Posted: Sat Oct 06, 2012 9:48 Post subject: OpenVPN - Connected but nothing working - Fractal: 20058
Dear all,
As usual I'm trying to set a OpenVPN services between 3 sites all are E4200 with Fractal 20058 build.
The problem here it's that everything is connected and I can see it in the logs, but NOTHING working, I can't manage from other site the network, I can't ping, I can't see any computer, etcetc...
Please see the logs and the screenshots.
Server-E4200 wrote:
Server: CONNECTED: SUCCESS Local Address: Remote Address: Client: : Local Address: Remote Address:
Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since
domain.eu 1.2.3.4:32769 192.168.1.226 4831 427407 Thu Oct 4 11:39:32 2012
domain.eu 5.6.7.8:32773 192.168.1.227 4770 401632 Thu Oct 4 11:39:42 2012
Virtual Address Common Name Real Address Last Ref
Max bcast/mcast queue length
LOGServerlog 20121004 11:39:32 I 1.2.3.4:32769 LZO compression initialized
20121004 11:39:32 1.2.3.4:32769 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:32 1.2.3.4:32769 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:32 1.2.3.4:32769 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:32 1.2.3.4:32769 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:32 1.2.3.4:32769 Local Options hash (VER=V4): '47410d3b'
20121004 11:39:32 1.2.3.4:32769 Expected Remote Options hash (VER=V4): '47446a4a'
20121004 11:39:32 1.2.3.4:32769 TLS: Initial packet from 1.2.3.4:32769 sid=e31570fc ad915a21
20121004 11:39:33 1.2.3.4:32769 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@domain.com
20121004 11:39:33 1.2.3.4:32769 VERIFY OK: depth=0 /C=SP/ST=CA/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@other.com
20121004 11:39:33 1.2.3.4:32769 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:33 1.2.3.4:32769 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:33 1.2.3.4:32769 NOTE: --mute triggered...
20121004 11:39:33 1.2.3.4:32769 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:33 I 1.2.3.4:32769 [domain.eu] Peer Connection Initiated with 1.2.3.4:32769
20121004 11:39:35 domain.eu/1.2.3.4:32769 PUSH: Received control message: 'PUSH_REQUEST'
20121004 11:39:35 domain.eu/1.2.3.4:32769 SENT CONTROL [domain.eu]: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.226 255.255.255.0' (status=1)
20121004 11:39:42 MULTI: multi_create_instance called
20121004 11:39:42 I 5.6.7.8:32773 Re-using SSL/TLS context
20121004 11:39:42 I 5.6.7.8:32773 LZO compression initialized
20121004 11:39:42 5.6.7.8:32773 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:42 5.6.7.8:32773 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:42 5.6.7.8:32773 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:42 5.6.7.8:32773 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:42 5.6.7.8:32773 Local Options hash (VER=V4): '47410d3b'
20121004 11:39:42 5.6.7.8:32773 Expected Remote Options hash (VER=V4): '47446a4a'
20121004 11:39:42 5.6.7.8:32773 TLS: Initial packet from 5.6.7.8:32773 sid=e21627fc bf32828e
20121004 11:39:42 5.6.7.8:32773 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@domain.com
20121004 11:39:42 5.6.7.8:32773 VERIFY OK: depth=0 /C=SP/ST=CA/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@hotmail.com
20121004 11:39:42 5.6.7.8:32773 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:42 5.6.7.8:32773 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:42 5.6.7.8:32773 NOTE: --mute triggered...
