Re: [PLUG] openvpn on fc12

On Sun, Jan 17, 2010 at 8:09 PM, Brian Vagnoni <bvagnoni@v-system.net> wrote:

Have you tried adding the following to your client config:

user nobody or your user
group nogroup or your group

Also, if you run the client as root are you able to connect?

--------------------------------------------------
Brian Vagnoni
PGP Digital Fingerprint
F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
--------------------------------------------------

----- Original Message -----
From: Carl Johnson
[mailto:cjohnson19791979@gmail.com]
To: Philadelphia Linux User's
Group Discussion List [mailto:plug@lists.phillylinux.org]
Sent: Sun,

17 Jan 2010 19:58:07 -0500
Subject: Re: [PLUG] openvpn on fc12

> oops
>
> forgot to fix the domain...oh well
>
>
> On Sun, Jan 17, 2010 at 7:56 PM, Carl Johnson
> <cjohnson19791979@gmail.com>wrote:
>
> > so the output you are sending is from the client I take it?
> >
> > yes
> >
> >
> > You have a known working vpn server hosted some where, and you want
> your
> > fc12 client to connect to it. Am I correct in this assumption?
> >
> > yes
> >
> > Sun Jan 10 20:30:27 2010 OpenVPN 2.1_rc20 i686-redhat-linux-gnu
> [SSL]
> > [LZO2] [EPOLL] [PKCS11] built on Oct 25 2009
> > Sun Jan 10 20:30:27 2010 NOTE: OpenVPN 2.1 requires
> '--script-security 2'
> > or higher to call user-defined scripts or executables
> > Sun Jan 10 20:30:27 2010 WARNING: file 'abcdef.p12' is group or
> others
> > accessible
> > Sun Jan 10 20:30:27 2010 LZO compression initialized
> > Sun Jan 10 20:30:27 2010 Control Channel MTU parms [ L:1542 D:138
> EF:38
> > EB:0 ET:0 EL:0 ]
> > Sun Jan 10 20:30:27 2010 Data Channel MTU parms [ L:1542 D:1450
> EF:42
> > EB:135 ET:0 EL:0 AF:3/1 ]
> > Sun Jan 10 20:30:27 2010 Local Options hash (VER=V4): '41690919'
> > Sun Jan 10 20:30:27 2010 Expected Remote Options hash (VER=V4):
> '530fdded'
> > Sun Jan 10 20:30:27 2010 Socket Buffers: R=[114688->131072]
> > S=[114688->131072]
> > Sun Jan 10 20:30:27 2010 UDPv4 link local (bound): [undef]:1234
> > Sun Jan 10 20:30:27 2010 UDPv4 link remote: ob.fus.ca.ted:1234
> > Sun Jan 10 20:30:28 2010 TLS: Initial packet from
> ob.fus.ca.ted:1234,
> > sid=obfuscated obfuscated
> > Sun Jan 10 20:30:28 2010 VERIFY OK: depth=1,
> >
> /C=US/ST=obfuscated/L=obfuscated/O=obfuscated/OU=obfuscated/CN=obfuscated_CA/emailAddress=obfuscated
> > Sun Jan 10 20:30:28 2010 VERIFY OK: nsCertType=SERVER
> > Sun Jan 10 20:30:28 2010 VERIFY OK: depth=0,
> > /C=US/ST=obfuscated/O=obfuscated/OU=obfuscated/CN=obfuscated
> > Sun Jan 10 20:30:28 2010 Data Channel Encrypt: Cipher 'BF-CBC'
> initialized
> > with 128 bit key
> > Sun Jan 10 20:30:28 2010 Data Channel Encrypt: Using 160 bit message
> hash
> > 'SHA1' for HMAC authentication
> > Sun Jan 10 20:30:28 2010 Data Channel Decrypt: Cipher 'BF-CBC'
> initialized
> > with 128 bit key
> > Sun Jan 10 20:30:28 2010 Data Channel Decrypt: Using 160 bit message
> hash
> > 'SHA1' for HMAC authentication
> > Sun Jan 10 20:30:28 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3
> > DHE-RSA-AES256-SHA, 1024 bit RSA
> > Sun Jan 10 20:30:28 2010 [crdcpa.no-ip.biz] Peer Connection
> Initiated with
> > ob.fus.ca.ted:1234
> > Sun Jan 10 20:30:30 2010 SENT CONTROL [ob.fus.ca.ted]:
> 'PUSH_REQUEST'
> > (status=1)
> > Sun Jan 10 20:30:31 2010 PUSH: Received control message:
> 'PUSH_REPLY,route
> > 192.168.2.0 255.255.255.0,route 10.4.143.1,topology net30,ping
> > 10,ping-restart 60,ifconfig 10.4.143.6 10.4.143.5'
> > Sun Jan 10 20:30:31 2010 OPTIONS IMPORT: timers and/or timeouts
> modified
> > Sun Jan 10 20:30:31 2010 OPTIONS IMPORT: --ifconfig/up options
> modified
> > Sun Jan 10 20:30:31 2010 OPTIONS IMPORT: route options modified
> > Sun Jan 10 20:30:31 2010 ROUTE default_gateway=192.168.0.1
> >
> > Sun Jan 10 20:30:31 2010 Note: Cannot ioctl TUNSETIFF tun: Operation
> not
> > permitted (errno=1)
> > Sun Jan 10 20:30:31 2010 Note: Attempting fallback to kernel 2.2
> TUN/TAP
> > interface
> > Sun Jan 10 20:30:31 2010 Cannot allocate TUN/TAP dev dynamically
> > Sun Jan 10 20:30:31 2010 Exiting
> >
> > The ifconfig -a, netstat -a, and route commands were also posted
> from the
> > client?
> >
> > yes
> >
> >
> >
> > On Sun, Jan 17, 2010 at 7:46 PM, Brian Vagnoni
> <bvagnoni@v-system.net>wrote:
> >
> >> So the output you are sending is from the client I take it? You
> have a
> >> known working vpn server hosted some where, and you want your fc12
> client to
> >> connect to it. Am I correct in this assumption? If I am correct,
> please
> >> increase your client verb to at least 4, try and reconnect, and
> please post
> >> the output. The ifconfig -a, netstat -a, and route commands were
> also posted
> >> from the client?
> >>
> >> --------------------------------------------------
> >> Brian Vagnoni
> >> PGP Digital Fingerprint
> >> F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
> >> --------------------------------------------------
> >>
> >> > > > #OpenVPN client conf
> >> > > > tls-client
> >> > > > pull
> >> > > > dev tun
> >> > > > proto udp
> >> > > > explicit-exit-notify 2
> >> > > > tun-mtu 1500
> >> > > > remote obfuscated.for.security 1234
> >> > > > pkcs12 abcdefg.p12
> >> > > > cipher BF-CBC
> >> > > > comp-lzo
> >> > > > verb 3
> >> > > > ns-cert-type server
> >> > > >
> >> > > > Brian Vagnoni wrote:
> >>
> >>
> ___________________________________________________________________________
> >> Philadelphia Linux Users Group --
> >> http://www.phillylinux.org
> >> Announcements -
> >> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> >> General Discussion --
> >> http://lists.phillylinux.org/mailman/listinfo/plug
> >>
> >
> >
>
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug