Well, I opted for deinstalling openvpn and install openvpn-devel (2.1). Now it reads my client.ovpn file, and it seems to be going a little step further, now it seems to be a problem with route add.
I have to mention that the client machine is connected to a router using DHCP in the network 192.168.0.xxx. Can this be the problem? This is the new log: Sat Jul 25 16:20:10 2009 OpenVPN 2.1_rc18 i386-portbld-freebsd7.2 [SSL] [LZO2] [PKCS11] built on Jul 25 2009 Sat Jul 25 16:20:13 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sat Jul 25 16:20:13 2009 Control Channel Authentication: tls-auth using INLINE static key file Sat Jul 25 16:20:13 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 25 16:20:13 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 25 16:20:13 2009 LZO compression initialized Sat Jul 25 16:20:13 2009 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Sat Jul 25 16:20:13 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jul 25 16:20:13 2009 Local Options hash (VER=V4): 'ee93268d' Sat Jul 25 16:20:13 2009 Expected Remote Options hash (VER=V4): 'bd577cd1' Sat Jul 25 16:20:13 2009 Attempting to establish TCP connection with 200.80.219.194:443 [nonblock] Sat Jul 25 16:20:14 2009 TCP connection established with 200.80.219.194:443 Sat Jul 25 16:20:14 2009 Socket Buffers: R=[66608->65536] S=[33304->65536] Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link local: [undef] Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link remote: 200.80.219.194:443 Sat Jul 25 16:20:14 2009 TLS: Initial packet from 200.80.219.194:443, sid=f4722bb3 aafe8f23 Sat Jul 25 16:20:14 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Jul 25 16:20:15 2009 VERIFY OK: depth=1, /CN=OpenVPN_CA Sat Jul 25 16:20:15 2009 VERIFY OK: nsCertType=SERVER Sat Jul 25 16:20:15 2009 VERIFY OK: depth=0, /CN=OpenVPN_Server Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 25 16:20:15 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Jul 25 16:20:15 2009 [OpenVPN_Server] Peer Connection Initiated with 200.80.219.194:443 Sat Jul 25 16:20:16 2009 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1) Sat Jul 25 16:20:16 2009 PUSH: Received control message: 'PUSH_REPLY,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,redirect-private local,redirect-private bypass-dhcp,redirect-private bypass-dns,route-metric 101,route 192.168.0.0 255.255.255.0,route-gateway 172.16.0.1,topology subnet,ping 8,ping-restart 90,socket-flags TCP_NODELAY,ifconfig 172.16.0.2 255.255.0.0' Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: dhcp-pre-release (2.1_rc18) Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: dhcp-renew (2.1_rc18) Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-release (2.1_rc18) Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: timers and/or timeouts modified Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --socket-flags option modified Sat Jul 25 16:20:16 2009 NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support) Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --ifconfig/up options modified Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route options modified Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route-related options modified Sat Jul 25 16:20:16 2009 ROUTE default_gateway=192.168.0.1 Sat Jul 25 16:20:16 2009 TUN/TAP device /dev/tun0 opened Sat Jul 25 16:20:16 2009 /sbin/ifconfig tun0 172.16.0.2 172.16.0.2 netmask 255.255.0.0 mtu 1500 up Sat Jul 25 16:20:16 2009 /sbin/route add -net 172.16.0.0 172.16.0.2 255.255.0.0 add net 172.16.0.0: gateway 172.16.0.2 Sat Jul 25 16:20:21 2009 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0] Sat Jul 25 16:20:21 2009 /sbin/route add -net 192.168.0.0 172.16.0.1 255.255.255.0 route: writing to routing socket: File exists add net 192.168.0.0: gateway 172.16.0.1: route already in table Sat Jul 25 16:20:21 2009 ERROR: FreeBSD route add command failed: external program exited with error status: 1 Sat Jul 25 16:20:21 2009 Initialization Sequence Completed Sat Jul 25 16:20:30 2009 event_wait : Interrupted system call (code=4) Sat Jul 25 16:20:30 2009 TCP/UDP: Closing socket Sat Jul 25 16:20:30 2009 Closing TUN/TAP interface Sat Jul 25 16:20:30 2009 SIGINT[hard,] received, process exiting Leonardo M. Ramé http://leonardorame.blogspot.com --- On Sat, 7/25/09, chris scott <kra...@googlemail.com> wrote: > From: chris scott <kra...@googlemail.com> > Subject: Re: OpenVPN Client > To: "Leonardo M. Ramé" <martinr...@yahoo.com> > Cc: freebsd-questions@freebsd.org > Date: Saturday, July 25, 2009, 1:56 PM > 2009/7/25 Leonardo M. Ramé <martinr...