sam wun | 1 Nov 05:13 2004
Picon

Re: Incoming packet rejected - SLOVED

Hi,

The problem with the "Incoming packet rejected from..." error is caused by the DNS broadcast 2 IP addresses
to a single domain name which are 192.168.4.0 and 192.168.9.0. The 192.168.4.254 is the gateway IP
address where 192.168.9.254 is the destination address that the vpn tunnel is going to be redirected to. 

Openvpn will choose one of them randomly. When 192.168.4.254 is selected as the gateway address, openvpn
vpn server accepts it; when 192.168.9.254 is selected, openvpn rejects the connection. This is beause
the gateway address can't be the same as the destination address that the openvpn is going to redirect to.

Sam.

-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
sam wun | 1 Nov 05:42 2004
Picon

Windows directory in easy-rsa

Hi,

With Beta 11 and above, I found the following directory exist in the 
easy-rsadirectory:
# make install
install: /usr/local/work/ovpn-port/work/openvpn-2.0/easy-rsa/Windows: 
Inappropriate file type or format
*** Error code 71

this actually stop the installation working in FreeBSD.

Sam.

-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
Conor Rafferty | 1 Nov 10:00 2004
Picon

OpenVPN, setting up on XP - stuck !

I am running a LAN connected to the internet via broadband/router combo, and
a remote laptop that has a dialup connection.

I want laptop to be able to see my LAN

I have installed OpenVPN on both laptop, and a PC on the LAN.
Both machines have Windows XP.

I have followed instructions on OpenVPN site (very unix based!), but not
managed to ping each end yet.

I noticed the documentation talking about setting up a firewall:
"OpenVPN's usage of a single UDP port makes it fairly firewall-friendly. You
should add an entry to your firewall rules to allow incoming OpenVPN
packets. On Linux 2.4+:
iptables -A INPUT -p udp -s 1.2.3.4 --dport 5000 -j ACCEPT
This will allow incoming packets on UDP port 5000 (OpenVPN's default UDP
port) from an OpenVPN peer at 1.2.3.4. "

...very unix based - I think this assumes that firewall is on same machine
as the VPN server, hence when you open the port, you don't need to provide
an IP address to forward the traffic on to ?

On my LAN the firewall is in my Netgear router, and the VPN server is a
seperate machine, connected to the router.

I have set up port forwarding to forward traffic to UDP port 5000 to the VPN
Server machine - is this right ?

where am I going wrong ?
(Continue reading)

sam wun | 1 Nov 10:01 2004
Picon

Gateway IP of win-tap disappeared

HI,

I found the gateway IP address sometimes disappear from windows network 
config after the successful establishment of the openvpn connection.
I m using openvpn beta 14 with winxp as client. The connection protocol 
is UDP with tap.
The "push" config in the server is as follow:

push "ping 10"
push "ping-restart 30"
#push "persist-tun"
push "persist-key"
push "redirect-gateway"
push "route-gateway 172.16.0.1"
#push "route delete 192.168.9.0 255.255.255.0"
push "route 192.168.9.0 255.255.255.0"
push "dhcp-option DNS 192.168.9.254"
push "dhcp-option WINS 192.168.9.254"
push "ip-win32 dynamic"
push "dhcp-option NBT 8"
push "dhcp-option DOMAIN mydomain.com"

Thanks
Sam

-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
(Continue reading)

Mathias Sundman | 1 Nov 10:19 2004
Picon

Re: Gateway IP of win-tap disappeared

On Mon, 1 Nov 2004, sam wun wrote:

> I found the gateway IP address sometimes disappear from windows network 
> config after the successful establishment of the openvpn connection.
> I m using openvpn beta 14 with winxp as client. The connection protocol is 
> UDP with tap.
> 
> The "push" config in the server is as follow:
>
> push "ping 10"
> push "ping-restart 30"
> #push "persist-tun"
> push "persist-key"
> push "redirect-gateway"
> push "route-gateway 172.16.0.1"
> #push "route delete 192.168.9.0 255.255.255.0"
> push "route 192.168.9.0 255.255.255.0"
> push "dhcp-option DNS 192.168.9.254"
> push "dhcp-option WINS 192.168.9.254"
> push "ip-win32 dynamic"
> push "dhcp-option NBT 8"
> push "dhcp-option DOMAIN mydomain.com"

What gateway address? The original one, or the one pushed by OpenVPN?

With your configuration the original default gateway should be replaced 
with the one set by OpenVPN.

I think you can run into problems when Windows DHCP client refreshes the 
IP address though. This could cause the old default gateway to be 
(Continue reading)

Conor Rafferty | 1 Nov 10:53 2004
Picon

FW: OpenVPN, setting up on XP - stuck !

OK... I was not "really" connecting laptop via dialup the first time, but
merely connecting it from the LAN, to "simulate" dialling in...

When I pulled it off the LAN, and dialled in - my OpenVPN seems to work, in
as much as I can now PING from both ends.

So problem solved...

Can anyone tell me why it didn't work when my laptop was connected into same
LAN as OpenVPN server ?

-----Original Message-----
From: openvpn-users-admin <at> lists.sourceforge.net
[mailto:openvpn-users-admin <at> lists.sourceforge.net]On Behalf Of Conor
Rafferty
Sent: 01 November 2004 09:01
To: openvpn-users <at> lists.sourceforge.net
Subject: [Openvpn-users] OpenVPN, setting up on XP - stuck !