20121004 11:39:42 5.6.7.8:32773 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:42 I 5.6.7.8:32773 [domain.eu] Peer Connection Initiated with 5.6.7.8:32773
20121004 11:39:45 domain.eu/5.6.7.8:32773 PUSH: Received control message: 'PUSH_REQUEST'
20121004 11:39:45 domain.eu/5.6.7.8:32773 SENT CONTROL [domain.eu]: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.227 255.255.255.0' (status=1)
20121004 11:41:26 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:26 D MANAGEMENT: CMD 'state'
20121004 11:41:26 MANAGEMENT: Client disconnected
20121004 11:41:26 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:26 D MANAGEMENT: CMD 'state'
20121004 11:41:26 MANAGEMENT: Client disconnected
20121004 11:41:26 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:26 D MANAGEMENT: CMD 'state'
20121004 11:41:26 MANAGEMENT: Client disconnected
20121004 11:41:27 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:27 D MANAGEMENT: CMD 'status 2'
20121004 11:41:27 MANAGEMENT: Client disconnected
20121004 11:41:27 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:27 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog
Client-1-E4200 wrote:
EstadoServer: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.1.226 Remote Address:
Estado
LOGServerlog Clientlog 20121004 11:39:01 Current Parameter Settings:
20121004 11:39:01 config = '/tmp/openvpncl/openvpn.conf'
20121004 11:39:01 mode = 0
20121004 11:39:01 persist_config = DISABLED
20121004 11:39:01 persist_mode = 1
20121004 11:39:01 NOTE: --mute triggered...
20121004 11:39:01 206 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:01 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Sep 30 2012
20121004 11:39:01 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20121004 11:39:01 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20121004 11:39:01 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20121004 11:39:01 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20121004 11:39:01 I LZO compression initialized
20121004 11:39:01 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:01 Socket Buffers: R=[114688->131072] S=[114688->131072]
20121004 11:39:01 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:01 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:01 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:01 Local Options hash (VER=V4): '47446a4a'
20121004 11:39:01 Expected Remote Options hash (VER=V4): '47410d3b'
20121004 11:39:01 I UDPv4 link local: [undef]
20121004 11:39:01 I UDPv4 link remote: W.X.Y.Z:port
20121004 11:39:32 TLS: Initial packet from W.X.Y.Z:port sid=fb43a676 06538609
20121004 11:39:32 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=domain.com/OU=namedomain/CN=domain.com/emailAddress=name-email@domain.com
20121004 11:39:32 VERIFY OK: depth=0 /C=SP/ST=CA/O=domain.com/OU=namedomain/CN=domain.com/emailAddress=name-email@domain.com
20121004 11:39:33 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:33 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:33 NOTE: --mute triggered...
20121004 11:39:33 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:33 I [domain.com] Peer Connection Initiated with W.X.Y.Z:port
20121004 11:39:35 SENT CONTROL [domain.com]: 'PUSH_REQUEST' (status=1)
20121004 11:39:35 PUSH: Received control message: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.226 255.255.255.0'
20121004 11:39:35 OPTIONS IMPORT: timers and/or timeouts modified
20121004 11:39:35 OPTIONS IMPORT: --ifconfig/up options modified
20121004 11:39:35 OPTIONS IMPORT: route-related options modified
20121004 11:39:35 I TUN/TAP device tap1 opened
20121004 11:39:35 TUN/TAP TX queue length set to 100
20121004 11:39:35 I /sbin/ifconfig tap1 192.168.1.226 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
20121004 11:39:35 I Initialization Sequence Completed
20121004 11:43:22 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:22 D MANAGEMENT: CMD 'state'
20121004 11:43:22 MANAGEMENT: Client disconnected
20121004 11:43:22 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:22 D MANAGEMENT: CMD 'state'
20121004 11:43:22 MANAGEMENT: Client disconnected
20121004 11:43:22 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:22 D MANAGEMENT: CMD 'state'
20121004 11:43:22 MANAGEMENT: Client disconnected
20121004 11:43:23 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:23 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Client-2-E4200 wrote:
EstadoServer: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.1.227 Remote Address:
Estado
LOGServerlog Clientlog 19700101 00:00:48 Local Options hash (VER=V4): '47446a4a'
19700101 00:00:48 Expected Remote Options hash (VER=V4): '47410d3b'