@yahoo.com> > > > > > Hi, I'm trying to connect to an OpenVPN server in my > office. To do this, I > > installed "OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] > [LZO]" from ports, > > and looking at different tutorials I found it needs a > config file in > > /usr/local/etc/openvpn/openvpn.conf. The problem here, > is that our server > > provides an "client.ovpn" file containing all the > connection params needed > > by a client, in fact, we connect windows machines just > by installing > > "OpenVPN_Installer.exe", it configures a TAP device > and a client that reads > > the client.ovpn file. > > > > Now, in my FreeBSD 7.2 i386 machine, I did this: > > > > Created the /usr/local/etc/openvpn/openvpn.conf (the > port doesn't created > > it automatically) with this content: > > > > remote 200.80.219.194.static.techtelnet.net > > client > > proto tcp > > port 443 > > dev tun > > ns-cert-type server > > auth-user-pass > > auth-retry interact > > comp-lzo > > user nobody > > group nobody > > verb 3 > > ca /usr/local/etc/openvpn/keys/ca.key > > cert /usr/local/etc/openvpn/keys/cert.key > > key /usr/local/etc/openvpn/keys/key.key > > > > This contents are extracted from client.ovpn, and > "ca", "cert" and "key" > > files were extracted from the same file. > > > > I kldload tun, but when I do ifconfig, it doesn't > shows nothing related to > > tun or tap. > > > > Also, when I do "openvpn > /usr/local/etc/openvpn/openvpn.conf" the results > > are this: > > > > Sat Jul 25 11:24:09 2009 OpenVPN 2.0.6 > i386-portbld-freebsd7.2 [SSL] [LZO] > > built on Jul 24 2009 > > Enter Auth Username:nico > > Enter Auth Password:**** > > Sat Jul 25 11:24:13 2009 WARNING: you are using > user/group/chroot without > > persist-key/persist-tun -- this may cause restarts to > fail > > Sat Jul 25 11:24:13 2009 WARNING: file > > '/usr/local/etc/openvpn/keys/key.key' is group or > others accessible > > Sat Jul 25 11:24:13 2009 LZO compression initialized > > Sat Jul 25 11:24:13 2009 Control Channel MTU parms [ > L:1544 D:140 EF:40 > > EB:0 ET:0 EL:0 ] > > Sat Jul 25 11:24:13 2009 Data Channel MTU parms [ > L:1544 D:1450 EF:44 > > EB:135 ET:0 EL:0 AF:3/1 ] > > Sat Jul 25 11:24:13 2009 Local Options hash (VER=V4): > '69109d17' > > Sat Jul 25 11:24:13 2009 Expected Remote Options hash > (VER=V4): 'c0103fa8' > > Sat Jul 25 11:24:13 2009 NOTE: UID/GID downgrade will > be delayed because of > > --client, --pull, or --up-delay > > Sat Jul 25 11:24:13 2009 Attempting to establish TCP > connection with > > 200.80.219.194:443 > > Sat Jul 25 11:24:13 2009 TCP connection established > with > > 200.80.219.194:443 > > Sat Jul 25 11:24:13 2009 TCPv4_CLIENT link local: > [undef] > > Sat Jul 25 11:24:13 2009 TCPv4_CLIENT link remote: > 200.80.219.194:443 > > Sat Jul 25 11:24:13 2009 Connection reset, restarting > [0] > > Sat Jul 25 11:24:13 2009 TCP/UDP: Closing socket > > Sat Jul 25 11:24:13 2009 > SIGUSR1[soft,connection-reset] received, process > > restarting > > Sat Jul 25 11:24:13 2009 Restart pause, 5 second(s) > > > > In my /etc/rc.conf I have openvpn_if="tun", I don't > load the tun nor tap > > interface at boot, I just want to load it with > kldload. > > > > uname -a: > > FreeBSD inspiron.local 7.2-RELEASE FreeBSD 7.2-RELEASE > #0: Fri May 1 > > 08:49:13 UTC 2009 > > r...@walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC > > i386 > > > > ifconfig: > > ndis0: > flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > > ether 00:23:4d:64:d6:7a > > inet 192.168.0.100 netmask > 0xffffff00 broadcast 192.168.0.255 > > media: IEEE 802.11 Wireless > Ethernet autoselect > > status: associated > > ssid "" channel 1 (2412 Mhz > 11b) > > authmode OPEN privacy OFF > bmiss 7 scanvalid 60 roaming MANUAL > > bintval 0 > > fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > > options=8<VLAN_MTU> > > ether 32:4f:c0:e1:55:e1 > > ch 1 dma -1 > > fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > > lladdr > 33.4f.c0.0.26.e1.55.e1.a.2.ff.fe.0.0.0.0 > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> > metric 0 mtu 16384 > > inet6 fe80::1%lo0 prefixlen > 64 scopeid 0x4 > > inet6 ::1 prefixlen 128 > > inet 127.0.0.1 netmask > 0xff000000 > > > > Thanks in advance, > > Leonardo M. Ramé > > > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org > mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscr...@freebsd.org" > > > > > make sure you have the tap kernel module loaded > > kldload /boot/kernel/if_tap.ko > > to make sure its there after boot do add > if_tap_load="yes" > to your /boot/loader.conf > > When used openvpn i also added > > cloned_interfaces="tun1" > > to my rc.conf , then reinitialize the network stack > by running > /etc/netstart > > > I also set the open vpn client to explicitly use tun1 > _______________________________________________ > freebsd-questions@freebsd.org > mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
