[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Newbie question

  • Subject: Re: [Openvpn-users] Newbie question
  • From: "James Yonan" <jim@xxxxxxxx>
  • Date: Wed, 10 Apr 2002 09:40:25 -0600
> Hello,
> I'm quite new to openvpn and to this list.
> I have problems to get openvpn working.
> I could not find any related info in the list archives
> so I hope to gather some hints here.
>
> I compiled and installed openvpn on two
> linux boxes (SuSE 7.3, Kernel 2.4.18 with tap/tun modules).
> No probs so far. I went through the given example without
> encryption. No problem, but I could not ping the 'other' machine.
>
> This is on 'june' (192.168.100.7)
> ws-gt:~#openvpn --remote may --dev tun7 --verb 8
> 0: Current Parameter Settings:
> 1:   local = '(null)'
> 2:   remote = 'may'
> 3:   local_port = 5000
> 4:   remote_port = 5000
> 5:   remote_float = DISABLED
> 6:   ipchange = '(null)'
> 7:   bind_local = ENABLED
> 8:   dev = 'tun7'
> 9:   shaper = 0
> 10:   tun_mtu = 1450
> 11:   tun_mtu_defined = ENABLED
> 12:   udp_mtu = 0
> 13:   udp_mtu_defined = DISABLED
> 14:   tun_af_inet = DISABLED
> 15:   mlock = DISABLED
> 16:   username = '(null)'
> 17:   chroot_dir = '(null)'
> 18:   up_script = '(null)'
> 19:   down_script = '(null)'
> 20:   daemon = DISABLED
> 21:   nice = 0
> 22:   verbosity = 8
> 23:   gremlin = DISABLED
> 24:   comp_lzo = DISABLED
> 25:   comp_lzo_adaptive = ENABLED
> 26:   shared_secret_file = '(null)'
> 27:   ciphername_defined = ENABLED
> 28:   ciphername = 'BF-CBC'
> 29:   authname_defined = ENABLED
> 30:   authname = 'SHA1'
> 31:   keysize = 0
> 32:   packet_id = ENABLED
> 33:   iv = ENABLED
> 34:   tls_server = DISABLED
> 35:   tls_client = DISABLED
> 36:   ca_file = '(null)'
> 37:   dh_file = '(null)'
> 38:   cert_file = '(null)'
> 39:   priv_key_file = '(null)'
> 40:   cipher_list = '(null)'
> 41:   tls_verify = '(null)'
> 42:   tls_timeout = 5
> 43:   renegotiate_bytes = 0
> 44:   renegotiate_packets = 0
> 45:   renegotiate_seconds = 3600
> 46:   handshake_window = 60
> 47:   transition_window = 3600
> 48:   tls_auth_file = '(null)'
> 49: OpenVPN 1.1.0 Built On Apr 10 2002
> 50: UDP link local (bound): [undef]:5000
> 51: UDP link remote: 192.168.100.7:5000
> 52: TUN/TAP device tun7 opened
> 53: ******* WARNING *******: all encryption and authentication features
disabled -- all data will be tunnelled as cleartext
> 54: Data Channel MTU parms: mtu=1450 extra_frame=0 extra_buffer=0
extra_tun=0
> 55: INTERVAL TRIGGER
>
> Now I did a 'ping may' on june
> and openvpn on june went crazy:
>
> 56: select returned 1
> 57: read from tun returned 84
> 58: select returned 1
> 59: write to udp returned 84
> 60: UDP WRITE to 192.168.100.7:5000:  DATA 45000054 00004000 4001f148
c0a86408 c0a86407 0800d200 ea130000 3cb3ce6[more...]
> 61: select returned 1
> 62: read from tun returned 112
> 63: select returned 1
> 64: write to udp returned 112
> 65: UDP WRITE to 192.168.100.7:5000:  DATA 45000070 00004000 4011f11c
c0a86408 c0a86407 13881388 005c8ec5 4500005[more...]
> 66: select returned 1
> 67: read from tun returned 140
> 68: select returned 1
> 69: write to udp returned 140
> 70: UDP WRITE to 192.168.100.7:5000:  DATA 4500008c 00004000 4011f100
c0a86408 c0a86407 13881388 0078d85b 4500007[more...]
> 71: select returned 1
> 72: read from tun returned 168
> 73: select returned 1
> 74: write to udp returned 168
> 75: UDP WRITE to 192.168.100.7:5000:  DATA 450000a8 00004000 4011f0e4
c0a86408 c0a86407 13881388 0094d83f 4500008[more...]
>
> more and more and more ... endless
>
> This behaviour is symetrical, i.e. not matter on which box I did the ping,
the local openvpn went crazy.
>
> BTW a tcpdump on the local tunnel interface gave these results :
>
> 07:42:36.978406 192.168.100.8.5000 > 192.168.100.7.5000 :  udp 132 (DF)
> 07:42:36.984440 192.168.100.8.5000 > 192.168.100.7.5000 :  udp 1196 (DF)
> 07:42:36.986391 192.168.100.8.5000 > 192.168.100.7.5000 :  udp 1444 (frag
2227:1424@0+)
> 07:42:36.992436 192.168.100.8 > 192.168.100.7: (frag2 227:28@1424)
> 07:42:36.993621 192.168.100.8.5000 > 192.168.100.7.5000 :  udp 1444 (frag
2228:1424@0+)
> 07:42:36.998021 192.168.100.8 > 192.168.100.7: (frag 2228:28@1424)
> 07:42:37.004172 192.168.100.8.5000 > 192.168.100.7.5000 :  udp 1444 (frag
2229:1424@0+)
> 07:42:37.006295 192.168.100.8 > 192.168.100.7: (frag 2229:28@1424)
>
> Do fragmentation cause my problems ?
>
> Are there any hints ??
> I think I've made some basic mistakes or understood somethink completely
wrong so
> I would apreciate any help!!!

Juergen,

The tcpdump output above definitely sees wrong.  It's possible that you're
not doing the ifconfig right.  Can you show the exact ifconfig command you
used to configure the tunnel and then do ifconfig by itself to output the
current configuration?

Note that in the example on the openvpn man page, you should do the ifconfig
exactly as it is stated

ifconfig tun7 10.1.0.7 pointopoint 10.1.0.8 mtu 1450

In the example "A simple tunnel without security" you should change "may"
and "june" to reflect your particular network configuration, but don't
change the 10.1.0.7 and 10.1.0.8.  It's important that the addresses
ifconfig uses for the tunnel endpoints (10.1.0.7 and 10.1.0.8) are private
and completely independent of the IP address space used by "may" and "june"
to communicate with each other over the internet, your private LAN, etc.

James



_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users