Re: [PLUG] openvpn on fc12

On Sun, Jan 17, 2010 at 8:49 PM, Brian Vagnoni <bvagnoni@v-system.net> wrote:

Well that's annoying :-). Just to be clear, you ran it as root, rather the sudo? Have had some weird results with sudo and openvpn. I'm quickly running out of solutions, you could either wait either for someone else to post, or post to the openvpn list.

--------------------------------------------------
Brian Vagnoni
PGP Digital Fingerprint
F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
--------------------------------------------------

----- Original Message -----
From: Carl Johnson
[mailto:cjohnson19791979@gmail.com]
To: Philadelphia Linux User's
Group Discussion List [mailto:plug@lists.phillylinux.org]
Sent: Sun,

17 Jan 2010 20:33:42 -0500
Subject: Re: [PLUG] openvpn on fc12

> added both, no change. ran as root, no change.
>
> On Sun, Jan 17, 2010 at 8:09 PM, Brian Vagnoni
> <bvagnoni@v-system.net>wrote:
>
> > Have you tried adding the following to your client config:
> >
> > user nobody or your user
> > group nogroup or your group
> >
> > Also, if you run the client as root are you able to connect?
> >
> >
> > --------------------------------------------------
> > Brian Vagnoni
> > PGP Digital Fingerprint
> > F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
> > --------------------------------------------------
> >
> >
> > ----- Original Message -----
> > From: Carl Johnson
> > [mailto:cjohnson19791979@gmail.com]
> > To: Philadelphia Linux User's
> > Group Discussion List [mailto:plug@lists.phillylinux.org]
> > Sent: Sun,
> > 17 Jan 2010 19:58:07 -0500
> > Subject: Re: [PLUG] openvpn on fc12
> >
> >
> > > oops
> > >
> > > forgot to fix the domain...oh well
> > >
> > >
> > > On Sun, Jan 17, 2010 at 7:56 PM, Carl Johnson
> > > <cjohnson19791979@gmail.com>wrote:
> > >
> > > > so the output you are sending is from the client I take it?
> > > >
> > > > yes
> > > >
> > > >
> > > > You have a known working vpn server hosted some where, and you
> want
> > > your
> > > > fc12 client to connect to it. Am I correct in this assumption?
> > > >
> > > > yes
> > > >
> > > > Sun Jan 10 20:30:27 2010 OpenVPN 2.1_rc20 i686-redhat-linux-gnu
> > > [SSL]
> > > > [LZO2] [EPOLL] [PKCS11] built on Oct 25 2009
> > > > Sun Jan 10 20:30:27 2010 NOTE: OpenVPN 2.1 requires
> > > '--script-security 2'
> > > > or higher to call user-defined scripts or executables
> > > > Sun Jan 10 20:30:27 2010 WARNING: file 'abcdef.p12' is group or
> > > others
> > > > accessible
> > > > Sun Jan 10 20:30:27 2010 LZO compression initialized
> > > > Sun Jan 10 20:30:27 2010 Control Channel MTU parms [ L:1542
> D:138
> > > EF:38
> > > > EB:0 ET:0 EL:0 ]
> > > > Sun Jan 10 20:30:27 2010 Data Channel MTU parms [ L:1542 D:1450
> > > EF:42
> > > > EB:135 ET:0 EL:0 AF:3/1 ]
> > > > Sun Jan 10 20:30:27 2010 Local Options hash (VER=V4): '41690919'
> > > > Sun Jan 10 20:30:27 2010 Expected Remote Options hash (VER=V4):
> > > '530fdded'
> > > > Sun Jan 10 20:30:27 2010 Socket Buffers: R=[114688->131072]
> > > > S=[114688->131072]
> > > > Sun Jan 10 20:30:27 2010 UDPv4 link local (bound): [undef]:1234
> > > > Sun Jan 10 20:30:27 2010 UDPv4 link remote: ob.fus.ca.ted:1234
> > > > Sun Jan 10 20:30:28 2010 TLS: Initial packet from
> > > ob.fus.ca.ted:1234,
> > > > sid=obfuscated obfuscated
> > > > Sun Jan 10 20:30:28 2010 VERIFY OK: depth=1,
> > > >
> > >
> >
> /C=US/ST=obfuscated/L=obfuscated/O=obfuscated/OU=obfuscated/CN=obfuscated_CA/emailAddress=obfuscated
> > > > Sun Jan 10 20:30:28 2010 VERIFY OK: nsCertType=SERVER
> > > > Sun Jan 10 20:30:28 2010 VERIFY OK: depth=0,
> > > > /C=US/ST=obfuscated/O=obfuscated/OU=obfuscated/CN=obfuscated
> > > > Sun Jan 10 20:30:28 2010 Data Channel Encrypt: Cipher 'BF-CBC'
> > > initialized
