Re: VPN and shared directories in Win XP
ICMP packets with size 32 ... 63600 bytes comes with 0% of loses. Large packets (> 63600 bytes) have 25...75% of loses. - Original Message - From: "Steven Surdock" To: "Yuriy A. Dmitrishin" ; Sent: Tuesday, May 12, 2009 3:27 PM Subject: Re: VPN and shared directories in Win XP Check for large packets, specifically UDP and port 88. Test by seeing how big of pings you can get through using the -l option (assuming you're pinging from the XP host.) -Steve S. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Yuriy A. Dmitrishin Sent: Tuesday, May 12, 2009 2:50 AM To: misc@openbsd.org Subject: VPN and shared directories in Win XP Hi. I have VPN connection between 2 offices with subnets 192.168.1.0/24 and 192.168.2.0/24. I can ping 192.168.2.2 from 192.168.1.66 and vice versa. But when I try to open shared directory (e.g., \\192.168.2.2\Shared from 192.168.1.66 and vice versa) I get error message, but I can easily open shared directory from the host from the same subnet. Here's a part of log: all tcp 192.168.2.2:445 <- 192.168.1.66:2596 CLOSED:SYN_SENT all tcp 192.168.1.66:2596 -> 192.168.2.2:445 SYN_SENT:CLOSED all tcp 192.168.2.2:139 <- 192.168.1.66:2597 CLOSED:SYN_SENT all tcp 192.168.1.66:2597 -> 192.168.2.2:139 SYN_SENT:CLOSED Thanks for your help. Best, Yuriy A. Dmitrishin.
VPN and shared directories in Win XP
Hi. I have VPN connection between 2 offices with subnets 192.168.1.0/24 and 192.168.2.0/24. I can ping 192.168.2.2 from 192.168.1.66 and vice versa. But when I try to open shared directory (e.g., \\192.168.2.2\Shared from 192.168.1.66 and vice versa) I get error message, but I can easily open shared directory from the host from the same subnet. Here's a part of log: all tcp 192.168.2.2:445 <- 192.168.1.66:2596 CLOSED:SYN_SENT all tcp 192.168.1.66:2596 -> 192.168.2.2:445 SYN_SENT:CLOSED all tcp 192.168.2.2:139 <- 192.168.1.66:2597 CLOSED:SYN_SENT all tcp 192.168.1.66:2597 -> 192.168.2.2:139 SYN_SENT:CLOSED Thanks for your help. Best, Yuriy A. Dmitrishin.
Re: VNC and PF
Looks like it's my mistake. This rule doesn't work when I connecting from my LAN, but only from ext. network. Best, Yuriy A. Dmitrishin.
Re: VNC and PF
Here's another rule. It redirects port to Remote Administrator (like VNC): # pfctl -s nat|grep 4899 rdr on tun0 inet proto tcp from any to any port = 54545 -> 192.168.0.246 port 4899 This redirection works fine. Putting a "pass" between "rdr" and "on" in my rule doesn't help. Best, Yuriy A. Dmitrishin.
VNC and PF
Hi. I try to redirect VNC port in my LAN: $ pfctl -s nat|grep 5900 rdr on tun0 inet proto tcp from any to any port = 59001 -> 192.168.0.10 port 5900 But I cannot connect with VNC-viewer to address 66.66.66.66:59001 (66.66.66.66 as my ext addr.). Thanks for your help. Best, Yuriy A. Dmitrishin.
