On 16.08.23 12:23, Jason Long via Openvpn-users wrote: >> On Wed, Aug 16, 2023 at 06:35:01AM +0000, Jason Long wrote: >>> route 192.168.1.0 255.255.255.0 >> >> This tells the server "put routing towards 192.168.1.0 into the VPN" [...] > So, what is the right IP for the following statement? > route 192.168.1.0 255.255.255.0
Unknown. Gert told you what this config statement does, I don't remember you ever mentioning that you plan to use such a feature, much less what subnet(s) you'd want to use for that. > I opened the ca.crt file on the client and clicked on the Details tab > and it showed me "CN = Server". So, I must change the "Test-PC" to > "Server". Am I right? ... mmmmaybe. I wouldn't be too surprised if your client-side OpenVPN config did indeed take a client cert named "Server" out of a file named "ca.crt" ... >... I would nonetheless recommend that you look at the server log (of >suitable verbosity) for a line telling what cert/CN the client has >actually sent, though. >Kind regards Hello, I used "https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/"; tutorial to create my OpenVPN server. Gert tole me about the multihome statement and I added it. About the server log, I used the following line in the server.conf file: status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/virt1.log log-append /var/log/openvpn/virt1.log verb 3 And: # cat /var/log/openvpn/virt1.log 2023-08-16 06:23:18 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. 2023-08-16 06:23:18 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 2023-08-16 06:23:18 NOTICE: --explicit-exit-notify ignored for --proto tcp 2023-08-16 06:23:18 --user specified but lacking CAP_SETPCAP. Cannot retain CAP_NET_ADMIN. Disabling data channel offload 2023-08-16 06:23:18 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 2023-08-16 06:23:18 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10 2023-08-16 06:23:18 DCO version: N/A 2023-08-16 06:23:18 net_route_v4_best_gw query: dst 0.0.0.0 2023-08-16 06:23:18 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2023-08-16 06:23:18 Diffie-Hellman initialized with 2048 bit key 2023-08-16 06:23:18 net_route_v4_best_gw query: dst 0.0.0.0 2023-08-16 06:23:18 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2023-08-16 06:23:18 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:ed:b4:7c 2023-08-16 06:23:18 TUN/TAP device tun20 opened 2023-08-16 06:23:18 net_iface_mtu_set: mtu 1500 for tun20 2023-08-16 06:23:18 net_iface_up: set tun20 up 2023-08-16 06:23:18 net_addr_ptp_v4_add: 10.10.0.1 peer 10.10.0.2 dev tun20 2023-08-16 06:23:18 net_route_v4_add: 192.168.1.0/24 via 10.10.0.2 dev [NULL] table 0 metric -1 2023-08-16 06:23:18 net_route_v4_add: 10.10.0.0/24 via 10.10.0.2 dev [NULL] table 0 metric -1 2023-08-16 06:23:18 Could not determine IPv4/IPv6 protocol. Using AF_INET 2023-08-16 06:23:18 Socket Buffers: R=[131072->131072] S=[16384->16384] 2023-08-16 06:23:18 Listening for incoming TCP connection on [AF_INET][undef]:2000 2023-08-16 06:23:18 TCPv4_SERVER link local (bound): [AF_INET][undef]:2000 2023-08-16 06:23:18 TCPv4_SERVER link remote: [AF_UNSPEC] 2023-08-16 06:23:18 UID set to nobody 2023-08-16 06:23:18 GID set to nogroup 2023-08-16 06:23:18 Capabilities retained: CAP_NET_ADMIN 2023-08-16 06:23:18 MULTI: multi_init called, r=256 v=256 2023-08-16 06:23:18 IFCONFIG POOL IPv4: base=10.10.0.4 size=62 2023-08-16 06:23:18 MULTI: TCP INIT maxclients=1024 maxevents=1029 2023-08-16 06:23:18 Initialization Sequence Completed I use Debian 12. >-- >Jochen Bern >Systemingenieur >Binect GmbH _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