I am running a LAN connected to the internet via broadband/router combo, and
a remote laptop that has a dialup connection.

I want laptop to be able to see my LAN

I have installed OpenVPN on both laptop, and a PC on the LAN.
Both machines have Windows XP.

I have followed instructions on OpenVPN site (very unix based!), but not
managed to ping each end yet.

(Continue reading)

sam wun | 1 Nov 11:19 2004
Picon

Re: Gateway IP of win-tap disappeared

Mathias Sundman wrote:

> On Mon, 1 Nov 2004, sam wun wrote:
>
>> I found the gateway IP address sometimes disappear from windows 
>> network config after the successful establishment of the openvpn 
>> connection.
>> I m using openvpn beta 14 with winxp as client. The connection 
>> protocol is UDP with tap.
>>
>> The "push" config in the server is as follow:
>>
>> push "ping 10"
>> push "ping-restart 30"
>> #push "persist-tun"
>> push "persist-key"
>> push "redirect-gateway"
>> push "route-gateway 172.16.0.1"
>> #push "route delete 192.168.9.0 255.255.255.0"
>> push "route 192.168.9.0 255.255.255.0"
>> push "dhcp-option DNS 192.168.9.254"
>> push "dhcp-option WINS 192.168.9.254"
>> push "ip-win32 dynamic"
>> push "dhcp-option NBT 8"
>> push "dhcp-option DOMAIN mydomain.com"
>
>
> What gateway address? The original one, or the one pushed by OpenVPN?

The original one.
(Continue reading)

Conor Rafferty | 1 Nov 12:23 2004
Picon

OpenVPN with XP client - can ping both ends but do little else !

Hi all,

I've progressed my OpenVPN to the point where I can ping both ends, but do
precious little else.

ENVIRONMENT:

I am running a LAN connected to the internet via broadband/router combo, and
a remote laptop that has a dialup connection.

I want laptop to be able to see my LAN, so that when I am away from my LAN,
I can still access it - to copy files, map to a network drive etc. so I can
run c/s apps etc.

I have installed OpenVPN on both laptop, and a PC on the LAN.
Both machines have Windows XP.

On my LAN the firewall is in my Netgear router, and the VPN server is a
seperate machine, connected to the router. I have set up port forwarding to
forward external router traffic to UDP port 5000, on to the VPN Server
machine.

>> ENVIRONMENT END;

Now I can ping from the laptop to the VPN server and vice versa, using the
private VPN addresses, 10.1.0.2 for laptop, 10.1.0.1 for VPN server.

However none of the LAN computers show up on the laptop under "Microsoft
Network" or "Network Neighbourhood" or whatever its called.

(Continue reading)

condor_rl | 1 Nov 12:58 2004
Picon

LLC malformed Packets and Ethernet II Unknown TYPE field


Hi,
I have a strange problem using OpenVPN 2 beta 11 with my linux box and 
kernel 2.6.8.1-mm4.
Let me explain the senario and the problem...

SCENARIO:
There are 2 PC, 1 OpenVPN server and 1 OpenVPN client.

The server has 2 NICs, the ETH0 has an IP address and it is the way how to
reach the OpenVPN server and The IP address whare the OpenVPN process is
listening.
The ETH1 is without IP configured. It has only layer 2 address.
I configured a Bridge BR0 with 2 interface the ETH1 and the TAP0
interface.

The OpenVPN process "read" and "write" on the ETH1 and TAP0 interface.
This system let me to have a real layer2 link encapsulated and encrypted in a
TCP or UDP tunnel.

THE PROBLEM:

I have 2 clients, one MACOSX and one Linux, to connect to the OpenVPN
server.

- Using the OSX client

When I connect to the server and I perform a tcpdump on
the TAP0 interface I can see all the Broadcast Traffic of the LAN where
the OpenVPN Server's eth1 is located.
(Continue reading)

Richard Atterer | 1 Nov 13:15 2004
Picon

Windows XP SP2: TAP-Win32 non-functional after boot

Hello,

thanks for OpenVPN, it is very nice compared to IPSec!

I have one problem: On my Windows XP SP2 client, OpenVPN does *not* work
unless I explicitly deactivate, then re-activate the TAP-Win32 adapter
before starting OpenVPN. If I do this, everything works fine, I can connect
(and reconnect many times) without problems.

If I try to start OpenVPN without restarting the TAP-Win32 adapter, the
following happens: OpenVPN correctly connects to the VPN server and then
loops:

  ... TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
  ... Route: Waiting for TUN/TAP interface to come up...

At the same time, the TAP-Win32 adapter is stuck in the "Netzwerkadresse
beziehen" state. (German for "getting network address", i.e. it's sending
out DHCP requests.)

Everything remains stuck in this state until Windows decides there is no
DHCP server and auto-assigns a 169.254.x.x address to the interface. :-(

My setup:

My WLAN is secured with OpenVPN 2.0, using a Linux server/router with the
Debian 2.0beta14 package. There are also some Linux clients which work just
fine.

On the Windows client, I have used 2.0beta11+beta15 with identical results. 
(Continue reading)


Gmane