Re: OpenVPN server refuses connections
> > /etc/openvpn/server.conf: > > local 192.168.0.1 > > > > /etc/openvpn/client.conf > > remote 66.66.66.66 1194 > > ? Yes, this is my mistake. local 66.66.66.66 Now it works, thanks. -- P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP
OpenVPN server refuses connections
Hi. I'm using OpenVPN server with such configuration: /etc/openvpn/server.conf: daemon openvpn local 192.168.0.1 port 1194 proto udp dev tun1 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /etc/openvpn/keys/dh1024.pem server 10.10.10.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway local def1" keepalive 10 120 cipher BF-CBC# Blowfish (default) comp-lzo max-clients 10 user _openvpn group _openvpn persist-key persist-tun status /var/log/openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 Here's my log: Fri Feb 20 12:46:10 2009 OpenVPN 2.0.9 i386-unknown-openbsd4.3 [SSL] [LZO] built on Oct 24 2008 Fri Feb 20 12:46:10 2009 Diffie-Hellman initialized with 1024 bit key Fri Feb 20 12:46:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Fri Feb 20 12:46:10 2009 gw 66.66.66.66 Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 destroy Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 create Fri Feb 20 12:46:10 2009 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.255 up Fri Feb 20 12:46:10 2009 TUN/TAP device /dev/tun1 opened Fri Feb 20 12:46:10 2009 /sbin/route add -net 10.10.10.0 10.10.10.2 -netmask 255.255.255.0 add net 10.10.10.0: gateway 10.10.10.2 Fri Feb 20 12:46:10 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Fri Feb 20 12:46:10 2009 GID set to _openvpn Fri Feb 20 12:46:10 2009 UID set to _openvpn Fri Feb 20 12:46:10 2009 UDPv4 link local (bound): 192.168.0.1:1194 Fri Feb 20 12:46:10 2009 UDPv4 link remote: [undef] Fri Feb 20 12:46:10 2009 MULTI: multi_init called, r=256 v=256 Fri Feb 20 12:46:10 2009 IFCONFIG POOL: base=10.10.10.4 size=62 Fri Feb 20 12:46:10 2009 IFCONFIG POOL LIST Fri Feb 20 12:46:10 2009 Initialization Sequence Completed Now I'm trying to make a connection on my Linux mashine. /etc/openvpn/client.conf: client dev tun proto udp remote 66.66.66.66 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client1.crt key /etc/openvpn/keys/client1.key ns-cert-type server comp-lzo verb 3 ping 10 ping-restart 60 $ openvpn --config /etc/openvpn/client.conf Wed Mar 4 10:15:51 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008 Wed Mar 4 10:15:51 2009 /usr/bin/openssl-vulnkey -q -b 1024 -m Wed Mar 4 10:15:52 2009 LZO compression initialized Wed Mar 4 10:15:52 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Mar 4 10:15:52 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Wed Mar 4 10:15:52 2009 Local Options hash (VER=V4): '41690919' Wed Mar 4 10:15:52 2009 Expected Remote Options hash (VER=V4): '530fdded' Wed Mar 4 10:15:52 2009 Socket Buffers: R=[112640->131072] S=[112640->131072] Wed Mar 4 10:15:52 2009 UDPv4 link local: [undef] Wed Mar 4 10:15:52 2009 UDPv4 link remote: 66.66.66.66:1194 Wed Mar 4 10:15:52 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Wed Mar 4 10:15:54 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Wed Mar 4 10:15:56 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) ^CWed Mar 4 10:16:24 2009 event_wait : Interrupted system call (code=4) Wed Mar 4 10:16:24 2009 TCP/UDP: Closing socket Wed Mar 4 10:16:24 2009 SIGINT[hard,] received, process exiting Thanks for your help. -- P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP
Re: ping: sendto: No buffer space avaible
P QP>P>P1QP5P=P8P8 P>Q Saturday 22 November 2008 18:26:42 P2Q P=P0P?P8QP0P;P8: > On Sat, Nov 22, 2008 at 08:36:44AM +0200, Yuriy A. Dmitrishin wrote: > > Hi. > > > > I get such message every morning when I come to my work. > > > > I try to increase limits in pf.conf: set limit { states 5, frags > > 5, src-nodes 5 } but it doesn't solve this problem. > > > > My ip: 193.239.143.252. > > > > Routing table: > > default193.239.143.193UGS 314062 - > > tun0 > > Are you using OpenVPN? No. I'm using ppp client. -- P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP
ping: sendto: No buffer space avaible
