Hallo, ich versuche momentan zu unserem UNI-VPN eine Verbindung aufzubauen,
dies schlägt jedoch fehl, hier die Ausgabe des OpenVPN Clients:
12:23:43 condor@atoll:~$ sudo /usr/local/sbin/openvpn --config /home/condor/openvpn/informatik.conf
Thu Apr 10 12:23:50 2008 OpenVPN 2.0.9 i386-unknown-openbsd4.2 [SSL] [LZO] built on Aug 18 2007
Enter Auth Username:
Enter Auth Password:
Thu Apr 10 12:23:53 2008 LZO compression initialized
Thu Apr 10 12:23:53 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Apr 10 12:23:53 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr 10 12:23:53 2008 Local Options hash (VER=V4): '41690919'
Thu Apr 10 12:23:53 2008 Expected Remote Options hash (VER=V4): '530fdded'
Thu Apr 10 12:23:53 2008 UDPv4 link local: [undef]
Thu Apr 10 12:23:53 2008 UDPv4 link remote: 129.69.x.x:1194
Thu Apr 10 12:23:53 2008 TLS: Initial packet from 129.69.x.x:1194, sid=a502be5f fec34791
Thu Apr 10 12:23:53 2008 VERIFY OK: depth=1, [.....]
Thu Apr 10 12:23:54 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 10 12:23:54 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 10 12:23:54 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 10 12:23:54 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 10 12:23:54 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Apr 10 12:23:54 2008 [openvpn.informatik.x] Peer Connection Initiated with 129.69.204.x:1194
Thu Apr 10 12:23:55 2008 SENT CONTROL [openvpn.informatik.x]: 'PUSH_REQUEST' (status=1)
Thu Apr 10 12:23:55 2008 PUSH: Received control message: 'PUSH_REPLY,route 129.69.0.0 255.255.0.0,route 141.58.0.0 255.255.0.0,route-gateway 129.69.186.1,topology subnet,ping 10,ping-exit 60,route 129.69.x.x 255.255.255.255 net_gateway,ifconfig 129.69.186.198 255.255.255.0'
Thu Apr 10 12:23:55 2008 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.9)
Thu Apr 10 12:23:55 2008 OPTIONS IMPORT: timers and/or timeouts modified
Thu Apr 10 12:23:55 2008 OPTIONS IMPORT: --ifconfig/up options modified
Thu Apr 10 12:23:55 2008 OPTIONS IMPORT: route options modified
Thu Apr 10 12:23:55 2008 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Thu Apr 10 12:23:55 2008 gw 84.56.128.1
Thu Apr 10 12:23:55 2008 /sbin/ifconfig tun2 destroy
Thu Apr 10 12:23:55 2008 /sbin/ifconfig tun2 create
Thu Apr 10 12:23:55 2008 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu Apr 10 12:23:55 2008 /sbin/ifconfig tun2 129.69.186.198 255.255.255.0 mtu 1500 netmask 255.255.255.255 up
Thu Apr 10 12:23:55 2008 TUN/TAP device /dev/tun2 opened
Thu Apr 10 12:23:55 2008 /sbin/route add -net 129.69.0.0 129.69.186.1 -netmask 255.255.0.0
route: writing to routing socket: Network is unreachable
add net 129.69.0.0: gateway 129.69.186.1: Network is unreachable
Thu Apr 10 12:23:55 2008 ERROR: OpenBSD/NetBSD route add command failed: shell command exited with error status: 1
Thu Apr 10 12:23:55 2008 /sbin/route add -net 141.58.0.0 129.69.186.1 -netmask 255.255.0.0
route: writing to routing socket: Network is unreachable
