OpenVPN fungerer, men ikke nettverket

jocke · 14. juni 2007

Hei,

Sliter litt med å få OpenVPN til å fungere som det skal på mac'en min. Har satt opp server hjemme, konfigurert denne etter "boka", for deretter å sette opp mac'en etter "boka". Dette har fungert knirkefritt i en lengre periode, men etter at jeg nylig formaterte mac'en, har alt fucka seg. Jeg får koblet meg til VPN-serveren, og i henhold til loggen, legges alle routingtabellene til korrekt. Jeg får allikevel ikkje kontakt med noen av maskinene hjemme, verken gjennom diverse programmer, eller via ping.

#OpenVPN Client conf
tls-client
client
dev tun
proto tcp-client
tun-mtu 1400
remote server.com 443
http-proxy 10.0.0.1 8080
http-proxy-retry
persist-key
persist-tun
pkcs12 Joachim.p12
cipher BF-CBC
verb 3
ns-cert-type server

Thu 06/14/07 05:06 PM: IMPORTANT: OpenVPN's default port number is now 1194
Thu 06/14/07 05:06 PM: WARNING: normally if you use --mssfix and/or --fragment
Thu 06/14/07 05:06 PM: Control Channel MTU parms [ L:1443 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu 06/14/07 05:06 PM: Data Channel MTU parms [ L:1443 D:1443 EF:43 EB:4 ET:0 EL:0 ]
Thu 06/14/07 05:06 PM: Local Options hash (VER=V4): '7e8b97b9'
Thu 06/14/07 05:06 PM: Expected Remote Options hash (VER=V4): 'f0f90397'
Thu 06/14/07 05:06 PM: Attempting to establish TCP connection with 10.0.0.1:8080
Thu 06/14/07 05:06 PM: TCP connection established with 10.0.0.1:8080
Thu 06/14/07 05:06 PM: Send to HTTP proxy: 'CONNECT server.com:443 HTTP/1.0'
Thu 06/14/07 05:06 PM: HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Thu 06/14/07 05:06 PM: TCPv4_CLIENT link local: [undef]
Thu 06/14/07 05:06 PM: TCPv4_CLIENT link remote: 10.0.0.1:8080
Thu 06/14/07 05:06 PM: TLS: Initial packet from 10.0.0.1:8080
Thu 06/14/07 05:06 PM: VERIFY OK: depth=1
Thu 06/14/07 05:06 PM: VERIFY OK: nsCertType=SERVER
Thu 06/14/07 05:06 PM: VERIFY OK: depth=0
Thu 06/14/07 05:06 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu 06/14/07 05:06 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu 06/14/07 05:06 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu 06/14/07 05:06 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu 06/14/07 05:06 PM: Control Channel: TLSv1
Thu 06/14/07 05:06 PM: [gateway.tingvold.com] Peer Connection Initiated with 10.0.0.1:8080
Thu 06/14/07 05:06 PM: SENT CONTROL [server.com]: 'PUSH_REQUEST' (status=1)
Thu 06/14/07 05:06 PM: PUSH: Received control message: 'PUSH_REPLY
Thu 06/14/07 05:06 PM: OPTIONS IMPORT: timers and/or timeouts modified
Thu 06/14/07 05:06 PM: OPTIONS IMPORT: --ifconfig/up options modified
Thu 06/14/07 05:06 PM: OPTIONS IMPORT: route options modified
Thu 06/14/07 05:06 PM: gw 10.0.0.1
Thu 06/14/07 05:06 PM: TUN/TAP device /dev/tun8 opened
Thu 06/14/07 05:06 PM: /sbin/ifconfig tun8 delete
Thu 06/14/07 05:07 PM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu 06/14/07 05:07 PM: /sbin/ifconfig tun8 192.168.2.6 192.168.2.5 mtu 1400 netmask 255.255.255.255 up
Thu 06/14/07 05:07 PM: /sbin/route add -net 192.168.1.0 192.168.2.5 255.255.255.0
Thu 06/14/07 05:07 PM: /sbin/route add -net 192.168.2.1 192.168.2.5 255.255.255.255
Thu 06/14/07 05:07 PM: Initialization Sequence Completed

Hva kan være galt? :o

edit:

Kjørte en ifconfig, og ser at det er hele 8 tun-devices åpne. Kan være dette som krøller det til? I følge loggfila til OpenVPN, bruker den kun tun8... Så, hvordan får man fjernet tun-devices?

jocke:~ joachim$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
       inet 127.0.0.1 netmask 0xff000000 
       inet6 ::1 prefixlen 128 
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       ether 00:14:51:12:c1:f0 
       media: autoselect (none) status: inactive
       supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT <full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> 1000baseT <full-duplex,flow-control,hw-loopback>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet6 fe80::211:24ff:fea5:220c%en1 prefixlen 64 scopeid 0x5 
       inet 10.0.100.232 netmask 0xff000000 broadcast 10.255.255.255
       ether 00:11:24:a5:22:0c 
       media: autoselect status: active
       supported media: autoselect
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
       lladdr 00:14:51:ff:fe:12:c1:f0 
       media: autoselect <full-duplex> status: inactive
       supported media: autoselect <full-duplex>
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1400
       inet 192.168.2.6 --> 192.168.2.5 netmask 0xffffffff 
       open (pid 313)
tun1: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1400
       inet 192.168.2.6 --> 192.168.2.5 netmask 0xffffffff 
       open (pid 323)
tun2: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1400
       inet 192.168.2.6 --> 192.168.2.5 netmask 0xffffffff 
       open (pid 345)
tun3: flags=8850<POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       open (pid 723)
tun4: flags=8850<POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       open (pid 735)
tun5: flags=8850<POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       open (pid 862)
tun6: flags=8850<POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       open (pid 872)
tun7: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1400
       inet 192.168.2.6 --> 192.168.2.5 netmask 0xffffffff 
       open (pid 931)
tun8: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1400
       inet 192.168.2.6 --> 192.168.2.5 netmask 0xffffffff 
       open (pid 950)

edit #2:

Kan det ha noe med at jeg har aktivert følgende option i client-config'en?;

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

Endret 14. juni 2007 av jocke

Logg inn

OpenVPN fungerer, men ikke nettverket

Anbefalte innlegg

jocke

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer