Server :: OpenVPN Range Address / When Change Static IP To Dynamic IP In Config File OpenVPN Didn't Work?
Feb 13, 2010
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File
dev tun 0
ifconfig 192.168.0.1 192.168.0.2
cd /etc/openvpn
secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
I've been working with my OpenVPN server for a while, and I have a rather interesting problem. I need to redirect all client traffic through the tunnel except for a couple IP's that need to be resolvable locally. The way I'm doing this is pushing these routes from the server:
Server 'PUSH' directives
push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
I'm seeing that translating into these Windows routes:
Windows routes occurring
Wed Aug 31 15:14:35 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5' Wed Aug 31 15:14:35 2011 ROUTE default_gateway=192.168.1.254
I've hidden my server's IP beginning with 199 for security purposes.What I've gathered.I'm assuming that 0.0.0.0 is a kind of code for "everything," so I'm not sure how I could get this to work, but the general idea is that I need a specific IP range (172.16.*) to be resolvable on the LOCAL NETWORK (of the client) meaning it does not go through the VPN tunnel and the client can connect to 172.16.* locally.Is this possible? Routes can be executed through the command line, server "push" or client config options. Any way to get this to work while still routing other traffic through would do, really.
Additional Info: I have the server running on Debian 64-bit and the client running on Windows 7 (although Vista needs to work as well).Client/server configs can be provided if needed.
How do I decide what IP address to enter in my config file when assigning a static IP. All of the instructions I can find say something like "of course you should modify the file according to your own settings." Should I just use the gateway and IP that returns from "iwconfig" and "route -nee"?
I am using Witopia VPN services and used to work just fine on my Ubuntu 10.04. All of the sudden it stopped working. Here is the log:
Code: May 17 00:56:58 saeed-laptop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 11477 May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN plugin state changed: 1 May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN plugin state changed: 3 May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN connection 'VPN Connection' (Connect) reply received. May 17 00:56:58 saeed-laptop nm-openvpn[11482]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jan 26 2010 May 17 00:56:58 saeed-laptop nm-openvpn[11482]: WARNING: No server certificate verification method has been enabled. See [URL] for more info. May 17 00:56:58 saeed-laptop nm-openvpn[11482]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 17 00:56:58 saeed-laptop nm-openvpn[11482]: WARNING: file '/home/saeed/Documents/config/VPN_Connection.key' is group or others accessible May 17 00:56:58 saeed-laptop nm-openvpn[11482]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> May 17 00:56:58 saeed-laptop nm-openvpn[11482]: LZO compression initialized May 17 00:56:59 saeed-laptop nm-openvpn[11482]: RESOLVE: NOTE: (address omitted) resolves to 12 addresses, choosing one by random May 17 00:56:59 saeed-laptop nm-openvpn[11482]: UDPv4 link local: [undef] May 17 00:56:59 saeed-laptop nm-openvpn[11482]: UDPv4 link remote: [AF_INET]IP address omitted May 17 00:57:39 saeed-laptop NetworkManager: <info> VPN connection 'VPN Connection' (IP Config Get) timeout exceeded. May 17 00:57:39 saeed-laptop nm-openvpn[11482]: SIGTERM[hard,] received, process exiting May 17 00:57:39 saeed-laptop NetworkManager: <info> Policy set 'Auto Belkin' (wlan0) as default for routing and DNS. May 17 00:57:51 saeed-laptop NetworkManager: <debug> [1274043471.002409] ensure_killed(): waiting for vpn service pid 11477 to exit May 17 00:57:51 saeed-laptop NetworkManager: <debug> [1274043471.002596] ensure_killed(): vpn service pid 11477 cleaned up
I removed IP addresses. I think its a recent update might have created this issue. I tried re-installing openvpn and network-manager-openvpn.
I have a question regarding OpenVPN. I have configured my own vpn server. It is in a private network 192.168.0.0. The ip addresses I am using for the vpn connection are in the 10.9.1.0 network but I want to connect my ovpn clinets to the 192.168.0.0 network. I read the manuals and I think the "push route" command will work for me, but I cannot understand fully the description of the command "push route".
# Push routes to the client to allow it to reach other private subnets behind the server. # Remember that these private subnets will also need to know to route the OpenVPN client # Address pool (10.8.0.0/255.255.255.0) back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0"
So the questions: 1. These private subnets behind the server are routed from my vpn server or from another router 2. How these private subnets "know to route" the open vpn address pool, is this a configuration of the router for this networks (192.168.0.0)or ?
I have a CentOS 5.3 box running Samba and OpenVPN. I have the Samba server setup as a WINS server and OpenVPN pushes the WINS server to clients when they connect. Everything is working great except for one problem. When I connect to the VPN using a Windows machine at a remote location, I can ping all the host names of computers on the VPN network no problem at all. However, when I ping the host name of the OpenVPN server it resolves to 192.168.122.1. All my machines are on a 10.x subnet and I have no idea where this ip is coming from. I've checked the hosts file, lmhosts, etc. and can find no reference to this 192.168.122 subnet.
I think I recall seeing this 192.168.122.1 ip when I had installed the Virtualization group and it created a virtbr0 network bridge with that ip. I've since removed the Virtualization software and deleted that bridge.
I finally got the certs to configure: openvpn --config server.conf Tue May 3 17:26:27 2011 OpenVPN 2.1.1 i686-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 5 2010 Tue May 3 17:26:27 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue May 3 17:26:27 2011 Diffie-Hellman initialized with 1024 bit key Tue May 3 17:26:27 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue May 3 17:26:27 2011 ROUTE default_gateway=192.168.122.1 Tue May 3 17:26:27 2011 TUN/TAP device tun0 opened Tue May 3 17:26:27 2011 TUN/TAP TX queue length set to 100 Tue May 3 17:26:27 2011 /sbin/ip link set dev tun0 up mtu 1500 Tue May 3 17:26:27 2011 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 Tue May 3 17:26:27 2011 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2 Tue May 3 17:26:27 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue May 3 17:26:27 2011 Socket Buffers: R=[114688->131072] S=[114688->131072] Tue May 3 17:26:27 2011 UDPv4 link local (bound): [undef]:1194 Tue May 3 17:26:27 2011 UDPv4 link remote: [undef] Tue May 3 17:26:27 2011 MULTI: multi_init called, r=256 v=256 Tue May 3 17:26:27 2011 IFCONFIG POOL: base=10.8.0.4 size=62 Tue May 3 17:26:27 2011 IFCONFIG POOL LIST Tue May 3 17:26:27 2011 Initialization Sequence Completed
But openvpn still won't start; where to go from here. Tue May 3 17:54:25 2011 TCP/UDP: Socket bind failed on local address 192.168.122.3:1194: Address already in use Tue May 3 17:54:25 2011 Exiting
I have ovpn configuration files for Windows from SwitchVPN. They do not provide configuration files for GNU/Linux. They said I can extract the certificate and key files from the ovpn files, but I'm confused about how to do that.First of all, I don't know which Authentication Type to choose: "Certificates (TLS)," "Password," "Password with Certificates (TLS)" or "Static Key."
Second, I don't know what to put where from the ovpn file. I see a <ca> � </ca> section and a <tls-auth> </tls-auth> section, but I don't see how those correspond to any of the Authentication Types. "Certificates (TLS)" and "Password with Certificates (TLS)" require two certificates and a key, "Password," requires one certificate and no key, and "Static Key" requires a key and key direction but no certificate. When I connect to SwitchVPN in Windows, it asks for a user name and password.Here's an example of the ovpn files (certificate and key contents removed):
Quote:
route-delay 3 fast-io client dev tun
[code]...
how to get what I need from the ovpn files, and which Authorization Type to choose in the Network Manager VPN configuration GUI, and what to put in the blanks?
