Ah, that would explain..Yes, I meant that no ifconfig command fails.. I checked and there is no ifconfig line in daemon.log -- my mistake. But, there is the line in openvpn.conf: ifconfig 10.1.1.1 10.1.1.2
That looks like it having the intended effect, being translated into ip route command lines. As you suggest I will remove the up script and use a route line in openvpn.cfg Thanks very much Martin... I am laughing out loud that I have come full circle. First, with 1.4 I didn't know I needed to supply the up script. Now with 1.6 it is apparently unnecessary. Post you later with an update. If nothing seems to work I might do what you suggest --- just drop back to ground zero and rebuild everything from scratch. In mirth, :-)) Rick. -----Original Message----- From: Martin Hejl [mailto:[EMAIL PROTECTED] Sent: Sunday, December 05, 2004 4:31 PM To: Tibbs, Richard Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] New openvpn problem (formerly up-script) Hi Richard, Tibbs, Richard wrote: > But, no, I upgraded to openvpn 1.6 (compiled by E. Titl, with lzo > statically linked, thx). Jaques Nilo's is 1.4.... Ah, ok. > Is it possible 1.6 > supports ifconfig (that command no longer fails) but has a problem with > iproute? Depends on how Erich compiled it. There's a parameter for ./configure of OpenVPN that makes it either use ifconfig or iproute. The fact that your log shows "ip link set dev tun0 up mtu 1500" suggests that iproute support is already enabled in your version of openvpn (otherwise, there would be "ifconfig tun0 whatever" in the log). And if iproute support is enabled, then there's no need for ifconfig (since it will never be called). Actually, when you say "that command no longer fails", what exactly do you mean? The latest log you sent doesn't contain any references to ifconfig that I see (so how could that fail?). But if you're using a version that supports iproute (which it apparently does), I don't understand why you want/need to mess with the up-script at all - with all the installations of openvpn that I've used so far, I _never_ needed to use the up-script. All I do on all my setups is to specify the appropriate "ifconfig" and "route" line in the config (don't let yourself be confused - despite the fact that the parameter is called "ifconfig" in the config file, if OpenVPN is properly compiled for iproute support it will generate the proper ip commands) and everyhing is set up by OpenVPN. To summarize - with the OpenVPN package from Erich (I'm going to assume that he compiled that with iproute support - everything I've seen so far suggests that's the case) there should be no need for an up-script, unless you need to do something unusual. > But, one thing I have fouled up is the order of the args -- forgot they > started at $0. Shouldn't it be: > /sbin/ip link set dev $0 up mtu $1 > /sbin/ip addr add dev $0 local $4 peer $5 > /sbin/ip route add 192.168.1.3/32 via $4 Well, everything that I've learned suggests that $0 is the name of the script being run - so, the first parameter to the script would actually be in $1 Martin P.S. After what sounds like a pretty rough ride to get OpenVPN to work, it may be a good idea to take a step back, dump everything (the OpenVPN config and scripts) and start from scratch, closely following the docs on the OpenVPN site - for a typical setup, OpenVPN should be extremely easy, and I fear many of your problems come from trying to use workarounds for problems that are no longer there (due to using OpenVPN 1.6). Just an idea. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