19700101 00:00:48 I UDPv4 link local: [undef]
19700101 00:00:48 I UDPv4 link remote: W.X.Y.Z:port
20121004 11:39:10 I [UNDEF] Inactivity timeout (--ping-restart) restarting
20121004 11:39:10 TCP/UDP: Closing socket
20121004 11:39:10 I SIGUSR1[soft ping-restart] received process restarting
20121004 11:39:10 Restart pause 2 second(s)
20121004 11:39:12 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20121004 11:39:12 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20121004 11:39:12 I Re-using SSL/TLS context
20121004 11:39:12 I LZO compression initialized
20121004 11:39:12 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:12 Socket Buffers: R=[114688->131072] S=[114688->131072]
20121004 11:39:12 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:12 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:12 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:12 Local Options hash (VER=V4): '47446a4a'
20121004 11:39:12 Expected Remote Options hash (VER=V4): '47410d3b'
20121004 11:39:12 I UDPv4 link local: [undef]
20121004 11:39:12 I UDPv4 link remote: W.X.Y.Z:port
20121004 11:39:26 N read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
20121004 11:39:42 TLS: Initial packet from W.X.Y.Z:port sid=5e805cd1 b8a70e03
20121004 11:39:42 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=name-domain.com/OU=name-domain/CN=name-domain.com/emailAddress=name-mail@domain.com
20121004 11:39:42 VERIFY OK: depth=0 /C=SP/ST=CA/O=name-domain.com/OU=name-domain/CN=name-domain.com/emailAddress=name-mail@domain.com
20121004 11:39:43 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:43 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:43 NOTE: --mute triggered...
20121004 11:39:43 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:43 I [name-domain.com] Peer Connection Initiated with W.X.Y.Z:port
20121004 11:39:45 SENT CONTROL [name-domain.com]: 'PUSH_REQUEST' (status=1)
20121004 11:39:45 PUSH: Received control message: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.227 255.255.255.0'
20121004 11:39:45 OPTIONS IMPORT: timers and/or timeouts modified
20121004 11:39:45 OPTIONS IMPORT: --ifconfig/up options modified
20121004 11:39:45 OPTIONS IMPORT: route-related options modified
20121004 11:39:45 I TUN/TAP device tap1 opened
20121004 11:39:45 TUN/TAP TX queue length set to 100
20121004 11:39:45 I /sbin/ifconfig tap1 192.168.1.227 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
20121004 11:39:45 I Initialization Sequence Completed
20121004 11:43:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'state'
20121004 11:43:18 MANAGEMENT: Client disconnected
20121004 11:43:18 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'state'
20121004 11:43:18 MANAGEMENT: Client disconnected
20121004 11:43:18 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'state'
20121004 11:43:18 MANAGEMENT: Client disconnected
20121004 11:43:18 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Client-3-Laptop-Windows wrote:
Sat Oct 06 10:41:01 2012 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Sat Oct 06 10:41:01 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Oct 06 10:41:02 2012 Attempting to establish TCP connection with W.X.Y.Z:port
Sat Oct 06 10:41:02 2012 TCP connection established with W.X.Y.Z:port
Sat Oct 06 10:41:02 2012 TCPv4_CLIENT link local: [undef]
Sat Oct 06 10:41:02 2012 TCPv4_CLIENT link remote: W.X.Y.Z:port
Sat Oct 06 10:41:03 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1575', remote='link-mtu 1588'
Sat Oct 06 10:41:03 2012 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
Sat Oct 06 10:41:03 2012 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sat Oct 06 10:41:03 2012 [domain.com] Peer Connection Initiated with W.X.Y.Z:port
Sat Oct 06 10:41:05 2012 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Sat Oct 06 10:41:05 2012 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{09713839-9FD7-439A-9ABD-428E48EAE637}.tap
Sat Oct 06 10:41:05 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.1.227/255.255.255.0 on interface {09713839-9FD7-439A-9ABD-428E48EAE637} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Sat Oct 06 10:41:05 2012 Successful ARP Flush on interface [47] {09713839-9FD7-439A-9ABD-428E48EAE637}
Sat Oct 06 10:41:05 2012 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Oct 06 10:41:05 2012 Fatal decryption error (process_incoming_link), restarting
Sat Oct 06 10:41:05 2012 SIGUSR1[soft,decryption-error] received, process restarting
(This is the only client that I can't connect)
Then the config of all the system, avoiding Client-2 as is exactly the same as Client-1.
