[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]
Re: [Openvpn-users] Unexpected WARNINGS

Subject: Re: [Openvpn-users] Unexpected WARNINGS
From: "Tiger Big" <vpn.mailist@xxxxxxxxx>
Date: Sat, 8 Dec 2007 20:35:08 +0800
Hi ,Jan
I have tried to avoide using proxy and set tun-mtu to a lower value,
but still the same result.

BTW, if setting tun-mtu to 1200 in server conf, there will be a
warning message saying:

"WARNING: normally if you use --mssfix and/or --fragment, you should
also set --tun-mtu 1500 (currently it is 1200)"

I have no idea with that message.

anyway, I'll try using a linux client to see if all those warnings
comes out because of the windows platform.

On Dec 7, 2007 6:14 PM, Jan Just Keijser <janjust@xxxxxxxxx> wrote:
> Hi Tiger Big,
>
> hmmm I misread your config file a little bit. I saw
> tls-client
> ifconfig <IP> <IP>
> the first statement is a client/server setup (openvpn 2.x) whereas the
> second statement is used mostly in point-to-point (openvpn 1.x) setups.
> However, if you use
> ifconfig <IP> <NETMASK>
> which your config file shows then you're fine. Sorry about that.
>
> As for the warnings, your client log file shows that you're connecting
> thru an HTTP proxy - I presume this is intentional; it might be best to
> reflect this in the openvpn client config file. It should not make much
> difference but you never know.
>
> Finally, try reducing the 'tun-mtu' parameter on both sides (to e.g.
> 1200) and see if that helps at all.
>
> cheers,
>
> JJK
>
>
> Tiger Big wrote:
> > thanks Jan, but still the same results/warnings.
> >
> > one more question, why would you say "config files don't make sense" ?
> > the only difference between my original conf and your modified version
> > is the method of how to obtain IP address.
> >
> >
> >
> > On Dec 6, 2007 5:06 PM, Jan Just Keijser <janjust@xxxxxxxxx> wrote:
> >
> >> your client and server config files don't make sense. Try this for the
> >> server config:
> >>
> >> local xxx.xxx.org
> >>
> >> port 8080
> >> proto tcp-server
> >> tls-server
> >> server 192.168.10.0 255.255.255.0
> >>
> >> dev tap0
> >> cert X509/Server/server.crt
> >> key X509/Server/server.key
> >> dh X509/Server/dh1024.pem
> >> ca X509/CA/ca.crt
> >>
> >> keepalive 10 120
> >> user nobody
> >> group nobody
> >> persist-key
> >> persist-tun
> >> comp-lzo
> >> verb 4
> >> mute 10
> >>
> >> and this for the client
> >>
> >> local abc
> >> remote xxx.xxx.org  8080
> >>
> >> proto tcp-client
> >> tls-client
> >> dev tap
> >> dev-node tap0
> >> nobind
> >> cert D:\\OpenVPN\\easy-rsa\\keys\\Tiger.crt
> >> key D:\\OpenVPN\\easy-rsa\\keys\\Tiger.key
> >> ca D:\\OpenVPN\\easy-rsa\\keys\\ca.crt
> >>
> >> keepalive 10 120
> >> comp-lzo
> >> verb 4
> >> mute 10
> >>
> >> HTH,
> >>
> >> JJK
> >>
> >>
> >> Tiger Big wrote:
> >>
> >>> Server Configuration (Linux)：
> >>> −−−−−−−−−−−−−−−−−−
> >>> local xxx.xxx.org
> >>> port 8080
> >>> proto tcp-server
> >>> tls-server
> >>> dev tap0
> >>> cert X509/Server/server.crt
> >>> key X509/Server/server.key
> >>> dh X509/Server/dh1024.pem
> >>> ca X509/CA/ca.crt
> >>> ifconfig 192.168.10.11 255.255.255.0
> >>> keepalive 10 120
> >>> user nobody
> >>> group nobody
> >>> persist-key
> >>> persist-tun
> >>> comp-lzo
> >>> verb 4
> >>> mute 10
> >>> −−−−−−−−−−−−−−−−−−
> >>>
> >>>
> >>> Client Configuration (WinXP):
> >>> ------------------------------------------
> >>> local abc
> >>> remote xxx.xxx.org  8080
> >>> proto tcp-client
> >>> tls-client
> >>> dev tap
> >>> dev-node tap0
> >>> nobind
> >>> cert D:\\OpenVPN\\easy-rsa\\keys\\Tiger.crt
> >>> key D:\\OpenVPN\\easy-rsa\\keys\\Tiger.key
> >>> ca D:\\OpenVPN\\easy-rsa\\keys\\ca.crt
> >>> ifconfig 192.168.10.11  255.255.255.0
> >>> keepalive 10 120
> >>> comp-lzo
> >>> verb 4
> >>> mute 10
> >>> --------------------------------------------
> >>>
> >>> Output of Server：
> >>> −−−−−−−−−−−−−−−−−−−−−−
> >>> Wed Nov  7 22:46:52 2007 us=395451 OpenVPN 2.0.9 mipsel-unknown-linux
> >>> [SSL] [LZO] built on Oct  8 2007
> >>> Wed Nov  7 22:46:53 2007 us=139174 Diffie-Hellman initialized with
> >>> 1024 bit key
> >>> Wed Nov  7 22:46:53 2007 us=167393 LZO compression initialized
> >>> Wed Nov  7 22:46:53 2007 us=177324 Control Channel MTU parms [ L:1576
> >>> D:140 EF:40 EB:0 ET:0 EL:0 ]
> >>> Wed Nov  7 22:46:53 2007 us=207122 TUN/TAP device tap0 opened
> >>> Wed Nov  7 22:46:53 2007 us=209204 TUN/TAP TX queue length set to 100
> >>> Wed Nov  7 22:46:53 2007 us=211730 /sbin/ifconfig tap0 192.168.10.11
> >>> netmask 255.255.255.0
> >>> mtu 1500 broadcast 192.168.10.255
> >>>
> >>> Wed Nov  7 22:46:53 2007 us=276813 Data Channel MTU parms [ L:1576
> >>> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> >>> Wed Nov  7 22:46:53 2007 us=278702 GID set to nobody
> >>> Wed Nov  7 22:46:53 2007 us=279692 UID set to nobody
> >>> Wed Nov  7 22:46:53 2007 us=280933 Listening for incoming TCP
> >>> connection on 123.45.67.89:8080
> >>>
> >>> Wed Nov  7 22:47:00 2007 us=344674 TCP connection established with
> >>> 98.76.54.32:48883
> >>>
> >>> Wed Nov  7 22:47:00 2007 us=345622 Socket Buffers: R=[43689->65534]
> >>> S=[16384->65534]
> >>> Wed Nov  7 22:47:00 2007 us=346587 TCPv4_SERVER link local (bound):
> >>> 123.45.67.89:8080
> >>>
> >>> Wed Nov  7 22:47:00 2007 us=347462 TCPv4_SERVER link remote:
> >>> 98.76.54.32:48883
> >>>
> >>> Wed Nov  7 22:47:00 2007 us=354161 TLS: Initial packet from
> >>> 98.76.54.32:48883 sid=2e4d871b 12ba58ca
> >>>
> >>> Wed Nov  7 22:47:02 2007 us=930794 VERIFY OK: depth=1,
> >>> /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/Email=xxx@xxxxxxx
> >>> <mailto:xxx@xxxxxxx>
> >>>
> >>> Wed Nov  7 22:47:02 2007 us=953126 VERIFY OK: depth=0,
> >>> /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Tiger/Email= xxx@xxxxxxx
> >>> <mailto:xxx@xxxxxxx>
> >>>
> >>> Wed Nov  7 22:47:04 2007 us=189347 Data Channel Encrypt: Cipher
> >>> 'BF-CBC' initialized with 128 bit key
> >>> Wed Nov  7 22:47:04 2007 us=192065 Data Channel Encrypt: Using 160 bit
> >>> message hash 'SHA1' for HMAC authentication
> >>> Wed Nov  7 22:47:04 2007 us=196237 Data Channel Decrypt: Cipher
> >>> 'BF-CBC' initialized with 128 bit key
> >>> Wed Nov  7 22:47:04 2007 us=198498 Data Channel Decrypt: Using 160 bit
> >>> message hash 'SHA1' for HMAC authentication
> >>> Wed Nov  7 22:47:04 2007 us=388832 Control Channel: TLSv1, cipher
> >>> TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
> >>> Wed Nov  7 22:47:04 2007 us=392021 [Tiger] Peer Connection Initiated
> >>> with 98.76.54.32:48883
> >>>
> >>
> >>
> >>> Wed Nov  7 22:47:05 2007 us=629230 Initialization Sequence Completed
> >>> −−−−−−−−−−−−−−−−−−−−−−
> >>>
> >>> Output of Client：
> >>> -----------------------------------------------------
> >>> Thu Nov 08 14:46:58 2007 us=24485 Current Parameter Settings:
> >>> Thu Nov 08 14:46:58 2007 us=24531   config = 'client.ovpn'
> >>> Thu Nov 08 14:46:58 2007 us=24541   mode = 0
> >>> Thu Nov 08 14:46:58 2007 us=24552   show_ciphers = DISABLED
> >>> Thu Nov 08 14:46:58 2007 us=24562   show_digests = DISABLED
> >>> Thu Nov 08 14:46:58 2007 us=24572   show_engines = DISABLED
> >>> Thu Nov 08 14:46:58 2007 us=24582   genkey = DISABLED
> >>> Thu Nov 08 14:46:58 2007 us=24593   key_pass_file = '[UNDEF]'
> >>> Thu Nov 08 14:46:58 2007 us=24603   show_tls_ciphers = DISABLED
> >>> Thu Nov 08 14:46:58 2007 us=24614   proto = 2
> >>> Thu Nov 08 14:46:58 2007 us=24624 NOTE: --mute triggered...
> >>> Thu Nov 08 14:46:58 2007 us=24651 188 variation(s) on previous 10
> >>> message(s) suppressed by --mute
> >>> Thu Nov 08 14:46:58 2007 us=24666 OpenVPN 2.0.9 Win32-MinGW [SSL]
> >>> [LZO] built on Oct  1 2006
> >>> Thu Nov 08 14:46:58 2007 us=24748 IMPORTANT: OpenVPN's default port
> >>> number is now 1194, based on an official port number assignment by
> >>> IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
> >>> Thu Nov 08 14:46:58 2007 us=24763 WARNING: No server certificate
> >>> verification method has been enabled.  See
> >>> http://openvpn.net/howto.html#mitm for more info.