add net 141.58.0.0: gateway 129.69.186.1: Network is unreachable
Thu Apr 10 12:23:55 2008 ERROR: OpenBSD/NetBSD route add command failed: shell command exited with error status: 1
Thu Apr 10 12:23:55 2008 /sbin/route add -net 129.69.x.x 84.56.128.1 -netmask 255.255.255.255
add net 129.69.204.x: gateway 84.56.128.1
Thu Apr 10 12:23:55 2008 Initialization Sequence Completed
^CThu Apr 10 12:27:32 2008 event_wait : Interrupted system call (code=4)
Thu Apr 10 12:27:32 2008 TCP/UDP: Closing socket
Thu Apr 10 12:27:32 2008 /sbin/route delete -net 129.69.x.x 84.56.128.1 -netmask 255.255.255.255
delete net 129.69.x.x: gateway 84.56.128.1
Thu Apr 10 12:27:32 2008 Closing TUN/TAP interface
Thu Apr 10 12:27:32 2008 SIGINT[hard,] received, process exiting
Als OpenVPN config wird folgende verwendet:
ca /etc/openvpn/cacert.crt
#
#
client
dev tun2
proto udp
port 1194
nobind
remote 129.69.x.x 1194
resolv-retry infinite
persist-key
persist-tun
tls-remote openvpn.informatik.x
comp-lzo
verb 3
auth-user-pass
Ich änderte hier dev tun auf dev tun2, weil er ansonsten damit stirbt:
ifconfig: SIOCGIFFLAGS: Device not configured
anbei noch meine ifconfig Ausgabe:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:b9:12:6b:04
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::20d:b9ff:fe12:6b04%vr0 prefixlen 64 scopeid 0x1
inet6 2001:6f8:114a:1::1 prefixlen 64
vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:b9:12:6b:06
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::20d:b9ff:fe12:6b06%vr2 prefixlen 64 scopeid 0x3
enc0: flags=0<> mtu 1536
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
groups: tun egress
inet 84.56.178.68 --> 84.56.128.1 netmask 0xffffffff
tun2: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1500
groups: tun
inet 129.69.186.x --> 255.255.255.0 netmask 0xffffffff
tun0 ist meine pppoe Verbindung, tun1 ein IPv6 Tunnel.
Mir sticht bei tun2 das inet 129.69.186.x --> 255.255.255.0 netmask 0xffffffff
ins Auge und beim verbinden das
Thu Apr 10 12:23:55 2008 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Ist meine pf.conf interessant?
Irgendwelche Ideen, wie das zu fixen ist?
dies schlägt jedoch fehl, hier die Ausgabe des OpenVPN Clients:
12:23:43 condor@atoll:~$ sudo /usr/local/sbin/openvpn --config /home/condor/openvpn/informatik.conf
Thu Apr 10 12:23:50 2008 OpenVPN 2.0.9 i386-unknown-openbsd4.2 [SSL] [LZO] built on Aug 18 2007
Enter Auth Username:
Enter Auth Password:
Thu Apr 10 12:23:53 2008 LZO compression initialized
Thu Apr 10 12:23:53 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Apr 10 12:23:53 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr 10 12:23:53 2008 Local Options hash (VER=V4): '41690919'
Thu Apr 10 12:23:53 2008 Expected Remote Options hash (VER=V4): '530fdded'
Thu Apr 10 12:23:53 2008 UDPv4 link local: [undef]
Thu Apr 10 12:23:53 2008 UDPv4 link remote: 129.69.x.x:1194
Thu Apr 10 12:23:53 2008 TLS: Initial packet from 129.69.x.x:1194, sid=a502be5f fec34791
Thu Apr 10 12:23:53 2008 VERIFY OK: depth=1, [.....]