> > > > with 128 bit key
> > > > Sun Jan 10 20:30:28 2010 Data Channel Encrypt: Using 160 bit
> message
> > > hash
> > > > 'SHA1' for HMAC authentication
> > > > Sun Jan 10 20:30:28 2010 Data Channel Decrypt: Cipher 'BF-CBC'
> > > initialized
> > > > with 128 bit key
> > > > Sun Jan 10 20:30:28 2010 Data Channel Decrypt: Using 160 bit
> message
> > > hash
> > > > 'SHA1' for HMAC authentication
> > > > Sun Jan 10 20:30:28 2010 Control Channel: TLSv1, cipher
> TLSv1/SSLv3
> > > > DHE-RSA-AES256-SHA, 1024 bit RSA
> > > > Sun Jan 10 20:30:28 2010 [crdcpa.no-ip.biz] Peer Connection
> > > Initiated with
> > > > ob.fus.ca.ted:1234
> > > > Sun Jan 10 20:30:30 2010 SENT CONTROL [ob.fus.ca.ted]:
> > > 'PUSH_REQUEST'
> > > > (status=1)
> > > > Sun Jan 10 20:30:31 2010 PUSH: Received control message:
> > > 'PUSH_REPLY,route
> > > > 192.168.2.0 255.255.255.0,route 10.4.143.1,topology net30,ping
> > > > 10,ping-restart 60,ifconfig 10.4.143.6 10.4.143.5'
> > > > Sun Jan 10 20:30:31 2010 OPTIONS IMPORT: timers and/or timeouts
> > > modified
> > > > Sun Jan 10 20:30:31 2010 OPTIONS IMPORT: --ifconfig/up options
> > > modified
> > > > Sun Jan 10 20:30:31 2010 OPTIONS IMPORT: route options modified
> > > > Sun Jan 10 20:30:31 2010 ROUTE default_gateway=192.168.0.1
> > > >
> > > > Sun Jan 10 20:30:31 2010 Note: Cannot ioctl TUNSETIFF tun:
> Operation
> > > not
> > > > permitted (errno=1)
> > > > Sun Jan 10 20:30:31 2010 Note: Attempting fallback to kernel 2.2
> > > TUN/TAP
> > > > interface
> > > > Sun Jan 10 20:30:31 2010 Cannot allocate TUN/TAP dev dynamically
> > > > Sun Jan 10 20:30:31 2010 Exiting
> > > >
> > > > The ifconfig -a, netstat -a, and route commands were also posted
> > > from the
> > > > client?
> > > >
> > > > yes
> > > >
> > > >
> > > >
> > > > On Sun, Jan 17, 2010 at 7:46 PM, Brian Vagnoni
> > > <bvagnoni@v-system.net>wrote:
> > > >
> > > >> So the output you are sending is from the client I take it? You
> > > have a
> > > >> known working vpn server hosted some where, and you want your
> fc12
> > > client to
> > > >> connect to it. Am I correct in this assumption? If I am
> correct,
> > > please
> > > >> increase your client verb to at least 4, try and reconnect, and
> > > please post
> > > >> the output. The ifconfig -a, netstat -a, and route commands
> were
> > > also posted
> > > >> from the client?
> > > >>
> > > >> --------------------------------------------------
> > > >> Brian Vagnoni
> > > >> PGP Digital Fingerprint
> > > >> F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
> > > >> --------------------------------------------------
> > > >>
> > > >> > > > #OpenVPN client conf
> > > >> > > > tls-client
> > > >> > > > pull
> > > >> > > > dev tun
> > > >> > > > proto udp
> > > >> > > > explicit-exit-notify 2
> > > >> > > > tun-mtu 1500
> > > >> > > > remote obfuscated.for.security 1234
> > > >> > > > pkcs12 abcdefg.p12
> > > >> > > > cipher BF-CBC
> > > >> > > > comp-lzo
> > > >> > > > verb 3
> > > >> > > > ns-cert-type server
> > > >> > > >
> > > >> > > > Brian Vagnoni wrote:
> > > >>
> > > >>
> > >
> >
> ___________________________________________________________________________
> > > >> Philadelphia Linux Users Group --
> > > >> http://www.phillylinux.org
> > > >> Announcements -
> > > >> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > > >> General Discussion --
> > > >> http://lists.phillylinux.org/mailman/listinfo/plug
> > > >>
> > > >
> > > >
> > >
> >
> ___________________________________________________________________________
> > Philadelphia Linux Users Group --
> > http://www.phillylinux.org
> > Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion --
> > http://lists.phillylinux.org/mailman/listinfo/plug
> >
>
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug