i made all the changes you suggested and restarted the server and
client but still to no avail. here is my current config files;
Server:
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto tcp-server
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 192.168.2.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 192.168.1.0 255.255.255.0"
lport 1194
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float
ifconfig 192.168.1.1 192.168.2.2
Client:
float
port 1194
dev tun
dev-node /sbin/ifconfig en1
proto tcp-client
remote hostname1194
keepalive 10 60
persist-tun
persist-key
ifconfig 192.168.2.2 192.168.1.1
tls-client
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
pull
comp-lzo
verb 4
nobind
and the tail end of my client log file;
3 09:43:13 UNIXBOX openvpn[4284]: Data Channel Encrypt: Cipher 'BF-
CBC' initialized with 128 bit key
Sep 3 09:43:13 UNIXBOX openvpn[4284]: Data Channel Encrypt: Using
160 bit message hash 'SHA1' for HMAC authentication
Sep 3 09:43:13 UNIXBOX openvpn[4284]: Data Channel Decrypt: Cipher
'BF-CBC' initialized with 128 bit key
Sep 3 09:43:13 UNIXBOX openvpn[4284]: Data Channel Decrypt: Using
160 bit message hash 'SHA1' for HMAC authentication
Sep 3 09:43:13 UNIXBOX openvpn[4284]: Control Channel: TLSv1, cipher
TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sep 3 09:43:13 UNIXBOX openvpn[4284]: [server] Peer Connection
Initiated with xx.xx.xx.xx:1194
Sep 3 09:43:14 UNIXBOX openvpn[4284]: SENT CONTROL [server]:
'PUSH_REQUEST' (status=1)
Sep 3 09:43:14 UNIXBOX openvpn[4284]: PUSH: Received control
message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route
192.168.2.1,ping 10,ping-restart 60,ifconfig 192.168.2.6 192.168.2.5'
Sep 3 09:43:14 UNIXBOX openvpn[4284]: OPTIONS IMPORT: timers and/or
timeouts modified
Sep 3 09:43:14 UNIXBOX openvpn[4284]: OPTIONS IMPORT: --ifconfig/up
options modified
Sep 3 09:43:14 UNIXBOX openvpn[4284]: OPTIONS IMPORT: route options
modified
Sep 3 09:43:14 UNIXBOX openvpn[4284]: gw 172.16.0.1
Sep 3 09:43:14 UNIXBOX openvpn[4284]: TUN/TAP device /sbin/ifconfig
opened
Sep 3 09:43:14 UNIXBOX openvpn[4284]: /sbin/ifconfig tun delete
Sep 3 09:43:14 UNIXBOX openvpn[4284]: NOTE: Tried to delete pre-
existing tun/tap instance -- No Problem if failure
Sep 3 09:43:14 UNIXBOX openvpn[4284]: /sbin/ifconfig tun 192.168.2.6
192.168.2.5 mtu 1500 netmask 255.255.255.255 up
Sep 3 09:43:14 UNIXBOX openvpn[4284]: MANAGEMENT: Client disconnected
Sep 3 09:43:14 UNIXBOX openvpn[4284]: Mac OS X ifconfig failed:
shell command exited with error status: 126
Sep 3 09:43:14 UNIXBOX openvpn[4284]: MANAGEMENT: TCP send error:
Bad file descriptor
Sep 3 09:43:14 UNIXBOX openvpn[4284]: MANAGEMENT: Client disconnected
Sep 3 09:43:14 UNIXBOX openvpn[4284]: Exiting
A few lines of logs from the openvpn server side:
Sep 3 09:43:19 openvpn[36034]: fw-bsd-1/xx.xx.xx.xx:63604 Connection
reset, restarting [0]
Sep 3 09:43:18 openvpn[36034]: xx.xx.xx.xx:63604 [fw-bsd-1] Peer
Connection Initiated with xx.xx.xx.xx:63604
Sep 3 09:43:17 openvpn[36034]: TCPv4_SERVER link remote: xx.xx.xx.xx:
63604
Sep 3 09:43:17 openvpn[36034]: TCPv4_SERVER link local: [undef]
Sep 3 09:43:17 openvpn[36034]: TCP connection established with
xx.xx.xx.xx:63604
Sep 3 09:43:17 openvpn[36034]: LZO compression initialized
Sep 3 09:43:17 openvpn[36034]: Re-using SSL/TLS context
The 192.168.1.1 is the ip of the pfsense box LAN interface.
thanks,
-phil
On Sep 3, 2008, at 4:07 AM, Paul Mansfield wrote:
just for testing, maybe change the server to have an explicit ifconfig
line this:
ifconfig 192.168.X.1 192.168.X.2
and put the opposite in the client
ifconfig 192.168.X.2 192.168.X.1
perhaps drop the ping statements and simply use, at both ends
keepalive 10 60
you can also add to *both* ends, which could help performance a little
comp-lzo
if you don't care about the client's src port, "nobind" will make
it use
a "random" udp high port.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]