Hi everyone, I am running Bering 1.1, and would like to use Openvpn package. On Jacques Nilo's page I found openvpn.lrp package, and it seems to work fine if UDP protocol is used. However, in enviroment where I want to use this box, only incoming TCP is allowed, so UDP is not an option. If I start openvpn with --proto tcp-server and tcp-client on the other end, I get such error:
# # openvpn --config /etc/openvpn/openvpn.conf --dev-node /dev/net/tun --proto tcp-client Tue Feb 17 11:58:26 2004 0: OpenVPN 1.5.0 i686-pc-linux-gnu [SSL] [LZO] built on Nov 23 2003 Tue Feb 17 11:58:26 2004 1: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Feb 17 11:58:26 2004 2: Static Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication Tue Feb 17 11:58:26 2004 3: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Feb 17 11:58:26 2004 4: Static Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication Tue Feb 17 11:58:26 2004 5: TUN/TAP device tun0 opened Tue Feb 17 11:58:26 2004 6: /sbin/ifconfig tun0 192.168.1.1 pointopoint 192.168.1.2 mtu 1500 Tue Feb 17 11:58:26 2004 7: Data Channel MTU parms [ L:1589 D:1589 EF:57 EB:0 ET:32 ] Tue Feb 17 11:58:26 2004 8: Local Options hash (VER=V3): '261b8842' Tue Feb 17 11:58:26 2004 9: Expected Remote Options hash (VER=V3): '7e816869' Tue Feb 17 11:58:26 2004 10: Attempting to establish TCP connection with 16.56.170.11:5000 Tue Feb 17 11:58:26 2004 11: TCP connection established with 16.56.170.11:5000 Tue Feb 17 11:58:26 2004 12: TCPv4_CLIENT link local: [undef] Tue Feb 17 11:58:26 2004 13: TCPv4_CLIENT link remote: 16.56.170.11:5000 Tue Feb 17 11:58:36 2004 14: WARNING: Bad encapsulated packet length from peer (0), which must be > 0 and <= 1589 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attemping restart...] Tue Feb 17 11:58:36 2004 15: Connection reset, restarting [0] Tue Feb 17 11:58:36 2004 16: Closing TCP/UDP socket Tue Feb 17 11:58:36 2004 17: Closing TUN/TAP device Tue Feb 17 11:58:36 2004 18: Restart pause, 3 second(s) -------------------------------------------------- My config file looks like this: # cat /etc/openvpn/openvpn.conf dev tun port 5000 #comp-lzo #ping 15 verb 3 #shaper 1000 remote 16.56.170.11 ifconfig 192.168.1.1 192.168.1.2 tun-mtu 1500 tun-mtu-extra 32 #Using Pre-Shared Secret Key. secret /home/openvpn/.cert/shared-secret.key auth MD5 cipher AES-256-CBC keysize 256 On the other side, settings are symetrical. I tried to change tun-mtu parameter and tun-mtu-extra, but I keep getting this message about bad encapsulated packet. If I turn option --http-proxy, result is same. I wrote to the developer of Openvpn, and his answer is that such behaviour, if proxy is used, is noticed in 1.5 but without the proxy, this should not happen, and in version 1.6 beta this is corrected. So, I decided to give a try to version 1.6 beta, and compile it myself. I used UML virtual machine as described in Bering documentation, together with openssl sources. I tried to compile with option --enable-iproute2, and also without it. In both cases, resulting binaries does not work properly. If I start it using iproute2 (ifconfig command in config file is disabled) I get something like this: # ./openvpn16d --config /etc/openvpn/openvpn.conf --dev-node /dev/net/tun --proto tcp-client Tue Feb 17 12:11:10 2004 0: OpenVPN 1.6_beta6 i686-pc-linux-gnu [SSL] built on Feb 17 2004 Tue Feb 17 12:11:10 2004 1: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Feb 17 12:11:10 2004 2: Static Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication Tue Feb 17 12:11:10 2004 3: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Feb 17 12:11:10 2004 4: Static Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication Tue Feb 17 12:11:10 2004 5: TUN/TAP device /dev/net/tun opened Tue Feb 17 12:11:10 2004 6: Data Channel MTU parms [ L:1389 D:1389 EF:57 EB:0 ET:32 ] Tue Feb 17 12:11:10 2004 7: Local Options hash (VER=V3): 'b2a73c02' Tue Feb 17 12:11:10 2004 8: Expected Remote Options hash (VER=V3): 'a34eab75' Tue Feb 17 12:11:10 2004 9: Attempting to establish TCP connection with 16.56.170.11:5000 Tue Feb 17 12:11:10 2004 10: TCP connection established with 16.56.170.11:5000 Tue Feb 17 12:11:10 2004 11: TCPv4_CLIENT link local: [undef] Tue Feb 17 12:11:10 2004 12: TCPv4_CLIENT link remote: 16.56.170.11:5000 Tue Feb 17 12:11:10 2004 13: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 14: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 15: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 16: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 17: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 18: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 19: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 12:11:10 2004 20: read from TUN/TAP : File descriptor in bad state (code=77) # ./openvpn16e --config /etc/openvpn/openvpn.conf --dev-node /dev/net/tun --proto tcp-server Tue Feb 17 18:22:00 2004 0: OpenVPN 1.6_beta6 i686-pc-linux-gnu [SSL] built on Feb 17 2004 Tue Feb 17 18:22:00 2004 1: WARNING: file '/home/openvpn/.cert/shared-secret.key' is group or others accessible Tue Feb 17 18:22:00 2004 2: TUN/TAP device /dev/net/tun opened Tue Feb 17 18:22:00 2004 3: Listening for incoming TCP connection on [undef]:5000 Tue Feb 17 18:22:58 2004 4: TCP connection established with 16.56.172.23:2321 Tue Feb 17 18:22:58 2004 5: TCPv4_SERVER link local (bound): [undef]:5000 Tue Feb 17 18:22:58 2004 6: TCPv4_SERVER link remote: 16.56.172.23:2321 Tue Feb 17 18:22:58 2004 7: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 18:22:58 2004 8: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 18:22:58 2004 9: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 18:22:58 2004 10: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 18:22:58 2004 11: read from TUN/TAP : File descriptor in bad state (code=77) Tue Feb 17 18:22:58 2004 12: read from TUN/TAP : File descriptor in bad state (code=77) I wonder what I am doing wrong? I saw on some userlists that this problem with "File descriptor in bad state" is noticed from some UML users, not related with openvpn, so I suppose problem is coming from UML compiling enviroment. Do you know maybe who originaly made openvpn.lrp package on Bering homepage? How is it done, with UML, using some tricks I am not aware of? Thanks everyone for answering, any help will be very appriciated, because in this moment I am stuck. Regards Vladimir Ilic __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html