> >>> Thu Nov 08 14:46:58 2007 us=26495 LZO compression initialized
> >>> Thu Nov 08 14:46:58 2007 us=26589 Control Channel MTU parms [ L:1576
> >>> D:140 EF:40 EB:0 ET:0 EL:0 ]
> >>> Thu Nov 08 14:46:58 2007 us=46092 TAP-WIN32 device [tap0] opened:
> >>> \\.\Global\{B45A907D-B030-4F6F-9FE1-001F6C3AEB48}.tap
> >>> Thu Nov 08 14:46:58 2007 us=46122 TAP-Win32 Driver Version 8.4
> >>> Thu Nov 08 14:46:58 2007 us=46135 TAP-Win32 MTU=1500
> >>> Thu Nov 08 14:46:58 2007 us=46156 Notified TAP-Win32 driver to set a
> >>> DHCP IP/netmask of 192.168.10.11/255.255.255.0
> >>> on interface
> >>>
> >>> {B45A907D-B030-4F6F-9FE1-001F6C3AEB48} [DHCP-serv: 192.168.10.0
> >>>  lease-time: 31536000]
> >>>
> >>> Thu Nov 08 14:46:58 2007 us=53796 Successful ARP Flush on interface
> >>> [3] {B45A907D-B030-4F6F-9FE1-001F6C3AEB48}
> >>> Thu Nov 08 14:46:58 2007 us=55539 Data Channel MTU parms [ L:1576
> >>> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> >>> Thu Nov 08 14:46:58 2007 us=55586 Local Options String: 'V4,dev-type
> >>> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,ifconfig
> >>> 192.168.10.0  255.255.255.0
> >>> ,comp-lzo,cipher BF-CBC,auth SHA1,keysize
> >>>
> >>> 128,key-method 2,tls-client'
> >>> Thu Nov 08 14:46:58 2007 us=55602 Expected Remote Options String:
> >>> 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto
> >>> TCPv4_SERVER,ifconfig 192.168.10.0  255.255.255.0
> >>> ,comp-lzo,cipher BF-CBC,auth SHA1,keysize
> >>>
> >>> 128,key-method 2,tls-server'
> >>> Thu Nov 08 14:46:58 2007 us=55634 Local Options hash (VER=V4): '1b763cc3'
> >>> Thu Nov 08 14:46:58 2007 us=55652 Expected Remote Options hash
> >>> (VER=V4): '2f5a5592'
> >>> Thu Nov 08 14:46:58 2007 us=55680 Attempting to establish TCP
> >>> connection with 127.0.0.1:3128
> >>>
> >>> Thu Nov 08 14:46:58 2007 us=63009 TCP connection established with
> >>> 127.0.0.1:3128
> >>>
> >>> Thu Nov 08 14:46:58 2007 us=63039 Send to HTTP proxy: 'CONNECT
> >>> xxx.xxx.org:8080  HTTP/1.0'
> >>>
> >>> Thu Nov 08 14:46:59 2007 us=159521 HTTP proxy returned: 'HTTP/1.1 200
> >>> Connection established'
> >>> Thu Nov 08 14:47:01 2007 us=158850 Socket Buffers: R=[8192->8192]
> >>> S=[8192->8192]
> >>> Thu Nov 08 14:47:01 2007 us=159020 TCPv4_CLIENT link local:
> >>> 172.24.201.50
> >>>
> >>> Thu Nov 08 14:47:01 2007 us=159037 TCPv4_CLIENT link remote:
> >>> 127.0.0.1:3128
> >>>
> >>> Thu Nov 08 14:47:01 2007 us=390961 TLS: Initial packet from
> >>> 127.0.0.1:3128 , sid=9696962b 6944c74a
> >>>
> >>> Thu Nov 08 14:47:03 2007 us=206615 VERIFY OK: depth=1,
> >>> /C=CN/ST=SH/L=SH/O=Company/OU=Building_3_/CN=WR850G/emailAddress=
> >>> xxx@xxxxxxx <mailto:xxx@xxxxxxx>
> >>>
> >>> Thu Nov 08 14:47:03 2007 us=208774 VERIFY OK: depth=0,
> >>> /C=CN/ST=SH/O=Company/OU=Building_3_/CN=Server/emailAddress=xxx@xxxxxxx
> >>> <mailto:xxx@xxxxxxx>
> >>>
> >>> Thu Nov 08 14:47:05 2007 us=389449 NOTE: Options consistency check may
> >>> be skewed by version differences
> >>> Thu Nov 08 14:47:05 2007 us=389494 WARNING: 'version' is used
> >>> inconsistently, local='version V4', remote='version V0 UNDEF'
> >>> Thu Nov 08 14:47:05 2007 us=389513 WARNING: 'dev-type' is present in
> >>> local config but missing in remote config, local='dev-type tap'
> >>> Thu Nov 08 14:47:05 2007 us=389531 WARNING: 'link-mtu' is present in
> >>> local config but missing in remote config, local='link-mtu 1576'
> >>> Thu Nov 08 14:47:05 2007 us=389549 WARNING: 'tun-mtu' is present in
> >>> local config but missing in remote config, local='tun-mtu 1532'
> >>> Thu Nov 08 14:47:05 2007 us=389571 WARNING: 'proto' is present in
> >>> local config but missing in remote config, local='proto TCPv4_SERVER'
> >>> Thu Nov 08 14:47:05 2007 us=389607 WARNING: 'ifconfig' is present in
> >>> local config but missing in remote config, local='ifconfig
> >>> 192.168.10.0  255.255.255.0 '
> >>>
> >>> Thu Nov 08 14:47:05 2007 us=389625 WARNING: 'comp-lzo' is present in
> >>> local config but missing in remote config, local='comp-lzo'
> >>> Thu Nov 08 14:47:05 2007 us=389643 WARNING: 'cipher' is present in
> >>> local config but missing in remote config, local='cipher BF-CBC'
> >>> Thu Nov 08 14:47:05 2007 us=389659 WARNING: 'auth' is present in local
> >>> config but missing in remote config, local='auth SHA1'
> >>> Thu Nov 08 14:47:05 2007 us=389673 NOTE: --mute triggered...
> >>> Thu Nov 08 14:47:05 2007 us=389977 3 variation(s) on previous 10
> >>> message(s) suppressed by --mute
> >>> Thu Nov 08 14:47:05 2007 us=389991 Data Channel Encrypt: Cipher
> >>> 'BF-CBC' initialized with 128 bit key
> >>> Thu Nov 08 14:47:05 2007 us=390009 Data Channel Encrypt: Using 160 bit
> >>> message hash 'SHA1' for HMAC authentication
> >>> Thu Nov 08 14:47:05 2007 us=390090 Data Channel Decrypt: Cipher
> >>> 'BF-CBC' initialized with 128 bit key
> >>> Thu Nov 08 14:47:05 2007 us=390106 Data Channel Decrypt: Using 160 bit
> >>> message hash 'SHA1' for HMAC authentication
> >>> Thu Nov 08 14:47:05 2007 us=390453 Control Channel: TLSv1, cipher
> >>> TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
> >>> Thu Nov 08 14:47:05 2007 us=390487 [Server] Peer Connection Initiated
> >>> with 127.0.0.1:3128
> >>>
> >>> Thu Nov 08 14:47:06 2007 us=630508 TEST ROUTES: 0/0 succeeded len=-1
> >>> ret=1 a=0 u/d=up
> >>> Thu Nov 08 14:47:06 2007 us=630535 Initialization Sequence Completed
> >>> ----------------------------------------------------------
> >>>
> >>>
> >>> Why there're so many WARNINGS:
> >>>
> >>> 1.Both client and server use same version - 2.0.9，why does the client______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Follow-Ups:
- Re: [Openvpn-users] Unexpected WARNINGS
  - From: Jan Just Keijser
References:
- [Openvpn-users] Unexpected WARNINGS
  - From: Tiger Big
- Re: [Openvpn-users] Unexpected WARNINGS
  - From: Jan Just Keijser
- Re: [Openvpn-users] Unexpected WARNINGS
  - From: Tiger Big
- Re: [Openvpn-users] Unexpected WARNINGS
  - From: Jan Just Keijser
Prev by Date: Re: [Openvpn-users] Can not get openvpn client working
Next by Date: [Openvpn-users] syslog messages
Previous by thread: Re: [Openvpn-users] Unexpected WARNINGS
Next by thread: Re: [Openvpn-users] Unexpected WARNINGS
Index(es):
- Date
- Thread