![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Hi Guys,
Software I am trying to use is from http://openvpn.sourceforge.net/ - it's OpenVPN (clue is in the title I guess).
I am on a dialup connection on a laptop running windows xp home, i hvae the tap device installed and starting manually (not as a service).
Below is my ovpn file
# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.
# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.
remote xxx
# Uncomment this line to use a different
# port number than the default of 5000.
; port 5000
# Choose one of three protocols supported by
# OpenVPN. If left commented out, defaults
# to udp.
; proto [tcp-server | tcp-client | udp]
# You must specify one of two possible network
# protocols, 'dev tap' or 'dev tun' to be used
# on both sides of the connection. 'tap' creates
# a VPN using the ethernet protocol while 'tun'
# uses the IP protocol. You must use 'tap'
# if you are ethernet bridging or want to route
# broadcasts. 'tun' is somewhat more efficient
# but requires configuration of client software
# to not depend on broadcasts. Some platforms
# such as Solaris, OpenBSD, and Mac OS X only
# support 'tun' interfaces, so if you are
# connecting to such a platform, you must also
# use a 'tun' interface on the Windows side.
# Enable 'dev tap' or 'dev tun' but not both!
dev tap
# This is a 'dev tap' ifconfig that creates
# a virtual ethernet subnet.
# 10.3.0.1 is the local VPN IP address
# and 255.255.255.0 is the VPN subnet.
# Only define this option for 'dev tap'.
ifconfig 10.255.255.254 255.255.255.252
# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address.
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
;tun-mtu 1500
;ifconfig 10.0.0.2 10.0.0.1
# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
;fragment 1300
;mssfix
# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
;dev-node my-tap
# You can generate a static OpenVPN key
# by selecting the Generate Key option
# in the start menu.
#
# You can also generate key.txt manually
# with the following command:
# openvpn --genkey --secret key.txt
#
# key must match on both ends of the connection,
# so you should generate it on one machine and
# copy it to the other over a secure medium.
# Place key.txt in the same directory as this
# config file.
secret static.key
# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400
# keep-alive ping
ping 10
# enable LZO compression
;comp-lzo
# moderate verbosity
verb 5
mute 10
It seems to connect but gives this error
Fri Jan 16 22:45:52 2004 0: Current Parameter Settings:
Fri Jan 16 22:45:52 2004 1: config = 'C:\files\OpenVPN\config\dave.ovpn'
Fri Jan 16 22:45:52 2004 2: show_ciphers = DISABLED
Fri Jan 16 22:45:52 2004 3: show_digests = DISABLED
Fri Jan 16 22:45:52 2004 4: genkey = DISABLED
Fri Jan 16 22:45:52 2004 5: askpass = DISABLED
Fri Jan 16 22:45:52 2004 6: show_tls_ciphers = DISABLED
Fri Jan 16 22:45:52 2004 7: proto = 0
Fri Jan 16 22:45:52 2004 8: local = '[UNDEF]'
Fri Jan 16 22:45:52 2004 9: remote = 'xxx'
Fri Jan 16 22:45:52 2004 10: 96 variation(s) on previous 10 message(s) suppresse
d by --mute
Fri Jan 16 22:45:52 2004 11: OpenVPN 1.5.0 Win32-MinGW [SSL] [LZO] built on Nov
20 2003
Fri Jan 16 22:45:52 2004 12: Static Encrypt: Cipher 'BF-CBC' initialized with 12
8 bit key
Fri Jan 16 22:45:52 2004 13: Static Encrypt: Using 160 bit message hash 'SHA1' f
or HMAC authentication
Fri Jan 16 22:45:52 2004 14: Static Decrypt: Cipher 'BF-CBC' initialized with 12
8 bit key
Fri Jan 16 22:45:52 2004 15: Static Decrypt: Using 160 bit message hash 'SHA1' f
or HMAC authentication
Fri Jan 16 22:45:52 2004 16: Attempting to lock Win32 semaphore 'openvpn_netcmd'
prior to net shell command (timeout = 600 sec)
Fri Jan 16 22:45:52 2004 17: TAP-WIN32 device [Local Area Connection 4] opened:
\\.\{C71A7116-A86F-4205-9643-4FA38CCD0C7D}.tap
Fri Jan 16 22:45:52 2004 18: TAP-Win32 Driver Version 3.10
Fri Jan 16 22:45:52 2004 19: TAP-Win32 MTU=1500