I have OpenVPN working well, but I can't figure out how to change the default route. By default, a "route" shows me: 192.168.0.100 * 255.255.255.255 UH 0 0 0 tun0 But I want it to read: 192.168.0.0 192.168.0.100 255.255.255.0 UG 0 0 0 tun0 ... so I can access other computers on the network. I can accomplish this manually by running: ip route add 192.168.0.0/24 via 192.168.0.100 dev tun0 proto static How can I get this to be the default route? I've tried adding push "route 192.168.0.0 255.255.255.0" to my /etc/openvpn/openvpn.conf on the VPN server but that has not helped.
A couple of weeks ago I was using openvpn with a provider of PVNs on a home wifi network with no problems.I had installed openvpn using apt-get install and downloaded theopvn PVN files from the organization.erything worked fine.I would type sudo openvpn nameoffile.ovpn and then add my username and password during the installation process.However, when I try to do the same on an Ethernet network, the installation work fines (as above) and informs me that everything is connected (same as on the home Wifi network) but Firefox and all other software cannot connect to anything on the Internet.I contacted the organization who said the DNS was a problem and I needed to install resolvconf then modify each .opvn file using up /etc/openvpn/update-resolv-conf and down /etc/openvpn/update-resolv-confcauses the installation to hang because it does not like openvpn pointing to an external file.Irrespective of the problem I have with this "solution", previously I could use openvpn without modifying the .ovpn files. It just worked! I wonder if anyone knows why using the exact same configuration on an Ethernet network (which I have not used before with openvpn) is causing problems
my problem is following: I'm running a bridged OpenVPN on my Debian. If the service is running, everything works fine: local and Internet, ftp, mailing from in and outside etc. But, when stopping OpenVPN, sending mails from inside (LAN) fails: I cannot reach smtp (postfix) listening on port 465. And even reaching mailboxes using IMAP gets horribly slow eg. in Thunderbird. Here is my firewall.sh script.
Quote:
#!/bin/sh echo " IPTABLES FIREWALL inicializalasa - szures" # Enter the designation for the Internal Interface's INTIF="eth0"
Just had to re-install after I did some very silly things. Running 9.10 Ubuntu with XBMC-live Have gnome desktop, Firefox with adobe flash plugin. I set up a script called myvpn to run openvpn and this used to work and now it doesn't I did
[Code]...
If I manually type in each command it works, but the script doesn't?
I'm following this guide [URL]. I am trying to use a bridge to vpn from work to home.
/etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback
# The primary network interface auto br0 iface br0 inet dhcp bridge_ports eth0
iface eth0 inet manual up ifconfig $IFACE 0.0.0.0 up up ip link set $IFACE promisc on down ip link set $IFACE promisc off down ifconfig $IFACE down
I am forced to use dhcp because of my router. (although it is a static lease) I think this is where I am hung up. Everything else seems to be working properly though. I have a windows client connecting but is limited to the server serving out openvpn. (192.168.1.21) In other words it is not functioning as a bridged vpn service.
ifconfig openvpn server.conf local 192.168.1.21 port 1199 proto udp dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem ifconfig-pool-persist ipp.txt server-bridge 192.168.1.21 255.255.255.0 192.168.1.100 192.168.1.200 keepalive 10 120 tls-auth ta.key 0 # This file is secret comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3
I need to run a 2nd instance of openvpn on my server so that it can run on udp. The current one runs on tcp and I need to keep that running. Apparently, I need to create a 2nd tun network for it to use - how can I do that? I tried starting a 2nd instance of openvpn but it just seems to hang.
I try to establish basic connection between my 2 end systems using openvpn. The problem is when i move the client files to my laptop i cant even ping the server from there. I copy paste the server commands in section 4 [URL] ....
