OpenVPN Client

Leonardo M. Ramé martinrame at yahoo.com
Mon Jul 27 01:47:04 UTC 2009 

Thanks Drew!, I'll change my home network to test this.

Leonardo.

--- On Sun, 7/26/09, Drew Tomlinson <drew at mykitchentable.net> wrote:

> From: Drew Tomlinson <drew at mykitchentable.net>
> Subject: Re: OpenVPN Client
> To: ""Leonardo M. Ramé"" <martinrame at yahoo.com>
> Cc: freebsd-questions at freebsd.org
> Date: Sunday, July 26, 2009, 9:01 PM
> Leonardo M. Ramé wrote:
> > Well, I opted for deinstalling openvpn and install
> openvpn-devel (2.1). Now it reads my client.ovpn file, and
> it seems to be going a little step further, now it seems to
> be a problem with route add.
> >   
> It's not really a problem with 'route add'.  The
> problem is that a route
> for 192.168.0.0 already exists.
> > I have to mention that the client machine is connected
> to a router using DHCP in the network 192.168.0.xxx. Can
> this be the problem?
> >   
> Yes.
> 
> > This is the new log:
> >
> > Sat Jul 25 16:20:10 2009 OpenVPN 2.1_rc18
> i386-portbld-freebsd7.2 [SSL] [LZO2] [PKCS11] built on Jul
> 25 2009
> > Sat Jul 25 16:20:13 2009 NOTE: OpenVPN 2.1 requires
> '--script-security 2' or higher to call user-defined scripts
> or executables
> > Sat Jul 25 16:20:13 2009 Control Channel
> Authentication: tls-auth using INLINE static key file
> > Sat Jul 25 16:20:13 2009 Outgoing Control Channel
> Authentication: Using 160 bit message hash 'SHA1' for HMAC
> authentication
> > Sat Jul 25 16:20:13 2009 Incoming Control Channel
> Authentication: Using 160 bit message hash 'SHA1' for HMAC
> authentication
> > Sat Jul 25 16:20:13 2009 LZO compression initialized
> > Sat Jul 25 16:20:13 2009 Control Channel MTU parms [
> L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
> > Sat Jul 25 16:20:13 2009 Data Channel MTU parms [
> L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
> > Sat Jul 25 16:20:13 2009 Local Options hash (VER=V4):
> 'ee93268d'
> > Sat Jul 25 16:20:13 2009 Expected Remote Options hash
> (VER=V4): 'bd577cd1'
> > Sat Jul 25 16:20:13 2009 Attempting to establish TCP
> connection with 200.80.219.194:443 [nonblock]
> > Sat Jul 25 16:20:14 2009 TCP connection established
> with 200.80.219.194:443
> > Sat Jul 25 16:20:14 2009 Socket Buffers:
> R=[66608->65536] S=[33304->65536]
> > Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link local:
> [undef]
> > Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link remote:
> 200.80.219.194:443
> > Sat Jul 25 16:20:14 2009 TLS: Initial packet from
> 200.80.219.194:443, sid=f4722bb3 aafe8f23
> > Sat Jul 25 16:20:14 2009 WARNING: this configuration
> may cache passwords in memory -- use the auth-nocache option
> to prevent this
> > Sat Jul 25 16:20:15 2009 VERIFY OK: depth=1,
> /CN=OpenVPN_CA
> > Sat Jul 25 16:20:15 2009 VERIFY OK: nsCertType=SERVER
> > Sat Jul 25 16:20:15 2009 VERIFY OK: depth=0,
> /CN=OpenVPN_Server
> > Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Cipher
> 'BF-CBC' initialized with 128 bit key
> > Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Using
> 160 bit message hash 'SHA1' for HMAC authentication
> > Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Cipher
> 'BF-CBC' initialized with 128 bit key
> > Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Using
> 160 bit message hash 'SHA1' for HMAC authentication
> > Sat Jul 25 16:20:15 2009 Control Channel: TLSv1,
> cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> > Sat Jul 25 16:20:15 2009 [OpenVPN_Server] Peer
> Connection Initiated with 200.80.219.194:443
> > Sat Jul 25 16:20:16 2009 SENT CONTROL
> [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
> > Sat Jul 25 16:20:16 2009 PUSH: Received control
> message: 'PUSH_REPLY,route-delay 5
> 30,dhcp-pre-release,dhcp-renew,dhcp-release,redirect-private
> local,redirect-private bypass-dhcp,redirect-private
> bypass-dns,route-metric 101,route 192.168.0.0
> 255.255.255.0,route-gateway 172.16.0.1,topology subnet,ping
> 8,ping-restart 90,socket-flags TCP_NODELAY,ifconfig
> 172.16.0.2 255.255.0.0'
> > Sat Jul 25 16:20:16 2009 Options error: Unrecognized
> option or missing parameter(s) in [PUSH-OPTIONS]:2:
> dhcp-pre-release (2.1_rc18)
> > Sat Jul 25 16:20:16 2009 Options error: Unrecognized
> option or missing parameter(s) in [PUSH-OPTIONS]:3:
> dhcp-renew (2.1_rc18)
> > Sat Jul 25 16:20:16 2009 Options error: Unrecognized
> option or missing parameter(s) in [PUSH-OPTIONS]:4:
> dhcp-release (2.1_rc18)
> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: timers and/or
> timeouts modified
> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT:
> --socket-flags option modified
> > Sat Jul 25 16:20:16 2009 NOTE: setsockopt
> TCP_NODELAY=1 failed (No kernel support)
> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --ifconfig/up
> options modified
> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route options
> modified
> > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route-related
> options modified
> > Sat Jul 25 16:20:16 2009 ROUTE
> default_gateway=192.168.0.1
> > Sat Jul 25 16:20:16 2009 TUN/TAP device /dev/tun0
> opened
> > Sat Jul 25 16:20:16 2009 /sbin/ifconfig tun0
> 172.16.0.2 172.16.0.2 netmask 255.255.0.0 mtu 1500 up
> > Sat Jul 25 16:20:16 2009 /sbin/route add -net
> 172.16.0.0 172.16.0.2 255.255.0.0
> > add net 172.16.0.0: gateway 172.16.0.2
> > Sat Jul 25 16:20:21 2009 WARNING: potential route
> subnet conflict between local LAN
> [192.168.0.0/255.255.255.0] and remote VPN
> [192.168.0.0/255.255.255.0]
> >   
> 
> You can't use the same address space for multiple
> networks.  In other
> words, you can't use 192.168.0.0/24 for both the VPN and
> your internal
> network unless you are bridging the two (i.e., making it
> one network).
> 
> So the simple answer is to change the client machine's
> network to
> something other than 192.168.0.0/24 if you can. 
> Otherwise you're either
> going to have to work out bridging or subnetting both sides
> which will
> get complicated in a hurry.
> 
> Cheers,
> 
> Drew
> 
> 
> > Sat Jul 25 16:20:21 2009 /sbin/route add -net
> 192.168.0.0 172.16.0.1 255.255.255.0
> > route: writing to routing socket: File exists
> > add net 192.168.0.0: gateway 172.16.0.1: route already
> in table
> > Sat Jul 25 16:20:21 2009 ERROR: FreeBSD route add
> command failed: external program exited with error status:
> 1
> > Sat Jul 25 16:20:21 2009 Initialization Sequence
> Completed
> > Sat Jul 25 16:20:30 2009 event_wait : Interrupted
> system call (code=4)
> > Sat Jul 25 16:20:30 2009 TCP/UDP: Closing socket
> > Sat Jul 25 16:20:30 2009 Closing TUN/TAP interface
> > Sat Jul 25 16:20:30 2009 SIGINT[hard,] received,
> process exiting
> >   
> 
> 
> -- 
> Be a Great Magician!
> Visit The Alchemist's Warehouse
> 
> http://www.alchemistswarehouse.com
> 
>

More information about the freebsd-questions mailing list