OpenVPN Client
Leonardo M. Ramé
martinrame at yahoo.com
Sat Jul 25 18:12:09 UTC 2009
Thanks, after adding if_tun_load="YES" to my /boot/loader.conf and rebooting, this message appears in dmesg:
can't re-use a leaf (if_tun_debug)!
module_register: module if_tun already exists!
Module if_tun failed to register: 17
So I think it is not required to add it to loader.conf.
I replaced tun by tun1 in openvpn.conf, and the result is this:
Sat Jul 25 15:09:46 2009 OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Jul 24 2009
Enter Auth Username:nico
Enter Auth Password:
Sat Jul 25 15:09:48 2009 WARNING: file '/usr/local/etc/openvpn/keys/key.key' is group or others accessible
Sat Jul 25 15:09:48 2009 LZO compression initialized
Sat Jul 25 15:09:48 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jul 25 15:09:48 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 25 15:09:48 2009 Local Options hash (VER=V4): '69109d17'
Sat Jul 25 15:09:48 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sat Jul 25 15:09:48 2009 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Jul 25 15:09:48 2009 Attempting to establish TCP connection with 200.80.219.194:443
Sat Jul 25 15:09:48 2009 TCP connection established with 200.80.219.194:443
Sat Jul 25 15:09:48 2009 TCPv4_CLIENT link local: [undef]
Sat Jul 25 15:09:48 2009 TCPv4_CLIENT link remote: 200.80.219.194:443
Sat Jul 25 15:09:49 2009 Connection reset, restarting [0]
Sat Jul 25 15:09:49 2009 TCP/UDP: Closing socket
Sat Jul 25 15:09:49 2009 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jul 25 15:09:49 2009 Restart pause, 5 second(s)
Sat Jul 25 15:09:50 2009 SIGINT[hard,init_instance] received, process exiting
If I do ifconfig, the tun interface appears in the list:
ndis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:23:4d:64:d6:7a
inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet autoselect
status: associated
ssid "" channel 1 (2412 Mhz 11b)
authmode OPEN privacy OFF bmiss 7 scanvalid 60 roaming MANUAL
bintval 0
fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 32:4f:c0:e1:55:e1
ch 1 dma -1
fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
lladdr 33.4f.c0.0.26.e1.55.e1.a.2.ff.fe.0.0.0.0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
Any hint?
--- On Sat, 7/25/09, chris scott <kraduk at googlemail.com> wrote:
> From: chris scott <kraduk at googlemail.com>
> Subject: Re: OpenVPN Client
> To: "Leonardo M. Ramé" <martinrame at yahoo.com>
> Cc: freebsd-questions at freebsd.org
> Date: Saturday, July 25, 2009, 1:56 PM
> 2009/7/25 Leonardo M. Ramé <martinrame at yahoo.com>
>
> >
> > Hi, I'm trying to connect to an OpenVPN server in my
> office. To do this, I
> > installed "OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL]
> [LZO]" from ports,
> > and looking at different tutorials I found it needs a
> config file in
> > /usr/local/etc/openvpn/openvpn.conf. The problem here,
> is that our server
> > provides an "client.ovpn" file containing all the
> connection params needed
> > by a client, in fact, we connect windows machines just
> by installing
> > "OpenVPN_Installer.exe", it configures a TAP device
> and a client that reads
> > the client.ovpn file.
> >
> > Now, in my FreeBSD 7.2 i386 machine, I did this:
> >
> > Created the /usr/local/etc/openvpn/openvpn.conf (the
> port doesn't created
> > it automatically) with this content:
> >
> > remote 200.80.219.194.static.techtelnet.net
> > client
> > proto tcp
> > port 443
> > dev tun
> > ns-cert-type server
> > auth-user-pass
> > auth-retry interact
> > comp-lzo
> > user nobody
> > group nobody
> > verb 3
> > ca /usr/local/etc/openvpn/keys/ca.key
> > cert /usr/local/etc/openvpn/keys/cert.key
> > key /usr/local/etc/openvpn/keys/key.key
> >
> > This contents are extracted from client.ovpn, and
> "ca", "cert" and "key"
> > files were extracted from the same file.
> >
> > I kldload tun, but when I do ifconfig, it doesn't
> shows nothing related to
> > tun or tap.
