[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Problems with Fixed IP

  • Subject: Re: [Openvpn-users] Problems with Fixed IP
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Sat, 3 Dec 2005 12:25:25 +0100 (CET)
On Sat, 3 Dec 2005, arussos@xxxxxxxxxxxxxxxx wrote:

Scrive Mathias Sundman <mathias@xxxxxxxxxx>:

And the CommonName of the connecting client is just "1"?

Could we see the server log output as well?

Hi, first of all thanks for the quick response. As the time I?m reading your
e-mail I?m at home and not in office, but i still can give you some other
details...

You´re welcome, but please always reply to the list so other can take advantage of the conversation in the future.

As regards the first question the answer is yes  the CN of the connecting client
is 1; this is because I create the CRT and KEY files in a numeric format (i.e.
1,2,3, etc ) as a test; the only thing I?ve modified is the name of the
config-file of the client: 1.ovpn as become, for example, andrea.ovpn.

root@server:/etc/openvpn# cat ModenaCA/keys/1.crt
???
???
Subject: C=it, ST=MO, L=Modena, O=Comune di Modena, OU=Centro Elaborazione Dati,
CN=1/emailAddress=sisinfo@xxxxxxxxxxxxxxxx

This looks a little strange, all other attributes are seperated with a comma, but the CN and emailAdress are seperated with a slash. It almost looks like the emailAddress=xxx is part of the CN.

The second question regards the server log; here is the output of a connection
of the client to the server ( i set the verbosity to 5 )
..
Sat Dec  3 10:31:07 2005 us=695996 MULTI: multi_create_instance called
Sat Dec  3 10:31:07 2005 us=696107 82.84.38.141:1191 Re-using SSL/TLS context
Sat Dec  3 10:31:07 2005 us=696421 82.84.38.141:1191 Control Channel MTU parms [
L:1557 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec  3 10:31:07 2005 us=696511 82.84.38.141:1191 Data Channel MTU parms [
L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Sat Dec  3 10:31:07 2005 us=696611 82.84.38.141:1191 Local Options String:
'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher
AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sat Dec  3 10:31:07 2005 us=696634 82.84.38.141:1191 Expected Remote Options
String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher
AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sat Dec  3 10:31:07 2005 us=696687 82.84.38.141:1191 Local Options hash
(VER=V4): '8a244582'
Sat Dec  3 10:31:07 2005 us=696720 82.84.38.141:1191 Expected Remote Options
hash (VER=V4): 'ed844052'
RSat Dec  3 10:31:07 2005 us=696820 82.84.38.141:1191 TLS: Initial packet from
82.84.38.141:1191, sid=97d7807c d5d6fcee
WRRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRSat
Dec  3 10:31:11 2005 us=112058 82.84.38.141:1191 VERIFY OK: depth=1,
/C=it/ST=MO/L=Modena/O=Comune_di_Modena/OU=Centro_Elaborazione_Dati/CN=centauri/emailAddress=sisinfo@xxxxxxxxxxxxxxxx
Sat Dec  3 10:31:11 2005 us=112514 82.84.38.141:1191 VERIFY OK: depth=0,
/C=it/ST=MO/L=Modena/O=Comune_di_Modena/OU=Centro_Elaborazione_Dati/CN=1/emailAddress=sisinfo@xxxxxxxxxxxxxxxx


Here it looks okay though.

The permissions looked okay, but, wait a minute, you are using chroot! Then the path to the ccd dir should be relative to the chroot path, not an absolute root path, so try using

client-config-dir /ccd

You could also use strace to monitor the openvpn process to see what happends or try running the server without chroot.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail