Leonardo M. Ramé wrote: > Well, I opted for deinstalling openvpn and install openvpn-devel (2.1). Now > it reads my client.ovpn file, and it seems to be going a little step further, > now it seems to be a problem with route add. > It's not really a problem with 'route add'. The problem is that a route for 192.168.0.0 already exists. > I have to mention that the client machine is connected to a router using DHCP > in the network 192.168.0.xxx. Can this be the problem? > Yes.
> This is the new log: > > Sat Jul 25 16:20:10 2009 OpenVPN 2.1_rc18 i386-portbld-freebsd7.2 [SSL] > [LZO2] [PKCS11] built on Jul 25 2009 > Sat Jul 25 16:20:13 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or > higher to call user-defined scripts or executables > Sat Jul 25 16:20:13 2009 Control Channel Authentication: tls-auth using > INLINE static key file > Sat Jul 25 16:20:13 2009 Outgoing Control Channel Authentication: Using 160 > bit message hash 'SHA1' for HMAC authentication > Sat Jul 25 16:20:13 2009 Incoming Control Channel Authentication: Using 160 > bit message hash 'SHA1' for HMAC authentication > Sat Jul 25 16:20:13 2009 LZO compression initialized > Sat Jul 25 16:20:13 2009 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 > ET:0 EL:0 ] > Sat Jul 25 16:20:13 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 > ET:0 EL:0 AF:3/1 ] > Sat Jul 25 16:20:13 2009 Local Options hash (VER=V4): 'ee93268d' > Sat Jul 25 16:20:13 2009 Expected Remote Options hash (VER=V4): 'bd577cd1' > Sat Jul 25 16:20:13 2009 Attempting to establish TCP connection with > 200.80.219.194:443 [nonblock] > Sat Jul 25 16:20:14 2009 TCP connection established with 200.80.219.194:443 > Sat Jul 25 16:20:14 2009 Socket Buffers: R=[66608->65536] S=[33304->65536] > Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link local: [undef] > Sat Jul 25 16:20:14 2009 TCPv4_CLIENT link remote: 200.80.219.194:443 > Sat Jul 25 16:20:14 2009 TLS: Initial packet from 200.80.219.194:443, > sid=f4722bb3 aafe8f23 > Sat Jul 25 16:20:14 2009 WARNING: this configuration may cache passwords in > memory -- use the auth-nocache option to prevent this > Sat Jul 25 16:20:15 2009 VERIFY OK: depth=1, /CN=OpenVPN_CA > Sat Jul 25 16:20:15 2009 VERIFY OK: nsCertType=SERVER > Sat Jul 25 16:20:15 2009 VERIFY OK: depth=0, /CN=OpenVPN_Server > Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized > with 128 bit key > Sat Jul 25 16:20:15 2009 Data Channel Encrypt: Using 160 bit message hash > 'SHA1' for HMAC authentication > Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized > with 128 bit key > Sat Jul 25 16:20:15 2009 Data Channel Decrypt: Using 160 bit message hash > 'SHA1' for HMAC authentication > Sat Jul 25 16:20:15 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 > DHE-RSA-AES256-SHA, 1024 bit RSA > Sat Jul 25 16:20:15 2009 [OpenVPN_Server] Peer Connection Initiated with > 200.80.219.194:443 > Sat Jul 25 16:20:16 2009 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' > (status=1) > Sat Jul 25 16:20:16 2009 PUSH: Received control message: > 'PUSH_REPLY,route-delay 5 > 30,dhcp-pre-release,dhcp-renew,dhcp-release,redirect-private > local,redirect-private bypass-dhcp,redirect-private bypass-dns,route-metric > 101,route 192.168.0.0 255.255.255.0,route-gateway 172.16.0.1,topology > subnet,ping 8,ping-restart 90,socket-flags TCP_NODELAY,ifconfig 172.16.0.2 > 255.255.0.0' > Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing > parameter(s) in [PUSH-OPTIONS]:2: dhcp-pre-release (2.1_rc18) > Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing > parameter(s) in [PUSH-OPTIONS]:3: dhcp-renew (2.1_rc18) > Sat Jul 25 16:20:16 2009 Options error: Unrecognized option or missing > parameter(s) in [PUSH-OPTIONS]:4: dhcp-release (2.1_rc18) > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: timers and/or timeouts modified > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --socket-flags option modified > Sat Jul 25 16:20:16 2009 NOTE: setsockopt TCP_NODELAY=1 failed (No kernel > support) > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: --ifconfig/up options modified > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route options modified > Sat Jul 25 16:20:16 2009 OPTIONS IMPORT: route-related options modified > Sat Jul 25 16:20:16 2009 ROUTE default_gateway=192.168.0.1 > Sat Jul 25 16:20:16 2009 TUN/TAP device /dev/tun0 opened > Sat Jul 25 16:20:16 2009 /sbin/ifconfig tun0 172.16.0.2 172.16.0.2 netmask > 255.255.0.0 mtu 1500 up > Sat Jul 25 16:20:16 2009 /sbin/route add -net 172.16.0.0 172.16.0.2 > 255.255.0.0 > add net 172.16.0.0: gateway 172.16.0.2 > Sat Jul 25 16:20:21 2009 WARNING: potential route subnet conflict between > local LAN [192.168.0.0/255.255.255.0] and remote VPN > [192.168.0.0/255.255.255.0] > You can't use the same address space for multiple networks. In other words, you can't use 192.168.0.0/24 for both the VPN and your internal network unless you are bridging the two (i.e., making it one network). So the simple answer is to change the client machine's network to something other than 192.168.0.0/24 if you can. Otherwise you're either going to have to work out bridging or subnetting both sides which will get complicated in a hurry. Cheers, Drew > Sat Jul 25 16:20:21 2009 /sbin/route add -net 192.168.0.0 172.16.0.1 > 255.255.255.0 > route: writing to routing socket: File exists > add net 192.168.0.0: gateway 172.16.0.1: route already in table > Sat Jul 25 16:20:21 2009 ERROR: FreeBSD route add command failed: external > program exited with error status: 1 > Sat Jul 25 16:20:21 2009 Initialization Sequence Completed > Sat Jul 25 16:20:30 2009 event_wait : Interrupted system call (code=4) > Sat Jul 25 16:20:30 2009 TCP/UDP: Closing socket > Sat Jul 25 16:20:30 2009 Closing TUN/TAP interface > Sat Jul 25 16:20:30 2009 SIGINT[hard,] received, process exiting > -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