> >
> > Also, when I do "openvpn
> /usr/local/etc/openvpn/openvpn.conf" the results
> > are this:
> >
> > Sat Jul 25 11:24:09 2009 OpenVPN 2.0.6
> i386-portbld-freebsd7.2 [SSL] [LZO]
> > built on Jul 24 2009
> > Enter Auth Username:nico
> > Enter Auth Password:****
> > Sat Jul 25 11:24:13 2009 WARNING: you are using
> user/group/chroot without
> > persist-key/persist-tun -- this may cause restarts to
> fail
> > Sat Jul 25 11:24:13 2009 WARNING: file
> > '/usr/local/etc/openvpn/keys/key.key' is group or
> others accessible
> > Sat Jul 25 11:24:13 2009 LZO compression initialized
> > Sat Jul 25 11:24:13 2009 Control Channel MTU parms [
> L:1544 D:140 EF:40
> > EB:0 ET:0 EL:0 ]
> > Sat Jul 25 11:24:13 2009 Data Channel MTU parms [
> L:1544 D:1450 EF:44
> > EB:135 ET:0 EL:0 AF:3/1 ]
> > Sat Jul 25 11:24:13 2009 Local Options hash (VER=V4):
> '69109d17'
> > Sat Jul 25 11:24:13 2009 Expected Remote Options hash
> (VER=V4): 'c0103fa8'
> > Sat Jul 25 11:24:13 2009 NOTE: UID/GID downgrade will
> be delayed because of
> > --client, --pull, or --up-delay
> > Sat Jul 25 11:24:13 2009 Attempting to establish TCP
> connection with
> > 200.80.219.194:443
> > Sat Jul 25 11:24:13 2009 TCP connection established
> with
> > 200.80.219.194:443
> > Sat Jul 25 11:24:13 2009 TCPv4_CLIENT link local:
> [undef]
> > Sat Jul 25 11:24:13 2009 TCPv4_CLIENT link remote:
> 200.80.219.194:443
> > Sat Jul 25 11:24:13 2009 Connection reset, restarting
> [0]
> > Sat Jul 25 11:24:13 2009 TCP/UDP: Closing socket
> > Sat Jul 25 11:24:13 2009
> SIGUSR1[soft,connection-reset] received, process
> > restarting
> > Sat Jul 25 11:24:13 2009 Restart pause, 5 second(s)
> >
> > In my /etc/rc.conf I have openvpn_if="tun", I don't
> load the tun nor tap
> > interface at boot, I just want to load it with
> kldload.
> >
> > uname -a:
> > FreeBSD inspiron.local 7.2-RELEASE FreeBSD 7.2-RELEASE
> #0: Fri May 1
> > 08:49:13 UTC 2009 root at walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
> > i386
> >
> > ifconfig:
> > ndis0:
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> > ether 00:23:4d:64:d6:7a
> > inet 192.168.0.100 netmask
> 0xffffff00 broadcast 192.168.0.255
> > media: IEEE 802.11 Wireless
> Ethernet autoselect
> > status: associated
> > ssid "" channel 1 (2412 Mhz
> 11b)
> > authmode OPEN privacy OFF
> bmiss 7 scanvalid 60 roaming MANUAL
> > bintval 0
> > fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> > options=8<VLAN_MTU>
> > ether 32:4f:c0:e1:55:e1
> > ch 1 dma -1
> > fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> > lladdr
> 33.4f.c0.0.26.e1.55.e1.a.2.ff.fe.0.0.0.0
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>
> metric 0 mtu 16384
> > inet6 fe80::1%lo0 prefixlen
> 64 scopeid 0x4
> > inet6 ::1 prefixlen 128
> > inet 127.0.0.1 netmask
> 0xff000000
> >
> > Thanks in advance,
> > Leonardo M. Ramé
> >
> >
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org
> mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> > freebsd-questions-unsubscribe at freebsd.org"
> >
>
>
> make sure you have the tap kernel module loaded
>
> kldload /boot/kernel/if_tap.ko
>
> to make sure its there after boot do add
> if_tap_load="yes"
> to your /boot/loader.conf
>
> When used openvpn i also added
>
> cloned_interfaces="tun1"
>
> to my rc.conf , then reinitialize the network stack
> by running
> /etc/netstart
>
>
> I also set the open vpn client to explicitly use tun1
> _______________________________________________
> freebsd-questions at freebsd.org
> mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list