Hi once more, I discovered that I can not remove ifconfig command from the config file even if I use iproute2 (stupid me). Nevertheless, it still does not work. Binaries which I compiled give still thiss error:
# ./openvpn16d --config /etc/openvpn/openvpn.conf --dev-node /dev/net/tun --proto tcp-server --dev tun0 Tue Feb 17 22:25:13 2004 0: OpenVPN 1.6_beta6 i686-pc-linux-gnu [SSL] built on Feb 17 2004 Tue Feb 17 22:25:13 2004 1: WARNING: file '/home/openvpn/.cert/shared-secret.key' is group or others accessible Tue Feb 17 22:25:13 2004 2: TUN/TAP device /dev/net/tun opened Tue Feb 17 22:25:13 2004 3: ip link set dev tun0 up mtu 1211 SIOCSIFMTU: Operation not supported by device Tue Feb 17 22:25:13 2004 4: Linux ip link set failed: shell command exited with error status: 255 Tue Feb 17 22:25:13 2004 5: Exiting ------------------------------------------------- Or with 1.5 version of openvpn, also compiled by me using UML Slink virtual machine: # ./openvpn15 --config /etc/openvpn/openvpn.conf --dev-node /dev/net/tun --proto tcp-server --dev tun0 Tue Feb 17 22:28:33 2004 0: OpenVPN 1.5.0 i686-pc-linux-gnu [SSL] built on Feb 13 2004 Tue Feb 17 22:28:33 2004 1: WARNING: file '/home/openvpn/.cert/shared-secret.key' is group or others accessible Tue Feb 17 22:28:33 2004 2: TUN/TAP device /dev/net/tun opened Tue Feb 17 22:28:33 2004 3: /sbin/ifconfig tun0 192.168.1.2 pointopoint 192.168.1.1 mtu 1211 SIOCSIFADDR: Operation not supported by device tun0: unknown interface. SIOCSIFDSTADDR: Operation not supported by device tun0: unknown interface. SIOCSIFMTU: Operation not supported by device Tue Feb 17 22:28:33 2004 4: Linux ifconfig failed: shell command exited with error status: 1 Tue Feb 17 22:28:33 2004 5: Exiting I put switch --dev tun0, because without that switch, software tries to use tun as device name. Does anyone has any clue what can I do to solve this problem? Regards Vladimir --- Vladimir Ilic <[EMAIL PROTECTED]> wrote: > Hi everyone, > > I am running Bering 1.1, and would like to use > Openvpn > package. On Jacques Nilo's page I found openvpn.lrp > package, and it seems to work fine if UDP protocol > is > used. However, in enviroment where I want to use > this > box, only incoming TCP is allowed, so UDP is not an > option. If I start openvpn with --proto tcp-server > and > tcp-client on the other end, I get such error: > > # # openvpn --config /etc/openvpn/openvpn.conf > --dev-node /dev/net/tun --proto tcp-client > Tue Feb 17 11:58:26 2004 0: OpenVPN 1.5.0 > i686-pc-linux-gnu [SSL] [LZO] built on Nov 23 2003 > Tue Feb 17 11:58:26 2004 1: Static Encrypt: Cipher > 'AES-256-CBC' initialized with 256 bit key > Tue Feb 17 11:58:26 2004 2: Static Encrypt: Using > 128 > bit message hash 'MD5' for HMAC authentication > Tue Feb 17 11:58:26 2004 3: Static Decrypt: Cipher > 'AES-256-CBC' initialized with 256 bit key > Tue Feb 17 11:58:26 2004 4: Static Decrypt: Using > 128 > bit message hash 'MD5' for HMAC authentication > Tue Feb 17 11:58:26 2004 5: TUN/TAP device tun0 > opened > Tue Feb 17 11:58:26 2004 6: /sbin/ifconfig tun0 > 192.168.1.1 pointopoint 192.168.1.2 mtu 1500 > Tue Feb 17 11:58:26 2004 7: Data Channel MTU parms [ > L:1589 D:1589 EF:57 EB:0 ET:32 ] > Tue Feb 17 11:58:26 2004 8: Local Options hash > (VER=V3): '261b8842' > Tue Feb 17 11:58:26 2004 9: Expected Remote Options > hash (VER=V3): '7e816869' > Tue Feb 17 11:58:26 2004 10: Attempting to establish > TCP connection with 16.56.170.11:5000 > Tue Feb 17 11:58:26 2004 11: TCP connection > established with 16.56.170.11:5000 > Tue Feb 17 11:58:26 2004 12: TCPv4_CLIENT link > local: > [undef] > Tue Feb 17 11:58:26 2004 13: TCPv4_CLIENT link > remote: > 16.56.170.11:5000 > Tue Feb 17 11:58:36 2004 14: WARNING: Bad > encapsulated > packet length from peer (0), which must be > 0 and > <= > 1589 -- please ensure that --tun-mtu or --link-mtu > is > equal on both peers -- this condition could also > indicate a possible active attack on the TCP link -- > [Attemping restart...] > Tue Feb 17 11:58:36 2004 15: Connection reset, > restarting [0] > Tue Feb 17 11:58:36 2004 16: Closing TCP/UDP socket > Tue Feb 17 11:58:36 2004 17: Closing TUN/TAP device > Tue Feb 17 11:58:36 2004 18: Restart pause, 3 > second(s) > > > -------------------------------------------------- > My config file looks like this: > > # cat /etc/openvpn/openvpn.conf > dev tun > port 5000 > #comp-lzo > #ping 15 > verb 3 > #shaper 1000 > remote 16.56.170.11 > ifconfig 192.168.1.1 192.168.1.2 > tun-mtu 1500 > tun-mtu-extra 32 > #Using Pre-Shared Secret Key. > secret /home/openvpn/.cert/shared-secret.key > auth MD5 > cipher AES-256-CBC > keysize 256 > > On the other side, settings are symetrical. > I tried to change tun-mtu parameter and > tun-mtu-extra, > but I keep getting this message about bad > encapsulated > packet. If I turn option --http-proxy, result is > same. > I wrote to the developer of Openvpn, and his answer > is > that such behaviour, if proxy is used, is noticed in > 1.5 but without the proxy, this should not happen, > and > in version 1.6 beta this is corrected. > > So, I decided to give a try to version 1.6 beta, and > compile it myself. I used UML virtual machine as > described in Bering documentation, together with > openssl sources. I tried to compile with option > --enable-iproute2, and also without it. In both > cases, > resulting binaries does not work properly. > > If I start it using iproute2 (ifconfig command in > config file is disabled) I get something like this: > > # ./openvpn16d --config /etc/openvpn/openvpn.conf > --dev-node /dev/net/tun --proto tcp-client > Tue Feb 17 12:11:10 2004 0: OpenVPN 1.6_beta6 > i686-pc-linux-gnu [SSL] built on Feb 17 2004 > Tue Feb 17 12:11:10 2004 1: Static Encrypt: Cipher > 'AES-256-CBC' initialized with 256 bit key > Tue Feb 17 12:11:10 2004 2: Static Encrypt: Using > 128 > bit message hash 'MD5' for HMAC authentication > Tue Feb 17 12:11:10 2004 3: Static Decrypt: Cipher > 'AES-256-CBC' initialized with 256 bit key > Tue Feb 17 12:11:10 2004 4: Static Decrypt: Using > 128 > bit message hash 'MD5' for HMAC authentication > Tue Feb 17 12:11:10 2004 5: TUN/TAP device > /dev/net/tun opened > Tue Feb 17 12:11:10 2004 6: Data Channel MTU parms [ > L:1389 D:1389 EF:57 EB:0 ET:32 ] > Tue Feb 17 12:11:10 2004 7: Local Options hash > (VER=V3): 'b2a73c02' > Tue Feb 17 12:11:10 2004 8: Expected Remote Options > hash (VER=V3): 'a34eab75' > Tue Feb 17 12:11:10 2004 9: Attempting to establish > TCP connection with 16.56.170.11:5000 > Tue Feb 17 12:11:10 2004 10: TCP connection > established with 16.56.170.11:5000 > Tue Feb 17 12:11:10 2004 11: TCPv4_CLIENT link > local: > [undef] > Tue Feb 17 12:11:10 2004 12: TCPv4_CLIENT link > remote: > 16.56.170.11:5000 > Tue Feb 17 12:11:10 2004 13: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 14: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 15: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 16: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 17: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 18: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 19: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 12:11:10 2004 20: read from TUN/TAP : > File > descriptor in bad state (code=77) > > > > # ./openvpn16e --config /etc/openvpn/openvpn.conf > --dev-node /dev/net/tun --proto tcp-server > Tue Feb 17 18:22:00 2004 0: OpenVPN 1.6_beta6 > i686-pc-linux-gnu [SSL] built on Feb 17 2004 > Tue Feb 17 18:22:00 2004 1: WARNING: file > '/home/openvpn/.cert/shared-secret.key' is group or > others accessible > Tue Feb 17 18:22:00 2004 2: TUN/TAP device > /dev/net/tun opened > Tue Feb 17 18:22:00 2004 3: Listening for incoming > TCP > connection on [undef]:5000 > Tue Feb 17 18:22:58 2004 4: TCP connection > established > with 16.56.172.23:2321 > Tue Feb 17 18:22:58 2004 5: TCPv4_SERVER link local > (bound): [undef]:5000 > Tue Feb 17 18:22:58 2004 6: TCPv4_SERVER link > remote: > 16.56.172.23:2321 > Tue Feb 17 18:22:58 2004 7: read from TUN/TAP : File > descriptor in bad state (code=77) > Tue Feb 17 18:22:58 2004 8: read from TUN/TAP : File > descriptor in bad state (code=77) > Tue Feb 17 18:22:58 2004 9: read from TUN/TAP : File > descriptor in bad state (code=77) > Tue Feb 17 18:22:58 2004 10: read from TUN/TAP : > File > descriptor in bad state (code=77) > Tue Feb 17 18:22:58 2004 11: read from TUN/TAP : > File > descriptor in bad state (code=77) > === message truncated === __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html