FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 01-02-2008, 11:53 AM
Timothy Murphy
 
Default Openvpn Fedora tutorial?

Is there a good tutorial for openvpn under Fedora?
I've followed the instructions at
<http://www.webhostingtalk.com/showthread.php?t=595436>
but they seem to have made things worse rather than better.

When I restart openvpn on my desktop (in another country)
I see in /var/log/messages
------------------------------------
Jan 2 12:43:19 alfred openvpn[2384]: 87.6.120.53:32967 TLS: Initial packet
from 87.6.120.53:32967, sid=be7818b0 fa8fd179
Jan 2 12:43:20 alfred openvpn[2384]: read UDPv4 [ECONNREFUSED]: Connection
refused (code=111)
Jan 2 12:43:21 alfred last message repeated 4 times
Jan 2 12:43:22 alfred openvpn[2384]: 87.6.120.53:32967 TLS: new session
incoming connection from 87.6.120.53:32967
Jan 2 12:43:23 alfred openvpn[2384]: read UDPv4 [ECONNREFUSED]: Connection
refused (code=111)
Jan 2 12:43:24 alfred last message repeated 4 times
Jan 2 12:43:25 alfred openvpn[2384]: 87.6.120.53:32967 TLS: new session
incoming connection from 87.6.120.53:32967
------------------------------------
while when I restart openvpn on my laptop I see
------------------------------------
Jan 2 13:46:23 martha openvpn[3810]: UDPv4 link local: [undef]
Jan 2 13:46:23 martha openvpn[3810]: UDPv4 link remote: 86.43.71.228:1194
Jan 2 13:46:23 martha openvpn[3810]: TLS Error: Unroutable control packet
received from 86.43.71.228:1194 (si=3 op=P_CONTROL_V1)
------------------------------------

Ifconfig shows a tun0 device on my desktop:
------------------------------------
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.5.1 P-t-P:192.168.5.2 Mask:255.255.255.255
------------------------------------
but there is no tun? device on my laptop.
[There was a tun0 device before I followed the advice mentioned above.]

Is there an openvpn doctor in the house?
All advice and suggestions gratefully received.





--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-02-2008, 02:12 PM
David Vernon
 
Default Openvpn Fedora tutorial?

On Wed, 02 Jan 2008 13:53:30 +0100
Timothy Murphy <tim@birdsnest.maths.tcd.ie> wrote:

>
> Is there a good tutorial for openvpn under Fedora?
> I've followed the instructions at
> <http://www.webhostingtalk.com/showthread.php?t=595436>
> but they seem to have made things worse rather than better..

snip...

>
> Is there an openvpn doctor in the house?
> All advice and suggestions gratefully received.

It would be easier to help if you posted included the contents of your
config files (minus comments). Also the output of "iptables -L" would
be good. Might want to "clean" the ip addrs just to protect the innocent
(though that cat is out of the bag at this point it seems).

-dv

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-02-2008, 09:29 PM
Timothy Murphy
 
Default Openvpn Fedora tutorial?

David Vernon wrote:
>> Is there a good tutorial for openvpn under Fedora?
>> I've followed the instructions at
>> <http://www.webhostingtalk.com/showthread.php?t=595436>
>> but they seem to have made things worse rather than better..
>
> snip...
>
>>
>> Is there an openvpn doctor in the house?
>> All advice and suggestions gratefully received.
>
> It would be easier to help if you posted included the contents of your
> config files (minus comments). Also the output of "iptables -L" would
> be good. Might want to "clean" the ip addrs just to protect the innocent
> (though that cat is out of the bag at this point it seems).

Thanks very much for your response.
I found when following your suggestion
that there was a typo in /etc/openvpn/server.conf
(I had the wrong location for one of the keys).
When I corrected this, and restarted openvpn on both machines,
everything appeared (from /var/log/messages) to be fine.
I have tun0 on my desktop at 192.168.5.1
and tun0 on my laptop at 192.168.5.6 .

I guess my question now is rather different -
I'm not sure what I can do with the connection.
I don't seem able to ssh in either direction.
And ping fails in both directions too.

Here are my server.conf and client.conf :
------------------------------
;local a.b.c.d

port 1194

;proto tcp
proto udp

;dev tap
dev tun

;dev-node MyTap

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret

dh /usr/local/openvpn/keys/dh1024.pem

;server 10.8.0.0 255.255.255.0
server 192.168.5.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"


;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway"

;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"

client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

;log openvpn.log
;log-append openvpn.log

verb 3

;mute 20
------------------------------
client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote www.gayleard.com 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite

nobind

;user nobody
;group nobody

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/martha.crt
key /etc/openvpn/keys/martha.key
;ns-cert-type server

;tls-auth ta.key 1

;cipher x

comp-lzo

verb 3

;mute 20
------------------------------

I don't think there can be anything wrong with my firewall,
or I wouldn't have got this far.

But I am use shorewall on my desktop,
with the two added lines in /etc/shorewall/rules
------------------------------
ACCEPT net $FW udp 1194
ACCEPT $FW net udp 1194
------------------------------

Again, any help or advice gratefully received.

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-02-2008, 11:27 PM
"Andrew Parker"
 
Default Openvpn Fedora tutorial?

On Jan 2, 2008 5:29 PM, Timothy Murphy <tim@birdsnest.maths.tcd.ie> wrote:
> David Vernon wrote:
> >> Is there a good tutorial for openvpn under Fedora?
> >> I've followed the instructions at
> >> <http://www.webhostingtalk.com/showthread.php?t=595436>
> >> but they seem to have made things worse rather than better..
> >
> > snip...
> >
> >>
> >> Is there an openvpn doctor in the house?
> >> All advice and suggestions gratefully received.
> >
> > It would be easier to help if you posted included the contents of your
> > config files (minus comments). Also the output of "iptables -L" would
> > be good. Might want to "clean" the ip addrs just to protect the innocent
> > (though that cat is out of the bag at this point it seems).
>
> Thanks very much for your response.
> I found when following your suggestion
> that there was a typo in /etc/openvpn/server.conf
> (I had the wrong location for one of the keys).
> When I corrected this, and restarted openvpn on both machines,
> everything appeared (from /var/log/messages) to be fine.
> I have tun0 on my desktop at 192.168.5.1
> and tun0 on my laptop at 192.168.5.6 .
>
> I guess my question now is rather different -
> I'm not sure what I can do with the connection.
> I don't seem able to ssh in either direction.
> And ping fails in both directions too.

for a connectivity test, each node should be able to ping the other.
i.e. desktop can ping 192.168.5.6 and laptop can ping 192.168.5.1.

if that works, you can utilise whatever network services are available
on each node, but you will have to refer to them by their VPN IP
addresses (192.168.5.n)

If you have additional network's behind either your desktop or laptop
(such as the internet) that you can also direct traffic to that
network via the vpn. depending on what you want to do, and your
network topology you should look up the "route" and "redirect-gateway"

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-03-2008, 12:05 AM
Timothy Murphy
 
Default Openvpn Fedora tutorial?

Andrew Parker wrote:

>> I found when following your suggestion
>> that there was a typo in /etc/openvpn/server.conf
>> (I had the wrong location for one of the keys).
>> When I corrected this, and restarted openvpn on both machines,
>> everything appeared (from /var/log/messages) to be fine.
>> I have tun0 on my desktop at 192.168.5.1
>> and tun0 on my laptop at 192.168.5.6 .
>>
>> I guess my question now is rather different -
>> I'm not sure what I can do with the connection.
>> I don't seem able to ssh in either direction.
>> And ping fails in both directions too.
>
> for a connectivity test, each node should be able to ping the other.
> i.e. desktop can ping 192.168.5.6 and laptop can ping 192.168.5.1.

As I mentioned, I cannot ping either openvpn address,
though I can ping my desktop alfred (in Ireland)
from my laptop martha (in Italy);
---------------------------------
[tim@martha ~]$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.5.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.5.0 192.168.5.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[tim@martha ~]$ ping -v -c2 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
>From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
>From 192.168.5.1 icmp_seq=2 Destination Host Unreachable
[tim@martha ~]$ ping -v -c2 www.gayleard.com
PING www.gayleard.com (86.43.71.228) 56(84) bytes of data.
64 bytes from 86.43.71.228: icmp_seq=1 ttl=240 time=105 ms
64 bytes from 86.43.71.228: icmp_seq=2 ttl=240 time=106 ms
---------------------------------
[tim@alfred ~]$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.5.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.5.0 192.168.5.2 255.255.255.0 UG 0 0 0 tun0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
[tim@alfred ~]$ ping -v -c2 87.6.120.53
PING 87.6.120.53 (87.6.120.53) 56(84) bytes of data.
64 bytes from 87.6.120.53: icmp_seq=1 ttl=49 time=114 ms
64 bytes from 87.6.120.53: icmp_seq=2 ttl=49 time=104 ms
[tim@alfred ~]$ ping -v -c2 192.168.5.6
PING 192.168.5.6 (192.168.5.6) 56(84) bytes of data.
>From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
>From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
---------------------------------

Any illumination gratefully received.


--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 02:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org