Hi Florent, On 11/06/14 15:28, Florent B wrote: > Thank you for your answer. > > iPredator-connect.sh just send me a mail and runs update-resolv-conf > (given by Debian package, not modified). > > Routing table *before* : > > root@vpn01:~# ip route show > default via 94.23.6.254 dev eth1 > 94.23.6.254 dev eth1 scope link > 192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.194 > > > You can see that default gateway is not on the same subnet (physically > it is, but not in addresses). This is not a problem and the 100% CPU bug > occurs on another server which have the gateway on the same subnet. > > Routing table *after* : > > root@vpn01:~# ip route show > default via 94.23.6.254 dev eth1 > 46.246.34.0/24 dev tun0 proto kernel scope link src 46.246.34.179 > 94.23.6.254 dev eth1 scope link > 192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.194 > > (I run it with --route-noexec because I will need to tune routes after > it works...) > can you try it without the --route-noexec? the routes need to be updated by openvpn or you will need to do it using a 'route-up' script.
HTH, JJK > > On 06/11/2014 12:38 PM, Jan Just Keijser wrote: >> Hi Florent, >> >> Florent B wrote: >>> Hi Jan, >>> >>> Thank you for your answer. >>> >>> The server I am connecting to is not mine. It is a iPredator.se service. >>> I do not handle its configuration. >>> >>> I am only the client here :) >>> >>> And the connection to this service is working very well on Windows :) >>> >>> >> ah I see; then there are some new questions: >> - what does the script 'etc/openvpn/iPredator-connect.sh' do? it seems >> to be called as an 'up' script >> - what does the routing table look like *before* openvpn start (ip >> route show) >> - what does the routing table look like *after* it has started and >> your tunnel has hit 100% cpu usage >> - are you using something like NetworkManager, which could interfere >> >> cheers, >> >> JJK >> >>> On 06/10/2014 11:45 PM, Jan Just Keijser wrote: >>> >>>> Hi Flo, >>>> >>>> this is a misconfiguration in openvpn: you've been misconfigured such >>>> that you are "biting your own tail". The warning from the connection >>>> log >>>> >>>> Tue Jun 10 14:34:09 2014 us=571043 PUSH: Received control message: >>>> 'PUSH_REPLY,route 46.246.33.130 255.255.255.255 >>>> net_gateway,route-gateway 46.246.33.1,redirect-gateway def1,topology >>>> subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS >>>> 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping >>>> 10,ping-restart 60,explicit-exit-notify 3,ifconfig 46.246.33.193 >>>> 255.255.255.0' >>>> Tue Jun 10 14:34:09 2014 us=571118 Options error: Unrecognized option >>>> or missing parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.2.1) >>>> [...] >>>> Tue Jun 10 14:34:09 2014 us=571199 WARNING: potential conflict between >>>> --remote address [46.246.33.130] and --ifconfig address pair >>>> [46.246.33.193, 255.255.255.0] -- this is a warning only that is >>>> triggered when local/remote addresses exist within the same /24 subnet >>>> as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn) >>>> Tue Jun 10 14:34:09 2014 us=571338 ROUTE default_gateway=94.23.6.254 >>>> Tue Jun 10 14:34:09 2014 us=571793 TUN/TAP device tun0 opened >>>> Tue Jun 10 14:34:09 2014 us=571814 TUN/TAP TX queue length set to 100 >>>> Tue Jun 10 14:34:09 2014 us=571827 do_ifconfig, tt->ipv6=0, >>>> tt->did_ifconfig_ipv6_setup=0 >>>> Tue Jun 10 14:34:09 2014 us=571848 /sbin/ifconfig tun0 46.246.33.193 >>>> netmask 255.255.255.0 mtu 1500 broadcast 46.246.33.255 >>>> Tue Jun 10 14:34:09 2014 us=573232 /etc/openvpn/iPredator-connect.sh >>>> tun0 1500 1558 46.246.33.193 255.255.255.0 init >>>> dhcp-option DOMAIN ipredator.se >>>> >>>> >>>> tells me that you're handing out IPs in the same range as the OpenVPN >>>> server itself. This is possible but tricky. without further info on >>>> your network setup and config files it is impossible to tell exactly >>>> what is happening here, however. >>>> >>>> HTH, >>>> >>>> JJK >>>> >>>> >>> >>> > ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