Fri Jan 16 22:45:52 2004 20: Successful ARP Flush on interface [2031619] {C71A71
16-A86F-4205-9643-4FA38CCD0C7D}
Fri Jan 16 22:45:52 2004 21: NOTE: You have selected (explicitly or by default)
'--ip-win32 ipapi', which has a better chance of working correctly if the TAP-Wi
n32 TCP/IP properties are set to 'Obtain an IP address automatically'
Fri Jan 16 22:45:52 2004 22: Succeeded in adding a temporary IP/netmask of 10.25
5.255.254/255.255.255.252 to interface {C71A7116-A86F-4205-9643-4FA38CCD0C7D} us
ing the Win32 IP Helper API
Fri Jan 16 22:45:52 2004 23: Data Channel MTU parms [ L:1576 D:1576 EF:44 EB:0 E
T:32 ]
Fri Jan 16 22:45:52 2004 24: Local Options String: 'V3,dev-type tap,link-mtu 157
6,tun-mtu 1532,proto UDPv4,ifconfig 10.255.255.252 255.255.255.252,cipher BF-CBC
,auth SHA1,keysize 128,secret'
Fri Jan 16 22:45:52 2004 25: Expected Remote Options String: 'V3,dev-type tap,li
nk-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig 10.255.255.252 255.255.255.252,cip
her BF-CBC,auth SHA1,keysize 128,secret'
Fri Jan 16 22:45:52 2004 26: Local Options hash (VER=V3): '7ab42fd0'
Fri Jan 16 22:45:52 2004 27: Expected Remote Options hash (VER=V3): '7ab42fd0'
Fri Jan 16 22:45:52 2004 28: UDPv4 link local (bound): [undef]:5000
Fri Jan 16 22:45:52 2004 29: UDPv4 link remote: xxx:5000
WrWrWrWrWrWrWrWRFri Jan 16 22:45:56 2004 30: Peer Connection Initiated with xxx:5000
rWRWWRFri Jan 16 22:46:02 2004 31: WARNING: Actual Remote Options ('V3,dev-type
tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.255.255.254 10.255.255.25
3,cipher BF-CBC,auth SHA1,keysize 128,secret') are inconsistent with Expected Re
mote Options ('V3,dev-type tap,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig 1
0.255.255.252 255.255.255.252,cipher BF-CBC,auth SHA1,keysize 128,secret')
WFri Jan 16 22:46:16 2004 32: SIGTERM received, exiting
Fri Jan 16 22:46:16 2004 33: Closing TCP/UDP socket
Fri Jan 16 22:46:16 2004 34: Closing TUN/TAP device
Press any key to continue...
So I think either the ip's are wrong or the netmasks are wrong.
The server I am trying to connect into has a tun connection over his adls on a linux box. His local network is also a 10. network (as in his local lan) - maybe this is screwing things up.
So has anyone got any ideas on what the heck is wrong with this?
I connects but I can only send traffic and not recieve, and pings fail.
Thanks in advance
L
Software I am trying to use is from http://openvpn.sourceforge.net/ - it's OpenVPN (clue is in the title I guess).
I am on a dialup connection on a laptop running windows xp home, i hvae the tap device installed and starting manually (not as a service).
Below is my ovpn file
# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.
# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.
remote xxx
# Uncomment this line to use a different
# port number than the default of 5000.
; port 5000
# Choose one of three protocols supported by
# OpenVPN. If left commented out, defaults
# to udp.
; proto [tcp-server | tcp-client | udp]
# You must specify one of two possible network
# protocols, 'dev tap' or 'dev tun' to be used
# on both sides of the connection. 'tap' creates
# a VPN using the ethernet protocol while 'tun'
# uses the IP protocol. You must use 'tap'
# if you are ethernet bridging or want to route
# broadcasts. 'tun' is somewhat more efficient
# but requires configuration of client software
# to not depend on broadcasts. Some platforms
# such as Solaris, OpenBSD, and Mac OS X only
# support 'tun' interfaces, so if you are
# connecting to such a platform, you must also
# use a 'tun' interface on the Windows side.
# Enable 'dev tap' or 'dev tun' but not both!
dev tap
# This is a 'dev tap' ifconfig that creates
# a virtual ethernet subnet.
# 10.3.0.1 is the local VPN IP address
# and 255.255.255.0 is the VPN subnet.
# Only define this option for 'dev tap'.
ifconfig 10.255.255.254 255.255.255.252
# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address.
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
;tun-mtu 1500
;ifconfig 10.0.0.2 10.0.0.1
# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
;fragment 1300
;mssfix
# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
;dev-node my-tap
# You can generate a static OpenVPN key
# by selecting the Generate Key option
# in the start menu.
#
# You can also generate key.txt manually
# with the following command:
# openvpn --genkey --secret key.txt
#
# key must match on both ends of the connection,
# so you should generate it on one machine and
# copy it to the other over a secure medium.
# Place key.txt in the same directory as this
# config file.
secret static.key
# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400
# keep-alive ping
ping 10
# enable LZO compression
;comp-lzo
# moderate verbosity
verb 5
mute 10
It seems to connect but gives this error
Fri Jan 16 22:45:52 2004 0: Current Parameter Settings:
Fri Jan 16 22:45:52 2004 1: config = 'C:\files\OpenVPN\config\dave.ovpn'
Fri Jan 16 22:45:52 2004 2: show_ciphers = DISABLED
Fri Jan 16 22:45:52 2004 3: show_digests = DISABLED
Fri Jan 16 22:45:52 2004 4: genkey = DISABLED
Fri Jan 16 22:45:52 2004 5: askpass = DISABLED
Fri Jan 16 22:45:52 2004 6: show_tls_ciphers = DISABLED
Fri Jan 16 22:45:52 2004 7: proto = 0
Fri Jan 16 22:45:52 2004 8: local = '[UNDEF]'
Fri Jan 16 22:45:52 2004 9: remote = 'xxx'
Fri Jan 16 22:45:52 2004 10: 96 variation(s) on previous 10 message(s) suppresse
d by --mute
Fri Jan 16 22:45:52 2004 11: OpenVPN 1.5.0 Win32-MinGW [SSL] [LZO] built on Nov
20 2003
Fri Jan 16 22:45:52 2004 12: Static Encrypt: Cipher 'BF-CBC' initialized with 12
8 bit key
Fri Jan 16 22:45:52 2004 13: Static Encrypt: Using 160 bit message hash 'SHA1' f
or HMAC authentication
Fri Jan 16 22:45:52 2004 14: Static Decrypt: Cipher 'BF-CBC' initialized with 12
8 bit key
Fri Jan 16 22:45:52 2004 15: Static Decrypt: Using 160 bit message hash 'SHA1' f
or HMAC authentication
Fri Jan 16 22:45:52 2004 16: Attempting to lock Win32 semaphore 'openvpn_netcmd'
prior to net shell command (timeout = 600 sec)
Fri Jan 16 22:45:52 2004 17: TAP-WIN32 device [Local Area Connection 4] opened:
\\.\{C71A7116-A86F-4205-9643-4FA38CCD0C7D}.tap
Fri Jan 16 22:45:52 2004 18: TAP-Win32 Driver Version 3.10
Fri Jan 16 22:45:52 2004 19: TAP-Win32 MTU=1500
Fri Jan 16 22:45:52 2004 20: Successful ARP Flush on interface [2031619] {C71A71
16-A86F-4205-9643-4FA38CCD0C7D}
Fri Jan 16 22:45:52 2004 21: NOTE: You have selected (explicitly or by default)
'--ip-win32 ipapi', which has a better chance of working correctly if the TAP-Wi
n32 TCP/IP properties are set to 'Obtain an IP address automatically'
Fri Jan 16 22:45:52 2004 22: Succeeded in adding a temporary IP/netmask of 10.25
5.255.254/255.255.255.252 to interface {C71A7116-A86F-4205-9643-4FA38CCD0C7D} us
ing the Win32 IP Helper API
Fri Jan 16 22:45:52 2004 23: Data Channel MTU parms [ L:1576 D:1576 EF:44 EB:0 E
T:32 ]
Fri Jan 16 22:45:52 2004 24: Local Options String: 'V3,dev-type tap,link-mtu 157
6,tun-mtu 1532,proto UDPv4,ifconfig 10.255.255.252 255.255.255.252,cipher BF-CBC
,auth SHA1,keysize 128,secret'
Fri Jan 16 22:45:52 2004 25: Expected Remote Options String: 'V3,dev-type tap,li
nk-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig 10.255.255.252 255.255.255.252,cip
her BF-CBC,auth SHA1,keysize 128,secret'
Fri Jan 16 22:45:52 2004 26: Local Options hash (VER=V3): '7ab42fd0'
Fri Jan 16 22:45:52 2004 27: Expected Remote Options hash (VER=V3): '7ab42fd0'
Fri Jan 16 22:45:52 2004 28: UDPv4 link local (bound): [undef]:5000
Fri Jan 16 22:45:52 2004 29: UDPv4 link remote: xxx:5000
WrWrWrWrWrWrWrWRFri Jan 16 22:45:56 2004 30: Peer Connection Initiated with xxx:5000
rWRWWRFri Jan 16 22:46:02 2004 31: WARNING: Actual Remote Options ('V3,dev-type
tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.255.255.254 10.255.255.25
3,cipher BF-CBC,auth SHA1,keysize 128,secret') are inconsistent with Expected Re
mote Options ('V3,dev-type tap,link-mtu 1576,tun-mtu 1532,proto UDPv4,ifconfig 1
0.255.255.252 255.255.255.252,cipher BF-CBC,auth SHA1,keysize 128,secret')
WFri Jan 16 22:46:16 2004 32: SIGTERM received, exiting
Fri Jan 16 22:46:16 2004 33: Closing TCP/UDP socket
Fri Jan 16 22:46:16 2004 34: Closing TUN/TAP device
Press any key to continue...
So I think either the ip's are wrong or the netmasks are wrong.
The server I am trying to connect into has a tun connection over his adls on a linux box. His local network is also a 10. network (as in his local lan) - maybe this is screwing things up.
So has anyone got any ideas on what the heck is wrong with this?
I connects but I can only send traffic and not recieve, and pings fail.
Thanks in advance
L
