Ticket #41: sf.net-comments.txt

File sf.net-comments.txt, 8.8 KB (added by Samuli Seppänen, 14 years ago)

Comments from SF.net bug tracker.

Line 
1Date: 2010-02-26 12:05:46 EET
2Sender: dazo
3
4Could you please provide a complete configuration file for client and
5server, and log files with verb set to 4? I'm presuming you are using
6OpenVPN 2.1.0 or 2.1.1, is that correct?
7
8---
9
10
11Date: 2010-03-12 00:36:03 EET
12Sender: phaoost
13
14I confirm this bug in 2.1.0 and earlier versions (2.1-rc11). The reason is
15that on Linux when you set default route to point-to-point connection, the
16IP address of the default gateway isn't necessary.
17
18Here is how the log looks like:
19warp:~/ovpn238# openvpn --config ovpn238.ovpn
20Fri Mar 12 00:16:58 2010 us=403658 Current Parameter Settings:
21Fri Mar 12 00:16:58 2010 us=404263 config = 'ovpn238.ovpn'
22Fri Mar 12 00:16:58 2010 us=404332 mode = 0
23Fri Mar 12 00:16:58 2010 us=404380 persist_config = DISABLED
24Fri Mar 12 00:16:58 2010 us=404419 NOTE: --mute triggered...
25Fri Mar 12 00:16:58 2010 us=404500 256 variation(s) on previous 4
26message(s) suppressed by --mute
27Fri Mar 12 00:16:58 2010 us=404544 OpenVPN 2.1.0 i486-pc-linux-gnu [SSL]
28[LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Dec 11 2009
29Fri Mar 12 00:16:58 2010 us=404906 WARNING: No server certificate
30verification method has been enabled. See
31http://openvpn.net/howto.html#mitm for more info.
32Fri Mar 12 00:16:58 2010 us=404956 NOTE: OpenVPN 2.1 requires
33'--script-security 2' or higher to call user-defined scripts or executables
34Fri Mar 12 00:16:58 2010 us=409174 /usr/bin/openssl-vulnkey -q -b 1024 -m
35<modulus omitted>
36Fri Mar 12 00:16:59 2010 us=156885 Control Channel Authentication: using
37'ta.key' as a OpenVPN static key file
38Fri Mar 12 00:16:59 2010 us=157050 Outgoing Control Channel
39Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
40Fri Mar 12 00:16:59 2010 us=157103 Incoming Control Channel
41Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
42Fri Mar 12 00:16:59 2010 us=157467 Control Channel MTU parms [ L:1545
43D:166 EF:66 EB:0 ET:0 EL:0 ]
44Fri Mar 12 00:16:59 2010 us=157789 Data Channel MTU parms [ L:1545 D:1450
45EF:45 EB:4 ET:0 EL:0 ]
46Fri Mar 12 00:16:59 2010 us=157863 Fragmentation MTU parms [ L:1545 D:1300
47EF:45 EB:4 ET:0 EL:0 ]
48Fri Mar 12 00:16:59 2010 us=157955 Local Options String: 'V4,dev-type
49tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,mtu-dynamic,keydir 1,cipher
50BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
51Fri Mar 12 00:16:59 2010 us=157996 Expected Remote Options String:
52'V4,dev-type tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,mtu-dynamic,keydir
530,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
54Fri Mar 12 00:16:59 2010 us=158106 Local Options hash (VER=V4): '885414e3'
55Fri Mar 12 00:16:59 2010 us=158172 Expected Remote Options hash (VER=V4):
56'8bcc3b84'
57Fri Mar 12 00:16:59 2010 us=158247 Socket Buffers: R=[108544->131072]
58S=[108544->131072]
59Fri Mar 12 00:16:59 2010 us=158297 UDPv4 link local: [undef]
60Fri Mar 12 00:16:59 2010 us=158361 UDPv4 link remote:
61[AF_INET]x.x.x.x:4672
62Fri Mar 12 00:16:59 2010 us=400999 TLS: Initial packet from
63[AF_INET]x.x.x.x:4672, sid=ccdce634 90e3e447
64Fri Mar 12 00:17:00 2010 us=576787 VERIFY OK: depth=1,
65/C=US/ST=NA/L=x/O=x/CN=ovpn238/emailAddress=x
66Fri Mar 12 00:17:00 2010 us=578011 VERIFY OK: depth=0,
67/C=US/ST=NA/O=x/CN=ovpn238/emailAddress=x
68Fri Mar 12 00:17:02 2010 us=769948 Data Channel Encrypt: Cipher 'BF-CBC'
69initialized with 128 bit key
70Fri Mar 12 00:17:02 2010 us=770245 NOTE: --mute triggered...
71Fri Mar 12 00:17:02 2010 us=770897 4 variation(s) on previous 4 message(s)
72suppressed by --mute
73Fri Mar 12 00:17:02 2010 us=771100 [ovpn238] Peer Connection Initiated
74with [AF_INET]x.x.x.x:4672
75Fri Mar 12 00:17:05 2010 us=34780 SENT CONTROL [ovpn238]: 'PUSH_REQUEST'
76(status=1)
77Fri Mar 12 00:17:05 2010 us=270452 PUSH: Received control message:
78'PUSH_REPLY,route-delay 2,dhcp-option DNS x.x.x.x,dhcp-option DNS
79x.x.x.x,route-metric 1,redirect-gateway def1,route 10.8.7.113,topology
80net30,ping 10,ping-restart 120,ifconfig 10.8.7.118 10.8.7.117'
81Fri Mar 12 00:17:05 2010 us=270837 OPTIONS IMPORT: timers and/or timeouts
82modified
83Fri Mar 12 00:17:05 2010 us=270881 OPTIONS IMPORT: --ifconfig/up options
84modified
85Fri Mar 12 00:17:05 2010 us=270917 NOTE: --mute triggered...
86Fri Mar 12 00:17:05 2010 us=271724 3 variation(s) on previous 4 message(s)
87suppressed by --mute
88Fri Mar 12 00:17:05 2010 us=271768 ROUTE: default_gateway=UNDEF
89Fri Mar 12 00:17:05 2010 us=291679 TUN/TAP device tun0 opened
90Fri Mar 12 00:17:05 2010 us=291820 TUN/TAP TX queue length set to 100
91Fri Mar 12 00:17:05 2010 us=291931 /sbin/ifconfig tun0 10.8.7.118
92pointopoint 10.8.7.117 mtu 1500
93Fri Mar 12 00:17:07 2010 us=426627 NOTE: unable to redirect default
94gateway -- Cannot read current default gateway from system
95Fri Mar 12 00:17:07 2010 us=427232 /sbin/route add -net 10.8.7.113 netmask
96255.255.255.255 gw 10.8.7.117 metric 1
97Fri Mar 12 00:17:07 2010 us=429677 Initialization Sequence Completed
98
99However, I need to point out one more thing. For some reasons my ISP has
100two PPP connections:
101ppp0 Link encap:Point-to-Point Protocol
102inet addr:1.8.160.81 P-t-P:93.84.80.34 Mask:255.255.255.255
103UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
104RX packets:16578 errors:0 dropped:0 overruns:0 frame:0
105TX packets:15504 errors:0 dropped:0 overruns:0 carrier:0
106collisions:0 txqueuelen:3
107RX bytes:12782306 (12.1 MiB) TX bytes:1255803 (1.1 MiB)
108
109ppp1 Link encap:Point-to-Point Protocol
110inet addr:86.57.254.161 P-t-P:93.84.80.34 Mask:255.255.255.255
111UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
112RX packets:336773 errors:0 dropped:0 overruns:0 frame:0
113TX packets:345265 errors:0 dropped:0 overruns:0 carrier:0
114collisions:0 txqueuelen:3
115RX bytes:126402706 (120.5 MiB) TX bytes:45407057 (43.3 MiB)
116
117My default gateway looks like:
118warp:~/ovpn238# ip ro|grep default
119default dev ppp1 scope link
120
121So, the proper way to set the route towards VPN server 1.2.3.4 is:
122ip ro ad to 1.2.3.4/32 via 93.84.80.34 dev ppp1
123Here 'dev ppp1' is important. In case I'll use 'route add ...', it will
124set ppp0 as a device and it won't work. I have tested it by changing
125default gateway with 'ip ro ch default via 93.84.80.34 dev ppp1' and ran
126openvpn again:
127
128Fri Mar 12 00:29:00 2010 us=273161 [ovpn238] Peer Connection Initiated
129with [AF_INET]x.x.x.x:4672
130Fri Mar 12 00:29:02 2010 us=686793 SENT CONTROL [ovpn238]: 'PUSH_REQUEST'
131(status=1)
132Fri Mar 12 00:29:02 2010 us=915580 PUSH: Received control message:
133'PUSH_REPLY,route-delay 2,dhcp-option DNS x.x.x.x,dhcp-option DNS
134x.x.x.x,route-metric 1,redirect-gateway def1,route 10.8.7.113,topology
135net30,ping 10,ping-restart 120,ifconfig 10.8.7.118 10.8.7.117'
136Fri Mar 12 00:29:02 2010 us=915928 OPTIONS IMPORT: timers and/or timeouts
137modified
138Fri Mar 12 00:29:02 2010 us=915969 OPTIONS IMPORT: --ifconfig/up options
139modified
140Fri Mar 12 00:29:02 2010 us=916006 NOTE: --mute triggered...
141Fri Mar 12 00:29:02 2010 us=916856 3 variation(s) on previous 4 message(s)
142suppressed by --mute
143Fri Mar 12 00:29:02 2010 us=916906 ROUTE default_gateway=93.84.80.34
144Fri Mar 12 00:29:02 2010 us=935956 TUN/TAP device tun0 opened
145Fri Mar 12 00:29:02 2010 us=936100 TUN/TAP TX queue length set to 100
146Fri Mar 12 00:29:02 2010 us=936210 /sbin/ifconfig tun0 10.8.7.118
147pointopoint 10.8.7.117 mtu 1500
148Fri Mar 12 00:29:05 2010 us=146692 /sbin/route add -net x.x.x.x netmask
149255.255.255.255 gw 93.84.80.34
150Fri Mar 12 00:29:05 2010 us=149296 /sbin/route add -net 0.0.0.0 netmask
151128.0.0.0 gw 10.8.7.117
152Fri Mar 12 00:29:05 2010 us=151905 /sbin/route add -net 128.0.0.0 netmask
153128.0.0.0 gw 10.8.7.117
154Fri Mar 12 00:29:05 2010 us=154973 /sbin/route add -net 10.8.7.113 netmask
155255.255.255.255 gw 10.8.7.117 metric 1
156Fri Mar 12 00:29:05 2010 us=157478 Initialization Sequence Completed
157
158Following lines I've gotten in routing table:
15993.84.80.34 dev ppp0 proto kernel scope link src 1.8.160.81
16093.84.80.34 dev ppp1 proto kernel scope link src 86.57.254.161
161x.x.x.x via 93.84.80.34 dev ppp0 (!!!!!)
16210.8.7.117 dev tun0 proto kernel scope link src 10.8.7.118
16310.8.7.113 via 10.8.7.117 dev tun0 metric 1
164172.16.17.0/27 dev eth1 proto kernel scope link src 172.16.17.30
1650.0.0.0/1 via 10.8.7.117 dev tun0
166128.0.0.0/1 via 10.8.7.117 dev tun0
167default via 93.84.80.34 dev ppp1
168
169So VPN dropped after timeout, as the route went thorough wrong device
170(ppp0 instead of ppp1).
171Hope this will help
172
173---
174
175Date: 2010-03-13 13:56:04 EET
176Sender: derrichard
177
178sorry for not responding, during the weekend i'll post a complete
179configuration plus log files.
180currently, i am very busy.
181
182cheers,
183//richard
184
185---
186
187Date: 2010-04-22 16:08:33 EEST
188Sender: sven-ola
189
190Have a related problem. No default route at all. Server can be reached via
191host route or (that's my current problem) via a default route in a table !=
192main aka policy route. Especially when using "push def1" it's not necessary
193AFAICT to search + fiddle with the default route on the client.
194
195---
196
197Date: 2010-04-22 17:21:23 EEST
198Sender: sven-ola
199
200And a fix (for at least my quirks) is here:
201http://ff-firmware.cvs.sourceforge.net/viewvc/*checkout*/ff-firmware/ff-devel/openvpn.patch