Hey, I would appreciate if somebody could help me setup OpenVPN connection.
Here's the setup: Server: 192.168.1.1 Soekris: sis0: 192.168.1.35: PXE boots from server sis1: Internet: gets dynamic IP from ISP sis2: 10.1.1.1: DHCP-server and gateway to LAN ral0: 172.16.1.1: Wlan interface to be used with OpenVPN Desktop nfe0: 10.1.1.10 Laptop wpi0: 172.16.1.10 Deskop works nicely with soekris. My client is my OpenBSD laptop. I followed the instructions at: http://www.linux.com/articles/49990 I changed the IP's on the server and client configs. The config uses "server-bridge 172.16.1.1 255.255.255.0 172.16.1.100 172.16.1.120" I authenticated the laptop via SSH and then run and openvpn and it gave the following: Tue Nov 6 20:18:54 2007 OpenVPN 2.0.9 x86_64-unknown-openbsd4.2 [SSL] [LZO] built on Aug 20 2007 Tue Nov 6 20:18:54 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Nov 6 20:18:54 2007 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file Tue Nov 6 20:18:54 2007 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 6 20:18:54 2007 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 6 20:18:54 2007 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ] Tue Nov 6 20:18:54 2007 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ] Tue Nov 6 20:18:54 2007 Local Options hash (VER=V4): '70f5b3af' Tue Nov 6 20:18:54 2007 Expected Remote Options hash (VER=V4): 'a2e2498c' Tue Nov 6 20:18:54 2007 NOTE: chroot will be delayed because of --client, --pull, or --up-delay Tue Nov 6 20:18:54 2007 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Tue Nov 6 20:18:54 2007 UDPv4 link local: [undef] Tue Nov 6 20:18:54 2007 UDPv4 link remote: 172.16.1.1:1194 Tue Nov 6 20:18:54 2007 TLS: Initial packet from 172.16.1.1:1194, sid=c32cfb6f 891c696c Tue Nov 6 20:18:54 2007 VERIFY OK: depth=1, /C=FI/ST=Etela-Karjala/L=Lappeenranta/O=OpenVPN-TEST/CN=WickedBSD/emailAddres [EMAIL PROTECTED] Tue Nov 6 20:18:54 2007 VERIFY OK: nsCertType=SERVER Tue Nov 6 20:18:54 2007 VERIFY OK: depth=0, /C=FI/ST=Etela-Karjala/O=OpenVPN-TEST/CN=WickedBSD/[EMAIL PROTECTED] kedbsd.no-ip.com Tue Nov 6 20:18:55 2007 WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap' Tue Nov 6 20:18:55 2007 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1573' Tue Nov 6 20:18:55 2007 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532' Tue Nov 6 20:18:55 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Nov 6 20:18:55 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 6 20:18:55 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Nov 6 20:18:55 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 6 20:18:55 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Nov 6 20:18:55 2007 [WickedBSD] Peer Connection Initiated with 172.16.1.1:1194 Tue Nov 6 20:18:56 2007 SENT CONTROL [WickedBSD]: 'PUSH_REQUEST' (status=1) Tue Nov 6 20:18:56 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 172.16.1.1,ping 10,ping-restart 120,ifconfig 172.16.1.100 255.255.255.0' Tue Nov 6 20:18:56 2007 OPTIONS IMPORT: timers and/or timeouts modified Tue Nov 6 20:18:56 2007 OPTIONS IMPORT: --ifconfig/up options modified Tue Nov 6 20:18:56 2007 OPTIONS IMPORT: route options modified Tue Nov 6 20:18:56 2007 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn) Tue Nov 6 20:18:56 2007 WARNING: potential conflict between --remote address [172.16.1.1] and --ifconfig address pair [172.16.1.100, 255.255.255.0] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn) Tue Nov 6 20:18:56 2007 /sbin/ifconfig tun0 destroy Tue Nov 6 20:18:56 2007 /sbin/ifconfig tun0 create Tue Nov 6 20:18:56 2007 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Tue Nov 6 20:18:56 2007 /sbin/ifconfig tun0 172.16.1.100 255.255.255.0 mtu 1500 netmask 255.255.255.255 up Tue Nov 6 20:18:56 2007 TUN/TAP device /dev/tun0 opened Tue Nov 6 20:18:56 2007 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system Tue Nov 6 20:18:56 2007 chroot to '/var/empty' and cd to '/' succeeded Tue Nov 6 20:18:56 2007 GID set to openvpn Tue Nov 6 20:18:56 2007 UID set to openvpn Tue Nov 6 20:18:56 2007 Initialization Sequence Completed After this I tried to ping something on LAN but got no route messages. I added the default gateway as 172.16.1.1. Now I tested the connection and I could ping the server and every soekris interface but not the desktop or the internet. I run the tcpdump on the soekris and it seemed to give my google ping requests but forwarded those to 172.16.1.10 which is the address of my laptops wlan interface. It should use 172.16.1.100 with VPN AFAIK. Soekris pf.conf has "pass quick on $vpn_if" rule. How to proceed with this to get the OpenVPN to work properly? Timo -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/