In the client i ran the first command and changing VPNSERVER IP with 10.9.8.1 and LOCALGATEWAY IP with 192.168.1.1 which i thought that whats the server use : ROUTE_GATEWAY 192.168.1.1/255.255.255.0 in the server initialization process
The second command produce error device tun0 not found and when i create one using openvpn --mktun --dev tun
I get RTNETLINK answers : network is unreachable
Note : I use wireless connection in the client system (laptop). The server works good and i could ping him ( from the same machine ) but cant ping him or access the vpn server in my laptop. I also use default openvpn settings...
I am trying to setup an OpenVPN server using CentOS 5. I ahve installed everything, configs are good, server starts fine. I have generated my certificates using the easy-rsa 2.0 included with OpenVPN. I have downloaded all the certificates to my machine and setup my client to connect. I am having that typical problem everyone seems to have where my client says certificate verify failed. However I can use openssl on the server to verify and it is ok. What am I doing wrong here?
I just dont get it, I have racked my brain and google until my eyes bleed and can not figure this one out.I am sure it is something simple that I am missing.
I have connected to the VPN server successfully but my IP address still shows up as my normal WAN rather than the server's IP address.hat the push settings I have to configure on the server?Here is my server.conf:Quote:
I have set up OpenVPN Server on a VM (Ubuntu 10.10) running virtualbox bridged to the host. Everything is working fine excepts the fact that I cant seem to be able to assign internal IP (VPN Server) to client connecting. Let me explain: All my clients are connecting and accessing the internet without any issue. Where I have an issue is that all my clients come out the other way on the internet with my server ip address which kind of defeat the purpose. Is there a way (keeping in mind that I am running the server in a VM) to have all my clients accessing the internet with an IP provided by the VPN Server?
I have (seemingly regretfully) finally upgraded my Fedora Core 7 linux machine that has served me so well for the past decade. One of the final pieces to put in place was my Openvpn config (which was running flawlessly on my FC7) which I cannot get to work.
Here are my steps.
1. Disabled SELinux
2. Added the following entry in my iptables: (although I've stopped iptables to help troubleshoot) -A INPUT -i tap0 -j ACCEPT -A INPUT -i br0 -j ACCEPT -A FORWARD -i br0 -j ACCEPT
3. Yum installed openvpn and bridge-utils (btw I'm using bridging)
4. Configured my bridge-start script as such: #!/bin/bash # Set up Ethernet bridge on Linux # Requires: bridge-utils # Define Bridge Interface br="br0" .....
5. Configured my openvpn server conf as such: proto tcp-server port 5990 dev tap0 .....
When I execute my bridge-start script it creates the br0 and tap0 then all connectivity vanishes (I can only ping my gateway 10.0.0.50) - internet and any other addresses time out.
We have installed "openVPN" from openSUSE 11.2 repo and "openVPN - webmin module" (GUI).What it needs to be done .. "Road Warriors" need to be able to access websites through openSUSE box sitting in the data center, from remote locations (hotel, coffe shops, wi-fi hot spots,..)We're half way there but it gets stucked somewhere with the IP's
I had recently setup an OpenVPN server on x64 10.04 via the guide found at: [url]
Everything was working perfectly, all clients were able to connect etc.
Today I needed to reboot for a completely unrelated issue - only to find that upon logging in, openVPN was no longer running.
When I tried to execute 'sudo /etc/init.d/openvpn start' I'm presented with an interesting message...
This *used* to say Server. I've double checked all the configs and scripts used in the config and they all check out OK. I purged and reinstalled openVPN to no avail...
I installed OpenVPN and gadmin-openvpn-server from the repos and I can't seem to activate the openvpn server in the gui. I have the server certificate generated, and all the information on encryption protocols setup, and accounts named and ready, despite accounts that were already there, such as www-data, bind, ossec, etc being listed. The server log states:
PLUGIN_INIT: could not load plugin shared object /usr/lib/openvpn-pam-auth.so: /usr/lib/openvpn/openvpn-pam-auth.so: cannot open shared object file: No such file or directory.
