Dear list.
Although I have a p2p tunnel up between linux, and WinXP started, there
are some strange things happening. I have segments of configs and log
files for each system. It looks like this:
WINXP ---WLAN----Bering 2.4.20 firewall+openvpn ----DSLmodem ---
Internet
192.168.1.3 192.168.1.254
The symptom is that I cannot access any web page over the wireless while
openvpn on either firewall or xp is up. The route tables look right to
me, see below. But the log files on the firewall show some UDP
operations fail.
I have followed shorewall guide for openvpn and and have policy to allow
Openvpn zone to and from the loc zone.
Can anyone tell me what is wrong?
Rick.
Firewall config -----------------------------------------
# Use a dynamic tun device.
dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
# When using TLS-security (tls-server) uncomment this for 2.x
#key-method 2
local 192.168.1.254
# Remote peer (wireless internal w/o RU vpn)
remote 192.168.1.3
# 10.1.1.1 is our local VPN endpoint
# 10.1.1.2 is our remote VPN endpoint (home wlan)
# ifconfig command is for backward compat. even though ip(2) is
supported
ifconfig 10.1.1.1 10.1.1.2
route 192.168.1.3
# Our pre-shared static key
secret static.key
firewall ip route cmd ----------------------
firewall: -root-
# ip route
192.168.1.3 via 10.1.1.2 dev tun0
10.1.1.2 dev tun0 proto kernel scope link src 10.1.1.1
216.12.22.64/26 dev eth0 proto kernel scope link src 216.12.22.89
216.12.22.64/26 dev ipsec0 proto kernel scope link src 216.12.22.89
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 216.12.22.65 dev eth0
firewall daemon.log --------------------------
Dec 6 00:15:32 firewall openvpn[28923]: SELECT TR|tw|SR|sw 3/0
Dec 6 00:15:33 firewall openvpn[28923]: select returned 1
Dec 6 00:15:33 firewall openvpn[28923]: read from TUN/TAP returned 48
Dec 6 00:15:33 firewall openvpn[28923]: TUN READ [48]: 45000030
8c254000 74061402 892d1bc8 c0a80103 0192042a cb39b986 7885093[more...]
md5=d779a300 7cdc23f1 739b6d88 f33f68b0
Dec 6 00:15:33 firewall openvpn[28923]: MSS: 1460 -> 1334
Dec 6 00:15:33 firewall openvpn[28923]: ENCRYPT IV: 616cb89e e9720a38
Dec 6 00:15:33 firewall openvpn[28923]: ENCRYPT FROM: 00000210 41b39a7a
45000030 8c254000 74061402 892d1bc8 c0a80103 0192042[more...]
Dec 6 00:15:33 firewall openvpn[28923]: ENCRYPT TO: 616cb89e e9720a38
1bd9135a 9656475d e0b942ef 30791c37 2b1a379a d9f7005[more...]
Dec 6 00:15:33 firewall openvpn[28923]: SELECT tr|tw|SR|SW 2/0
Dec 6 00:15:33 firewall openvpn[28923]: select returned 1
Dec 6 00:15:33 firewall openvpn[28923]: UDPv4 WRITE [92] to
192.168.1.3:5000: DATA caf2958f e5df78ab cd11d4a2 fdd06136 fbc1a3a4
616cb89e e9720a38 1bd9135[more...]
Dec 6 00:15:33 firewall openvpn[28923]: UDPv4 write returned -1
Dec 6 00:15:33 firewall openvpn[28923]: write UDPv4: Operation not
permitted (code=1)
Dec 6 00:15:33 firewall openvpn[28923]: SELECT TR|tw|SR|sw 2/0
Dec 6 00:15:35 firewall openvpn[28923]: select returned 0
Dec 6 00:15:35 firewall openvpn[28923]: SELECT TR|tw|SR|sw 5/0
Dec 6 00:15:40 firewall openvpn[28923]: select returned 0
Dec 6 00:15:40 firewall openvpn[28923]: SELECT TR|tw|SR|sw 5/0
Dec 6 00:15:45 firewall openvpn[28923]: select returned 0
Dec 6 00:15:45 firewall openvpn[28923]: SELECT TR|tw|SR|sw 5/0
Dec 6 00:15:50 firewall openvpn[28923]: select returned 0
Dec 6 00:15:50 firewall openvpn[28923]: SELECT TR|tw|SR|sw 5/0
Dec 6 00:15:55 firewall openvpn[28923]: select returned 0
WInxp openvpn config ----------------------------------
remote 192.168.1.254
# Enable 'dev tap' or 'dev tun' but not both!
#dev tap
dev tun
# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ifconfig 10.1.1.2 10.1.1.1
route 192.168.1.254
Winxp route print -----------------------------------------------
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 ff 80 cc df ea ...... TAP-Win32 Adapter V8 - Deterministic
Network Enhancer Miniport
0x30005 ...00 0e 35 15 24 f3 ...... Intel(R) PRO/Wireless 2200BG Network
Connection - Deterministic Network Enhancer Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2
30
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.3
1
10.1.1.0 255.255.255.0 10.1.1.2 10.1.1.2
30
10.1.1.2 255.255.255.255 127.0.0.1 127.0.0.1
30
10.255.255.255 255.255.255.255 10.1.1.2 10.1.1.2
30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3
2
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1
2
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3
2
224.0.0.0 240.0.0.0 10.1.1.2 10.1.1.2
30
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3
2
255.255.255.255 255.255.255.255 10.1.1.2 10.1.1.2
1
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3
1
Default Gateway: 192.168.1.254
========================================================================
===
Persistent Routes:
None
Winxp openvpn log ------------------------------------------------
Sun Dec 05 23:07:47 2004 us=516327 UDPv4 WRITE [60] to
192.168.1.254:5000: DATA e07f0d58 a1032ae9 a68c871d 81fd3724 d59bb5b4
e13407d4 1554416a 6e49fc4[more...]
Sun Dec 05 23:07:47 2004 us=516361 WIN32 I/O: Socket Completion
non-queued success [92]
Sun Dec 05 23:07:47 2004 us=516547 WIN32 I/O: Socket Send immediate
return [60,60]
Sun Dec 05 23:07:47 2004 us=516580 UDPv4 write returned 60
Sun Dec 05 23:07:47 2004 us=516626 WE_CTL n=0 ev=0x0045b824
rwflags=0x0001 arg=0x0040d624
Sun Dec 05 23:07:47 2004 us=516660 WE_CTL n=1 ev=0x00722e90
rwflags=0x0001 arg=0x0040d61c
Sun Dec 05 23:07:47 2004 us=516691 WE_CTL n=2 ev=0x00727efc
rwflags=0x0001 arg=0x0040d620
Sun Dec 05 23:07:47 2004 us=516732 I/O WAIT TRQ|Tw0|SRQ|Sw1 [1/241177]
Sun Dec 05 23:07:47 2004 us=516760 WE_WAIT enter n=3 to=1241
Sun Dec 05 23:07:47 2004 us=516788 [0] ev=0x00000750 rwflags=0x0001
arg=0x0040d624
Sun Dec 05 23:07:47 2004 us=516817 [1] ev=0x0000074c rwflags=0x0001
arg=0x0040d61c
Sun Dec 05 23:07:47 2004 us=516842 NOTE: --mute triggered...
Sun Dec 05 23:07:47 2004 us=517079 6 variation(s) on previous 10
message(s) suppressed by --mute
Sun Dec 05 23:07:47 2004 us=517118 read UDPv4: Connection reset by peer
(WSAECONNRESET) (code=10054)
Sun Dec 05 23:07:47 2004 us=517151 UDPv4 READ [-1] from [undef]: DATA
UNDEF len=-1
Sun Dec 05 23:07:47 2004 us=517195 WE_CTL n=0 ev=0x0045b824
rwflags=0x0001 arg=0x0040d624
Sun Dec 05 23:07:47 2004 us=517240 WIN32 I/O: Socket Receive queued
[1576]
Sun Dec 05 23:07:47 2004 us=517272 WE_CTL n=1 ev=0x00722e90
rwflags=0x0001 arg=0x0040d61c
Sun Dec 05 23:07:47 2004 us=517303 WE_CTL n=2 ev=0x00727efc
rwflags=0x0001 arg=0x0040d620
Sun Dec 05 23:07:47 2004 us=517342 I/O WAIT TRQ|Tw0|SRQ|Sw1 [1/241177]
Sun Dec 05 23:07:47 2004 us=517370 WE_WAIT enter n=3 to=1241
Sun Dec 05 23:07:47 2004 us=517398 [0] ev=0x00000750 rwflags=0x0001
arg=0x0040d624
Sun Dec 05 23:07:47 2004 us=517428 [1] ev=0x0000074c rwflags=0x0001
arg=0x0040d61c
Sun Dec 05 23:07:47 2004 us=517457 [2] ev=0x00000748 rwflags=0x0001
arg=0x0040d620
Sun Dec 05 23:07:48 2004 us=757689 event_wait returned 0
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
