Re: [gentoo-user] openvpn static ip

[Xavier Parizet]

Le 25/02/2010 22:01, Joseph a écrit :
> On 02/25/10 21:09, Xavier Parizet wrote:
> [snip]
>>> Yes, it was a typo :-/ I corrected it:
>>> cat syscon9
>>> ifconfig-push  192.168.139.15 255.255.255.0
>>>
>>> but from log you can see it still didn't give me what I want, I got IP
>>> 192.168.139.6 and was asking for: 192.168.139.15
>>>
>>> log:
>>> cat /var/log/openvpn.log
>>> [SNIP]
>>
>> Ok. After re-re-reading the man page, try to add parameter topology
>> subnet to server config. If it still don't work, then _please_ post the
>> openvpn.log of the server side.
>>
> 
> I've added: topology subnet to both client and server conf but now when
> I try to disconnect and connect I'm getting consecutive IP's:
> 192.168.139.2
> 192.168.139.3
> 192.168.139.4
> ...
> 
> cat server.conf
> port 9000
> proto udp
> dev tun
> mode server
> ca /usr/share/openvpn/easy-rsa/keys/ca.crt
> cert /usr/share/openvpn/easy-rsa/keys/server.crt
> key /usr/share/openvpn/easy-rsa/keys/server.key
> dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem
> topology subnet
> server 192.168.139.0 255.255.255.0
> client-to-client
> ifconfig-pool-persist ipp.txt
> client-config-dir ccd
> keepalive 10 120
> tls-auth vpn_my.key 0
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1200
> duplicate-cn
> comp-lzo
> max-clients 100
> persist-key
> persist-tun
> status openvpn-status.log
> log        /var/log/openvpn.log
> log-append /var/log/openvpn.log
> verb 3
> 
> cat client_clinic2.conf
> client
> dev tun
> proto udp
> topology subnet
> remote 208.38.31.237 9000
> resolv-retry infinite
> nobind
  ^^^^^^
  you should remove this line to avoid connection refused messages from
the server. As you are in udp, client should bind on udp source port to
get messages from the server.

> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1200
> persist-key
> persist-tun
> remote-cert-tls server
> ca "/etc/openvpn/client_clinic2/ca.crt"
> cert "/etc/openvpn/client_clinic2/syscon9.crt"
> key "/etc/openvpn/client_clinic2/syscon9.key"
> tls-auth "/etc/openvpn/client_clinic2/vpn_my.key" 1
> comp-lzo
> log        /var/log/openvpn.log
> log-append /var/log/openvpn.log
> verb 3
> 
> 
> log file from client:
> 
> cat /var/log/openvpn.log
> [SNIP]
> 
> Whey sever log is always showing this message: [ECONNREFUSED]:
> Connection refused (code=111

From what i can see, please try to add full path to the ccd directory in
client-config-dir directive on the server path. Also check permissions
on that directory. On which user are you running openvpn on the server ?
On the client ?

Can you increase verbosity and see if there is no open fails on the
server ? If it works, you should have the following line in server logs:
OPTIONS IMPORT: reading client specific options from: [path to ccd]/syscon9
MULTI: Learn: [192.168.139.15] -> syscon9/[ip source:port source]

-- 
      Xavier Parizet
YaGB :   http://gentooist.com
GPG  :    C7DC B10E FC21 63BE
B453 D239 F6E6 DF65 1569 91BF

signature.asc
Description: OpenPGP digital signature