Thu Apr 10 12:23:54 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 10 12:23:54 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 10 12:23:54 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 10 12:23:54 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 10 12:23:54 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Apr 10 12:23:54 2008 [openvpn.informatik.x] Peer Connection Initiated with 129.69.204.x:1194
Thu Apr 10 12:23:55 2008 SENT CONTROL [openvpn.informatik.x]: 'PUSH_REQUEST' (status=1)
Thu Apr 10 12:23:55 2008 PUSH: Received control message: 'PUSH_REPLY,route 129.69.0.0 255.255.0.0,route 141.58.0.0 255.255.0.0,route-gateway 129.69.186.1,topology subnet,ping 10,ping-exit 60,route 129.69.x.x 255.255.255.255 net_gateway,ifconfig 129.69.186.198 255.255.255.0'
Thu Apr 10 12:23:55 2008 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.9)
Thu Apr 10 12:23:55 2008 OPTIONS IMPORT: timers and/or timeouts modified
Thu Apr 10 12:23:55 2008 OPTIONS IMPORT: --ifconfig/up options modified
Thu Apr 10 12:23:55 2008 OPTIONS IMPORT: route options modified
Thu Apr 10 12:23:55 2008 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Thu Apr 10 12:23:55 2008 gw 84.56.128.1
Thu Apr 10 12:23:55 2008 /sbin/ifconfig tun2 destroy
Thu Apr 10 12:23:55 2008 /sbin/ifconfig tun2 create
Thu Apr 10 12:23:55 2008 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu Apr 10 12:23:55 2008 /sbin/ifconfig tun2 129.69.186.198 255.255.255.0 mtu 1500 netmask 255.255.255.255 up
Thu Apr 10 12:23:55 2008 TUN/TAP device /dev/tun2 opened
Thu Apr 10 12:23:55 2008 /sbin/route add -net 129.69.0.0 129.69.186.1 -netmask 255.255.0.0
route: writing to routing socket: Network is unreachable
add net 129.69.0.0: gateway 129.69.186.1: Network is unreachable
Thu Apr 10 12:23:55 2008 ERROR: OpenBSD/NetBSD route add command failed: shell command exited with error status: 1
Thu Apr 10 12:23:55 2008 /sbin/route add -net 141.58.0.0 129.69.186.1 -netmask 255.255.0.0
route: writing to routing socket: Network is unreachable
add net 141.58.0.0: gateway 129.69.186.1: Network is unreachable
Thu Apr 10 12:23:55 2008 ERROR: OpenBSD/NetBSD route add command failed: shell command exited with error status: 1
Thu Apr 10 12:23:55 2008 /sbin/route add -net 129.69.x.x 84.56.128.1 -netmask 255.255.255.255
add net 129.69.204.x: gateway 84.56.128.1
Thu Apr 10 12:23:55 2008 Initialization Sequence Completed
^CThu Apr 10 12:27:32 2008 event_wait : Interrupted system call (code=4)
Thu Apr 10 12:27:32 2008 TCP/UDP: Closing socket
Thu Apr 10 12:27:32 2008 /sbin/route delete -net 129.69.x.x 84.56.128.1 -netmask 255.255.255.255
delete net 129.69.x.x: gateway 84.56.128.1
Thu Apr 10 12:27:32 2008 Closing TUN/TAP interface
Thu Apr 10 12:27:32 2008 SIGINT[hard,] received, process exiting
Als OpenVPN config wird folgende verwendet:
ca /etc/openvpn/cacert.crt
#
#
client
dev tun2
proto udp
port 1194
nobind
remote 129.69.x.x 1194
resolv-retry infinite
persist-key
persist-tun
tls-remote openvpn.informatik.x
comp-lzo
verb 3
auth-user-pass
Ich änderte hier dev tun auf dev tun2, weil er ansonsten damit stirbt:
ifconfig: SIOCGIFFLAGS: Device not configured
anbei noch meine ifconfig Ausgabe:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:b9:12:6b:04
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::20d:b9ff:fe12:6b04%vr0 prefixlen 64 scopeid 0x1
inet6 2001:6f8:114a:1::1 prefixlen 64
vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:b9:12:6b:06
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::20d:b9ff:fe12:6b06%vr2 prefixlen 64 scopeid 0x3
enc0: flags=0<> mtu 1536
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
groups: tun egress
inet 84.56.178.68 --> 84.56.128.1 netmask 0xffffffff
tun2: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1500
groups: tun
inet 129.69.186.x --> 255.255.255.0 netmask 0xffffffff
tun0 ist meine pppoe Verbindung, tun1 ein IPv6 Tunnel.
Mir sticht bei tun2 das inet 129.69.186.x --> 255.255.255.0 netmask 0xffffffff
ins Auge und beim verbinden das
Thu Apr 10 12:23:55 2008 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Ist meine pf.conf interessant?
Irgendwelche Ideen, wie das zu fixen ist?