Hi. I get such message every morning when I come to my work. I try to increase limits in pf.conf: set limit { states 5, frags 5, src-nodes 5 } but it doesn't solve this problem. My ip: 193.239.143.252. Routing table: default193.239.143.193UGS 314062 - tun0 127/8 127.0.0.1 UGRS00 33208 lo0 127.0.0.1 127.0.0.1 UH 3 815 33208 lo0 172.16.9.1 172.16.50.254 UGHS214395 - vr0 172.16.50/24 link#1 UC 10 - vr0 172.16.50.254 fe:2a:a9:73:5a:0e UHLc10 - vr0 192.168.0/24 link#2 UC 60 - vr1 192.168.0.200:0e:2e:0d:2f:52 UHLc0 1170 - vr1 192.168.0.500:0c:76:b5:b6:cf UHLc113167 - vr1 192.168.0.20 00:18:f3:07:d6:e8 UHLc07 - vr1 192.168.0.200 00:50:70:74:3e:1d UHLc0 80 - vr1 192.168.0.222 00:50:70:74:3d:bc UHLc0 39 - vr1 192.168.0.246 00:03:47:e3:7d:92 UHLc0 36 - vr1 193.239.143.193193.239.143.252UH 10 1500 tun0 224/4 127.0.0.1 URS 00 33208 lo0 Dmesg: OpenBSD 4.3-stable (ROUTER.i386) #2: Tue Oct 14 21:20:56 EEST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ROUTER.i386 cpu0: Intel(R) Celeron(TM) CPU 1200MHz ("GenuineIntel" 686-class) 1.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 402157568 (383MB) avail mem = 384663552 (366MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/18/01, BIOS32 rev. 0 @ 0xfb130, SMBIOS rev. 2.2 @ 0xf0800 (38 entries) bios0: vendor Award Software International, Inc. version "6.00 PG" date 10/18/2001 bios0: FASTFAME TECHNOLOGY CO.,LTD. 3IDF 3IEF apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xdf94 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfded0/176 (9 entries) pcibios0: PCI Exclusive IRQs: 5 7 10 11 12 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82815 Host" rev 0x04 agp0 at pchb0: aperture at 0xe000, size 0x240 ppb0 at pci0 dev 1 function 0 "Intel 82815 AGP" rev 0x04 pci1 at ppb0 bus 1 vga0 at pci1 dev 0 function 0 "ATI Mach64 GZ" rev 0x3a wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x11 pci2 at ppb1 bus 2 vr0 at pci2 dev 4 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 11, address 00:1e:58:9f:f8:16 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 0x004063, model 0x0034 vr1 at pci2 dev 5 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 10, address 00:1e:58:9f:f8:02 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 0x004063, model 0x0034 pcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x11 pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x11: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) "Intel 82801BA SMBus" rev 0x11 at pci0 dev 31 function 3 not configured "Intel 82801BA AC97" rev 0x11 at pci0 dev 31 function 5 not configured isa at pcib0 not configured isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 midi0 at pcppi0: npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask f3e5 netmask ffe5 ttymask ffe7 mtrr: Pentium Pro MTRR support root on wd0a swap on wd0b dump on wd0. Thanks for your help. -- Best, Yuriy A. Dmitrishin.
Local mail relay
Hi. I have a router with ip 192.168.0.1 and I get such messages in maillog when cron try to send report: router sm-msp-queue[3879]: mAFNUix6020927: to=root, delay=4+12:59:18, xdelay=00:00:00, mailer=relay, pri=19473085, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] How can I tell it send to [EMAIL PROTECTED] if mail relay is on another server (ip 192.168.0.2)? I'm not familiar with sendmail. Thanks for your help. -- Best, Yuriy A. Dmitrishin.
Issues with FTP and PF
Hi. I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. All ftp connections to 192.168.0.2 are fine but connections to my ext. ip (e.g. 78.78.78.78) are refused. Here's part of my pf.conf: # WAN vpn_if="tun0" # LAN int_if="vr1" # External Address ext_addr="78.78.78.78" # Server IP's Srv="192.168.0.2" # NAT / Redirection nat on $vpn_if from $int_if:network to any -> ($vpn_if) # FTP nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr on $vpn_if proto tcp from any to any port 21 -> $Srv rdr on $vpn_if proto tcp from any to any port 3:30099 -> $Srv # Actions with FTP pass in on $vpn_if inet proto tcp to $ext_addr port 21 \ flags S/SA keep state pass out on $int_if inet proto tcp to $Srv port 21 \ user proxy flags S/SA keep state anchor "ftp-proxy/*" Here's my rc.conf.local: ftpproxy_flags="-R 192.168.0.2 -p 21 -b 78.78.78.78" Thanks for your help. -- Best, Yuriy A. Dmitrishin. -- P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP