[EMAIL PROTECTED] wrote on 11.01.2005 17:13:09: > I configured MNF2 as Openvpn server. > I use WinXP with openvpn 2.0 as client. >
Hi, I run openvpn in the exactly same case (clients 2.0 on WinXP against server 1.6 on MNF) succesfully a few weeks. I think your problem could be caused by the missing option "disable-occ" on the client side and wrong IP in ifconfig option (should be from the same subnet on both sides). But just to be sure, here are my configs: -------------- server: dev tap ifconfig 192.168.8.1 255.255.255.252 tls-server dh /etc/openvpn/dh2048.pem ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key port 5000 verb 3 key-method 2 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 comp-lzo ping-timer-rem persist-tun tls-auth secret.key --------------- client: dev tap ifconfig 192.168.8.2 255.255.255.252 port 5000 remote x.x.x.x tls-client dh dh2048.pem ca ca.crt cert client.crt key client.key tls-auth secret.key key-method 2 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ping 15 comp-lzo verb 3 disable-occ route-method exe route-gateway 192.168.8.1 route 192.168.7.0 255.255.255.0 dhcp-option DOMAIN domain.com dhcp-option DNS 192.168.7.1 dhcp-option WINS 192.168.7.201 dhcp-option NBDD 192.168.7.201 dhcp-option NBT 4 --------------- Some options are in testing state, I am still looking for the "optimal" configuration (e.g. tls-auth is add-on, not necessary). Good luck, Jaro Lomencik > ------------------------------------------ > tls-servervpn.conf ( on MNF2 ) > > dev tap > ifconfig 192.168.2.1 --- > up /etc/openvpn/servervpn.up > tls-server > dh /etc/openvpn/dh2048.pem > ca /etc/openvpn/ca.crt > cert /etc/openvpn/servervpn.crt > key /etc/openvpn/servervpn.key > port 1194 > verb 3 > ----------------------------------------------------------------------------------------------- > > config.ovpn ( on WinXP ) > > remote xx.xx.xxx.xx > port 1194 > dev tap > tls-client > ifconfig 10.0.0.2 255.255.255.0 > ca ca.crt > cert clientvpn.crt > key clientvpn.key > ping 10 > comp-lzo > verb 4 > mute 10 > tun-mtu 1500 > tun-mtu-extra 32 > mssfix 1450 > key-method 2 > > ------------------------------------------------------------------------------------------------------------------------ > Log : > > Tue Jan 11 16:53:11 2005 us=555708 Restart pause, 2 second(s) > Tue Jan 11 16:53:13 2005 us=555297 WARNING: --ping should normally > be used with > --ping-restart or --ping-exit > Tue Jan 11 16:53:13 2005 us=555518 WARNING: No server certificate > verification m > ethod has been enabled. See http://openvpn.sourceforge.net/howto.html#mitmfor > more info. > Tue Jan 11 16:53:13 2005 us=559613 LZO compression initialized > Tue Jan 11 16:53:13 2005 us=559887 Control Channel MTU parms [ L: > 1574 D:138 EF:3 > 8 EB:0 ET:0 EL:0 ] > Tue Jan 11 16:53:13 2005 us=566484 TAP-WIN32 device [VPN] opened: > \\.\Global\{C9 > EAAA9A-D861-479D-BD9B-3FF3B5F51173}.tap > Tue Jan 11 16:53:13 2005 us=566713 TAP-Win32 Driver Version 8.1 > Tue Jan 11 16:53:13 2005 us=566768 TAP-Win32 MTU=1500 > Tue Jan 11 16:53:13 2005 us=566832 Notified TAP-Win32 driver to set > a DHCP IP/ne > tmask of 10.0.0.2/255.255.255.0 on interface {C9EAAA9A-D861-479D- > BD9B-3FF3B5F511 > 73} [DHCP-serv: 10.0.0.0, lease-time: 31536000] > Tue Jan 11 16:53:13 2005 us=570425 Successful ARP Flush on interface > [65540] {C9 > EAAA9A-D861-479D-BD9B-3FF3B5F51173} > Tue Jan 11 16:53:13 2005 us=577371 Data Channel MTU parms [ L:1574 > D:1450 EF:42 > EB:23 ET:32 EL:0 AF:3/1 ] > Tue Jan 11 16:53:13 2005 us=577710 Local Options String: 'V4,dev- > type tap,link-m > tu 1574,tun-mtu 1532,proto UDPv4,ifconfig 10.0.0.0 255.255.255.0, > comp-lzo,cipher > BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' > Tue Jan 11 16:53:13 2005 us=577808 Expected Remote Options String: > 'V4,dev-type > tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,ifconfig 10.0.0.0 255. > 255.255.0,comp- > lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' > Tue Jan 11 16:53:13 2005 us=577918 Local Options hash (VER=V4): '1fea0305' > Tue Jan 11 16:53:13 2005 us=577970 Expected Remote Options hash > (VER=V4): '98725 > 09e' > Tue Jan 11 16:53:13 2005 us=578083 Socket Buffers: R=[8192->8192] > S=[64512->6451 > 2] > Tue Jan 11 16:53:13 2005 us=578163 UDPv4 link local (bound): [undef]:1194 > Tue Jan 11 16:53:13 2005 us=578207 UDPv4 link remote: xx.xx.xxx.xx:1194 > Tue Jan 11 16:53:13 2005 us=869551 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:15 2005 us=989523 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:17 2005 us=781969 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:20 2005 us=422460 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:21 2005 us=821853 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:24 2005 us=454240 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:25 2005 us=926231 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:28 2005 us=614589 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:31 2005 us=694701 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:34 2005 us=382986 read UDPv4: Connection reset by > peer (WSAECON > NRESET) (code=10054) > Tue Jan 11 16:53:35 2005 us=614967 NOTE: --mute triggered... > > ------------------------------------------------------------------------------------------------------------------- > > Something wrong ? > Sorry for my english. > > Thanks. > ____________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Join the Club : http://www.mandrakeclub.com > ____________________________________________________
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
