
> > a dpkg-reconfigure on openvpn, but it doesn't ask for any
> > configuration options from me, so whatever it sets up must be
> > vanilla default settings. From the error message I thought the
> > openvpn service would need to be running to support my outward
> > connection, but wouldn't need any local configuration (other than
> > the VPN certificate and settings I got from the company I signed
> > up, which I entered into the network-manager's VPN gui).
>
> Whether you are acting as a server or a client you need to have a
> config file (.conf) in the /etc/openvpn directory (wich is the default
> location where the openvpn service will look for .conf files and will
> try to start those connections automatically when the service is
> started). Check if there is one. In case there is one, you can open a
> console and try to start the connection manually so you could see if
> it throws any errors with the following command:
>
> # openvpn /etc/openvpn/<configfile>.conf
>
> If there is no .conf file, you need to set one up. Check for examples
> at the openvpn.net site
> (http://openvpn.net/index.php/open-source.html).
>

Network Manager can handle most OpenVPN configuration options, and is
a viable alternative to using a command-line invocation with a
configuration file. As long as you don't get too exotic, and the
server admin is aware of the NM plugin's current limitations. I use NM
on Ubuntu 10 to connect to an OpenVPN server on Squeeze.

Assuming the OP has been given the correct configuration details to be
used with NM, I think this problem is likely to be caused by a network
blockage of some kind, possibly a workstation firewall, or even a
misspelled URL. As long as the client can see the server, which appears
not to be the case here, some sort of useful error message should be
produced, not just 'I can't see it'.

--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120830204215.6ad074b6@jretrading.com">http://lists.debian.org/20120830204215.6ad074b6@jretrading.com
 
Old 08-30-2012, 09:16 PM
cletusjenkins
 
Default OpenVPN

>Whether you are acting as a server or a client you need to have a
>config file (.conf) in the /etc/openvpn directory (wich is the default
>location where the openvpn service will look for .conf files and will
>try to start those connections automatically when the service is
>started). Check if there is one. In case there is one, you can open a
>console and try to start the connection manually so you could see if
>it throws any errors with the following command:
>
># openvpn /etc/openvpn/.conf
>
>If there is no .conf file, you need to set one up. Check for examples
>at the openvpn.net site
>(http://openvpn.net/index.php/open-source.html).
>
>Cheers!
>Fred.

thanks for the reply. I've built a *.conf file, 99% of it is the example file for a client from the link, my changes were to make it:
use tcp (told to by the VPN company)
the hostname to connect and port (from the company)
to use tun (when I tried it with tap it acted like it connected, but it totally shutdown my internet connectivity, can't find any advice on this from the company)
then I appended the following:

log-append /tmp/openvpn.log

auth-user-pass

ca /etc/openvpn/<companyname>.ca.crt

The last line above is the ca the company told me to download and save.

I can now start openvpn as you suggest, I can still browse, but I am not going through the VPN (sites that tell you your IP address, show my actual IP not the VPN's)

Here is the output in the openvpn.log:

Thu Aug 30 17:03:00 2012 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 20 2012
Thu Aug 30 17:03:08 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 30 17:03:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 30 17:03:08 2012 LZO compression initialized
Thu Aug 30 17:03:08 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug 30 17:03:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Aug 30 17:03:09 2012 RESOLVE: NOTE: vpn.<companyname>.com resolves to 10 addresses
Thu Aug 30 17:03:09 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 30 17:03:09 2012 Local Options hash (VER=V4): '31fdf004'
Thu Aug 30 17:03:09 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Aug 30 17:03:09 2012 Attempting to establish TCP connection with [AF_INET]95.211.149.152:1194 [nonblock]
Thu Aug 30 17:03:10 2012 TCP connection established with [AF_INET]95.211.149.152:1194
Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link local: [undef]
Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link remote: [AF_INET]95.211.149.152:1194
Thu Aug 30 17:03:10 2012 TLS: Initial packet from [AF_INET]95.211.149.152:1194, sid=9c3a1f31 9ecb2837
Thu Aug 30 17:03:10 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 30 17:03:12 2012 VERIFY OK: depth=1, /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=BTGuard_CA/emailAddress=support@btguard.com
Thu Aug 30 17:03:12 2012 VERIFY OK: depth=0, /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=server/emailAddress=support@btguard.com
Thu Aug 30 17:03:13 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Aug 30 17:03:13 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1576', remote='link-mtu 1543'
Thu Aug 30 17:03:13 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Aug 30 17:03:13 2012 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 30 17:03:13 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 30 17:03:13 2012 [server] Peer Connection Initiated with [AF_INET]95.211.149.152:1194
Thu Aug 30 17:03:16 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Aug 30 17:03:16 2012 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway,route 10.10.0.1,topology net30,ping 20,ping-restart 240,ifconfig 10.10.0.170 10.10.0.169'
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: route options modified
Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 30 17:03:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Aug 30 17:03:16 2012 ROUTE default_gateway=192.168.1.254
Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.10.0.1
Thu Aug 30 17:03:16 2012 TUN/TAP device tap0 opened
Thu Aug 30 17:03:16 2012 TUN/TAP TX queue length set to 100
Thu Aug 30 17:03:16 2012 /sbin/ifconfig tap0 10.10.0.170 netmask 10.10.0.169 mtu 1500 broadcast 255.255.255.254
SIOCSIFNETMASK: Invalid argument
Thu Aug 30 17:03:16 2012 Linux ifconfig failed: external program exited with error status: 1
Thu Aug 30 17:03:16 2012 Exiting

I can post the entire *.conf file if that would be better, the only reason I didn't is because of its length.

What I don't get is the contents of this file are the same settings I entered into the network-manager-openvpn-gnome gui. Shouldn't that gui set up such a file or some gconf or some other equivalent? Does using the gui normally work?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/704043732.1389.1346361667460.JavaMail.sas@172.29.2 54.227
 
Old 08-30-2012, 09:33 PM
cletusjenkins
 
Default OpenVPN

-- clet
debian is my main squeeze


---- On Thu, 30 Aug 2012 12:42:15 -0700 Joe<joe@jretrading.com> wrote ----

> On Thu, 30 Aug 2012 20:41:00 +0200
> Registros Web <registros.web@gmail.com> wrote:
>
> Network Manager can handle most OpenVPN configuration options, and is
> a viable alternative to using a command-line invocation with a
> configuration file. As long as you don't get too exotic, and the
> server admin is aware of the NM plugin's current limitations. I use NM
> on Ubuntu 10 to connect to an OpenVPN server on Squeeze.
>
> Assuming the OP has been given the correct configuration details to be
> used with NM, I think this problem is likely to be caused by a network
> blockage of some kind, possibly a workstation firewall, or even a
> misspelled URL. As long as the client can see the server, which appears
> not to be the case here, some sort of useful error message should be
> produced, not just 'I can't see it'.
>
> --
> Joe

thanks for the reply. This is what I sort of assumed (sorry, I didn't really know anything about openvpn before trying to set this up), but the weird thing is when I try to connect to the VPN via the gui, immediately it comes back with a failure, complaining about the openvpn service not running. It doesn't take a second to grind on DNS or anything, just immediately it comes back with a failure message. When I tail the log file I setup, and start openvpn with the conf file, it takes a good 20-30 seconds to go through the process.

One unusual thing I noticed is if I just do a generic "/etc/init.d/openvpn start", the service now starts and keeps running (still not working, but it did ask for my vpn user and password), but if I start it by specifying the conf file directly with "openvpn /etc/openvpn/<company-name>.conf" it goes through the same motions, but then the service terminates right away. If I try to start the vpn settings in the network-manager gui after starting it via init.d I get zero error messages, but also doesn't work. Thanks.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/130581003.2342.1346362695949.JavaMail.sas2@172.29. 254.227
 
Old 08-30-2012, 09:45 PM
Joe
 
Default OpenVPN

On Thu, 30 Aug 2012 14:16:07 -0700
cletusjenkins <cletusjenkins@zoho.com> wrote:

> Does
> using the gui normally work?
>
>

Yes, as I posted earlier, I use Network Manager on a now somewhat old
Ubuntu to connect to OpenVPN on squeeze. I mostly use it at free WiFi
locations, to route traffic through my home server. But I did have the
advantage of installing and configuring the server as well as the
clients, and could connect them with Ethernet cables until all was well.

OpenVPN is one of those things where a large number of ducks need to be
carefully aligned before it works. After that, it Just Works forever,
or at least until the certificates expire.

--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120830224508.5bfccdec@jretrading.com">http://lists.debian.org/20120830224508.5bfccdec@jretrading.com
 
Old 08-30-2012, 10:03 PM
cletusjenkins
 
Default OpenVPN

> ---- On Thu, 30 Aug 2012 14:45:08 -0700 Joe<joe@jretrading.com> wrote ----
>
> > On Thu, 30 Aug 2012 14:16:07 -0700
> > cletusjenkins <cletusjenkins@zoho.com> wrote:
> >
> > > Does
> > > using the gui normally work?
> > >
> >
> > Yes, as I posted earlier, I use Network Manager on a now somewhat old
> > Ubuntu to connect to OpenVPN on squeeze. I mostly use it at free WiFi
> > locations, to route traffic through my home server. But I did have the
> > advantage of installing and configuring the server as well as the
> > clients, and could connect them with Ethernet cables until all was well.
> >
> > OpenVPN is one of those things where a large number of ducks need to be
> > carefully aligned before it works. After that, it Just Works forever,
> > or at least until the certificates expire.
> >
> > --
> > Joe
>

That sounds good, at least once I get it rolling, it should keep on keeping on. You can't beat that.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1751939068.829.1346364232097.JavaMail.sas@172.29.2 51.230
 
Old 08-31-2012, 08:23 AM
Registros Web
 
Default OpenVPN

On Thu, Aug 30, 2012 at 11:16 PM, cletusjenkins <cletusjenkins@zoho.com> wrote:
>
>>Whether you are acting as a server or a client you need to have a
>>config file (.conf) in the /etc/openvpn directory (wich is the default
>>location where the openvpn service will look for .conf files and will
>>try to start those connections automatically when the service is
>>started). Check if there is one. In case there is one, you can open a
>>console and try to start the connection manually so you could see if
>>it throws any errors with the following command:
>>
>># openvpn /etc/openvpn/.conf
>>
>>If there is no .conf file, you need to set one up. Check for examples
>>at the openvpn.net site
>>(http://openvpn.net/index.php/open-source.html).
>>
>>Cheers!
>>Fred.
>
> thanks for the reply. I've built a *.conf file, 99% of it is the example file for a client from the link, my changes were to make it:
> use tcp (told to by the VPN company)
> the hostname to connect and port (from the company)
> to use tun (when I tried it with tap it acted like it connected, but it totally shutdown my internet connectivity, can't find any advice on this from the company)
> then I appended the following:
>
> log-append /tmp/openvpn.log
>
> auth-user-pass
>
> ca /etc/openvpn/<companyname>.ca.crt
>
> The last line above is the ca the company told me to download and save.
>
> I can now start openvpn as you suggest, I can still browse, but I am not going through the VPN (sites that tell you your IP address, show my actual IP not the VPN's)
>
> Here is the output in the openvpn.log:
>
> Thu Aug 30 17:03:00 2012 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 20 2012
> Thu Aug 30 17:03:08 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
> Thu Aug 30 17:03:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
> Thu Aug 30 17:03:08 2012 LZO compression initialized
> Thu Aug 30 17:03:08 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
> Thu Aug 30 17:03:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
> Thu Aug 30 17:03:09 2012 RESOLVE: NOTE: vpn.<companyname>.com resolves to 10 addresses
> Thu Aug 30 17:03:09 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> Thu Aug 30 17:03:09 2012 Local Options hash (VER=V4): '31fdf004'
> Thu Aug 30 17:03:09 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
> Thu Aug 30 17:03:09 2012 Attempting to establish TCP connection with [AF_INET]95.211.149.152:1194 [nonblock]
> Thu Aug 30 17:03:10 2012 TCP connection established with [AF_INET]95.211.149.152:1194
> Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link local: [undef]
> Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link remote: [AF_INET]95.211.149.152:1194
> Thu Aug 30 17:03:10 2012 TLS: Initial packet from [AF_INET]95.211.149.152:1194, sid=9c3a1f31 9ecb2837
> Thu Aug 30 17:03:10 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
> Thu Aug 30 17:03:12 2012 VERIFY OK: depth=1, /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=BTGuard_CA/emailAddress=support@btguard.com
> Thu Aug 30 17:03:12 2012 VERIFY OK: depth=0, /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=server/emailAddress=support@btguard.com
> Thu Aug 30 17:03:13 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
> Thu Aug 30 17:03:13 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1576', remote='link-mtu 1543'
> Thu Aug 30 17:03:13 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
> Thu Aug 30 17:03:13 2012 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
> Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Thu Aug 30 17:03:13 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Thu Aug 30 17:03:13 2012 [server] Peer Connection Initiated with [AF_INET]95.211.149.152:1194
> Thu Aug 30 17:03:16 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> Thu Aug 30 17:03:16 2012 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway,route 10.10.0.1,topology net30,ping 20,ping-restart 240,ifconfig 10.10.0.170 10.10.0.169'
> Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: timers and/or timeouts modified
> Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ifconfig/up options modified
> Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: route options modified
> Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
> Thu Aug 30 17:03:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
> Thu Aug 30 17:03:16 2012 ROUTE default_gateway=192.168.1.254
> Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
> Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.10.0.1
> Thu Aug 30 17:03:16 2012 TUN/TAP device tap0 opened
> Thu Aug 30 17:03:16 2012 TUN/TAP TX queue length set to 100
> Thu Aug 30 17:03:16 2012 /sbin/ifconfig tap0 10.10.0.170 netmask 10.10.0.169 mtu 1500 broadcast 255.255.255.254
> SIOCSIFNETMASK: Invalid argument
> Thu Aug 30 17:03:16 2012 Linux ifconfig failed: external program exited with error status: 1
> Thu Aug 30 17:03:16 2012 Exiting
>
> I can post the entire *.conf file if that would be better, the only reason I didn't is because of its length.
>
> What I don't get is the contents of this file are the same settings I entered into the network-manager-openvpn-gnome gui. Shouldn't that gui set up such a file or some gconf or some other equivalent? Does using the gui normally work?
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/704043732.1389.1346361667460.JavaMail.sas@172.29.2 54.227
>

For what I see in the log, there seems to be some inconsistencies in
your config file. If you haven't made it to work by now, feel free to
post your config file (only the relevant lines, not the comments) and
i'll see if I can find where the problem is.

I cant help you with the network-manager-openvpn-gnome though, since
I've never used it myself.


Cheers!,
Fred


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAP4bfpzAoo-XROJhXDF=pqYnF5r2oPknhwVDbTj0wBqkJ=kC7A@mail.gmail .com
 

Thread Tools




All times are GMT. The time now is 02:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org