Server side
Client-1 side
Client-3 side
The FireWall rules in the builds 18777 weren't necessary, but in this case I'm adding it following instructions from many post here in the Forum.
Why isn't working ? I think that everything from my side is set OK, because these same parameters were working with the same server, but with the clients WRT160NL all in 18777 BS. All the network are in 192.168.1.X in both versions.
I will appreciate any help, comment or whatever linked to this matter as right now my knowledge isn't capable to solve this matter...
Many thanks like always and hopefully the great masters can give me a hand.
Best regards. _________________ 7 x Broadcom BCM5300 chip rev 1 - Asus RT-AC66U ----> v3.0-r31899 giga (04/24/17)
1 x Marvel Armada 385 - LinkSys WRT1900ACS ---------> v3.0-r31899 std (04/24/17)
1 x Marvel Armada 370/XP - LinkSys WRT1900AC -------> v3.0-r31899 std (04/24/17)
1 x QCA IPQ806X - Linksys EA8500 -------------------> v3.0-r31899 std (04/24/17)
1 x Broadcom BCM4709 - Asus RT-AC3200 --------------> v3.0-r30880 std (11/14/16)
1 x ARMv7 Processor rev 0 (v7l) - Asus RT-AC68U ----> v3.0-r30880 std (11/14/16)
1 x ARMv7 Processor rev 0 (v7l) - Linksys EA6900 ---> v3.0-r30880 std (11/14/16)
1 x ARM Cortex-A9 Processor - Net Gear R7000 -------> v3.0-r30880 std (11/14/16)
5 x Broadcom BCM4716 chip rev 1 - Linksys E4200 ----> v24-sp2 (06/07/14) kingkong
1 x Broadcom BCM5300 chip rev 1 - Asus RT-AC66U ----> v24-sp2 (04/01/13) giga
Posted: Wed Oct 10, 2012 17:48 Post subject: Re: OpenVPN - Connected but nothing working - Fractal: 20058
Bronk-S wrote:
Dear all,
As usual I'm trying to set a OpenVPN services between 3 sites all are E4200 with Fractal 20058 build.
The problem here it's that everything is connected and I can see it in the logs, but NOTHING working, I can't manage from other site the network, I can't ping, I can't see any computer, etcetc...
Please see the logs and the screenshots.
Server-E4200 wrote:
Server: CONNECTED: SUCCESS Local Address: Remote Address: Client: : Local Address: Remote Address:
Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since
domain.eu 1.2.3.4:32769 192.168.1.226 4831 427407 Thu Oct 4 11:39:32 2012
domain.eu 5.6.7.8:32773 192.168.1.227 4770 401632 Thu Oct 4 11:39:42 2012
Virtual Address Common Name Real Address Last Ref
Max bcast/mcast queue length
LOGServerlog 20121004 11:39:32 I 1.2.3.4:32769 LZO compression initialized
20121004 11:39:32 1.2.3.4:32769 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:32 1.2.3.4:32769 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:32 1.2.3.4:32769 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:32 1.2.3.4:32769 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:32 1.2.3.4:32769 Local Options hash (VER=V4): '47410d3b'
20121004 11:39:32 1.2.3.4:32769 Expected Remote Options hash (VER=V4): '47446a4a'
20121004 11:39:32 1.2.3.4:32769 TLS: Initial packet from 1.2.3.4:32769 sid=e31570fc ad915a21
20121004 11:39:33 1.2.3.4:32769 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@domain.com
20121004 11:39:33 1.2.3.4:32769 VERIFY OK: depth=0 /C=SP/ST=CA/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@other.com
20121004 11:39:33 1.2.3.4:32769 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:33 1.2.3.4:32769 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:33 1.2.3.4:32769 NOTE: --mute triggered...
20121004 11:39:33 1.2.3.4:32769 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:33 I 1.2.3.4:32769 [domain.eu] Peer Connection Initiated with 1.2.3.4:32769
20121004 11:39:35 domain.eu/1.2.3.4:32769 PUSH: Received control message: 'PUSH_REQUEST'
20121004 11:39:35 domain.eu/1.2.3.4:32769 SENT CONTROL [domain.eu]: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.226 255.255.255.0' (status=1)
20121004 11:39:42 MULTI: multi_create_instance called
20121004 11:39:42 I 5.6.7.8:32773 Re-using SSL/TLS context
20121004 11:39:42 I 5.6.7.8:32773 LZO compression initialized
20121004 11:39:42 5.6.7.8:32773 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:42 5.6.7.8:32773 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:42 5.6.7.8:32773 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:42 5.6.7.8:32773 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:42 5.6.7.8:32773 Local Options hash (VER=V4): '47410d3b'
20121004 11:39:42 5.6.7.8:32773 Expected Remote Options hash (VER=V4): '47446a4a'
20121004 11:39:42 5.6.7.8:32773 TLS: Initial packet from 5.6.7.8:32773 sid=e21627fc bf32828e
20121004 11:39:42 5.6.7.8:32773 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@domain.com
20121004 11:39:42 5.6.7.8:32773 VERIFY OK: depth=0 /C=SP/ST=CA/O=domain.eu/OU=domain/CN=domain.eu/emailAddress=name-mail@hotmail.com
20121004 11:39:42 5.6.7.8:32773 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:42 5.6.7.8:32773 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:42 5.6.7.8:32773 NOTE: --mute triggered...
20121004 11:39:42 5.6.7.8:32773 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:42 I 5.6.7.8:32773 [domain.eu] Peer Connection Initiated with 5.6.7.8:32773
20121004 11:39:45 domain.eu/5.6.7.8:32773 PUSH: Received control message: 'PUSH_REQUEST'
20121004 11:39:45 domain.eu/5.6.7.8:32773 SENT CONTROL [domain.eu]: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.227 255.255.255.0' (status=1)
20121004 11:41:26 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:26 D MANAGEMENT: CMD 'state'
20121004 11:41:26 MANAGEMENT: Client disconnected
20121004 11:41:26 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:26 D MANAGEMENT: CMD 'state'
20121004 11:41:26 MANAGEMENT: Client disconnected
20121004 11:41:26 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:26 D MANAGEMENT: CMD 'state'
20121004 11:41:26 MANAGEMENT: Client disconnected
20121004 11:41:27 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:27 D MANAGEMENT: CMD 'status 2'
20121004 11:41:27 MANAGEMENT: Client disconnected
20121004 11:41:27 MANAGEMENT: Client connected from 127.0.0.1:5002
20121004 11:41:27 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog
Client-1-E4200 wrote:
EstadoServer: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.1.226 Remote Address:
Estado
LOGServerlog Clientlog 20121004 11:39:01 Current Parameter Settings:
20121004 11:39:01 config = '/tmp/openvpncl/openvpn.conf'
20121004 11:39:01 mode = 0
20121004 11:39:01 persist_config = DISABLED
20121004 11:39:01 persist_mode = 1
20121004 11:39:01 NOTE: --mute triggered...
20121004 11:39:01 206 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:01 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Sep 30 2012
20121004 11:39:01 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20121004 11:39:01 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20121004 11:39:01 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20121004 11:39:01 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20121004 11:39:01 I LZO compression initialized
20121004 11:39:01 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:01 Socket Buffers: R=[114688->131072] S=[114688->131072]
20121004 11:39:01 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:01 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:01 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:01 Local Options hash (VER=V4): '47446a4a'
20121004 11:39:01 Expected Remote Options hash (VER=V4): '47410d3b'
20121004 11:39:01 I UDPv4 link local: [undef]
20121004 11:39:01 I UDPv4 link remote: W.X.Y.Z:port
20121004 11:39:32 TLS: Initial packet from W.X.Y.Z:port sid=fb43a676 06538609
20121004 11:39:32 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=domain.com/OU=namedomain/CN=domain.com/emailAddress=name-email@domain.com
20121004 11:39:32 VERIFY OK: depth=0 /C=SP/ST=CA/O=domain.com/OU=namedomain/CN=domain.com/emailAddress=name-email@domain.com
20121004 11:39:33 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:33 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:33 NOTE: --mute triggered...
20121004 11:39:33 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:33 I [domain.com] Peer Connection Initiated with W.X.Y.Z:port
20121004 11:39:35 SENT CONTROL [domain.com]: 'PUSH_REQUEST' (status=1)
20121004 11:39:35 PUSH: Received control message: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.226 255.255.255.0'
20121004 11:39:35 OPTIONS IMPORT: timers and/or timeouts modified
20121004 11:39:35 OPTIONS IMPORT: --ifconfig/up options modified
20121004 11:39:35 OPTIONS IMPORT: route-related options modified
20121004 11:39:35 I TUN/TAP device tap1 opened
20121004 11:39:35 TUN/TAP TX queue length set to 100
20121004 11:39:35 I /sbin/ifconfig tap1 192.168.1.226 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
20121004 11:39:35 I Initialization Sequence Completed
20121004 11:43:22 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:22 D MANAGEMENT: CMD 'state'
20121004 11:43:22 MANAGEMENT: Client disconnected
20121004 11:43:22 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:22 D MANAGEMENT: CMD 'state'
20121004 11:43:22 MANAGEMENT: Client disconnected
20121004 11:43:22 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:22 D MANAGEMENT: CMD 'state'
20121004 11:43:22 MANAGEMENT: Client disconnected
20121004 11:43:23 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:23 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Client-2-E4200 wrote:
EstadoServer: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.1.227 Remote Address:
Estado
LOGServerlog Clientlog 19700101 00:00:48 Local Options hash (VER=V4): '47446a4a'
19700101 00:00:48 Expected Remote Options hash (VER=V4): '47410d3b'
19700101 00:00:48 I UDPv4 link local: [undef]
19700101 00:00:48 I UDPv4 link remote: W.X.Y.Z:port
20121004 11:39:10 I [UNDEF] Inactivity timeout (--ping-restart) restarting
20121004 11:39:10 TCP/UDP: Closing socket
20121004 11:39:10 I SIGUSR1[soft ping-restart] received process restarting
20121004 11:39:10 Restart pause 2 second(s)
20121004 11:39:12 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20121004 11:39:12 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20121004 11:39:12 I Re-using SSL/TLS context
20121004 11:39:12 I LZO compression initialized
20121004 11:39:12 Control Channel MTU parms [ L:1586 D:138 EF:38 EB:0 ET:0 EL:0 ]
20121004 11:39:12 Socket Buffers: R=[114688->131072] S=[114688->131072]
20121004 11:39:12 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:135 ET:32 EL:0 AF:3/1 ]
20121004 11:39:12 Local Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-client'
20121004 11:39:12 Expected Remote Options String: 'V4 dev-type tap link-mtu 1586 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA256 keysize 128 key-method 2 tls-server'
20121004 11:39:12 Local Options hash (VER=V4): '47446a4a'
20121004 11:39:12 Expected Remote Options hash (VER=V4): '47410d3b'
20121004 11:39:12 I UDPv4 link local: [undef]
20121004 11:39:12 I UDPv4 link remote: W.X.Y.Z:port
20121004 11:39:26 N read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
20121004 11:39:42 TLS: Initial packet from W.X.Y.Z:port sid=5e805cd1 b8a70e03
20121004 11:39:42 VERIFY OK: depth=1 /C=SP/ST=CA/L=Barcelona/O=name-domain.com/OU=name-domain/CN=name-domain.com/emailAddress=name-mail@domain.com
20121004 11:39:42 VERIFY OK: depth=0 /C=SP/ST=CA/O=name-domain.com/OU=name-domain/CN=name-domain.com/emailAddress=name-mail@domain.com
20121004 11:39:43 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20121004 11:39:43 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20121004 11:39:43 NOTE: --mute triggered...
20121004 11:39:43 3 variation(s) on previous 5 message(s) suppressed by --mute
20121004 11:39:43 I [name-domain.com] Peer Connection Initiated with W.X.Y.Z:port
20121004 11:39:45 SENT CONTROL [name-domain.com]: 'PUSH_REQUEST' (status=1)
20121004 11:39:45 PUSH: Received control message: 'PUSH_REPLY route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.227 255.255.255.0'
20121004 11:39:45 OPTIONS IMPORT: timers and/or timeouts modified
20121004 11:39:45 OPTIONS IMPORT: --ifconfig/up options modified
20121004 11:39:45 OPTIONS IMPORT: route-related options modified
20121004 11:39:45 I TUN/TAP device tap1 opened
20121004 11:39:45 TUN/TAP TX queue length set to 100
20121004 11:39:45 I /sbin/ifconfig tap1 192.168.1.227 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
20121004 11:39:45 I Initialization Sequence Completed
20121004 11:43:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'state'
20121004 11:43:18 MANAGEMENT: Client disconnected
20121004 11:43:18 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'state'
20121004 11:43:18 MANAGEMENT: Client disconnected
20121004 11:43:18 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'state'
20121004 11:43:18 MANAGEMENT: Client disconnected
20121004 11:43:18 MANAGEMENT: Client connected from 127.0.0.1:5001
20121004 11:43:18 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Client-3-Laptop-Windows wrote:
Sat Oct 06 10:41:01 2012 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Sat Oct 06 10:41:01 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Oct 06 10:41:02 2012 Attempting to establish TCP connection with W.X.Y.Z:port
Sat Oct 06 10:41:02 2012 TCP connection established with W.X.Y.Z:port
Sat Oct 06 10:41:02 2012 TCPv4_CLIENT link local: [undef]
Sat Oct 06 10:41:02 2012 TCPv4_CLIENT link remote: W.X.Y.Z:port
Sat Oct 06 10:41:03 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1575', remote='link-mtu 1588'
Sat Oct 06 10:41:03 2012 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
Sat Oct 06 10:41:03 2012 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sat Oct 06 10:41:03 2012 [domain.com] Peer Connection Initiated with W.X.Y.Z:port
Sat Oct 06 10:41:05 2012 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Sat Oct 06 10:41:05 2012 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{09713839-9FD7-439A-9ABD-428E48EAE637}.tap
Sat Oct 06 10:41:05 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.1.227/255.255.255.0 on interface {09713839-9FD7-439A-9ABD-428E48EAE637} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Sat Oct 06 10:41:05 2012 Successful ARP Flush on interface [47] {09713839-9FD7-439A-9ABD-428E48EAE637}
Sat Oct 06 10:41:05 2012 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Oct 06 10:41:05 2012 Fatal decryption error (process_incoming_link), restarting
Sat Oct 06 10:41:05 2012 SIGUSR1[soft,decryption-error] received, process restarting
(This is the only client that I can't connect)
Then the config of all the system, avoiding Client-2 as is exactly the same as Client-1.
Server side
Client-1 side
Client-3 side
The FireWall rules in the builds 18777 weren't necessary, but in this case I'm adding it following instructions from many post here in the Forum.
Why isn't working ? I think that everything from my side is set OK, because these same parameters were working with the same server, but with the clients WRT160NL all in 18777 BS. All the network are in 192.168.1.X in both versions.
I will appreciate any help, comment or whatever linked to this matter as right now my knowledge isn't capable to solve this matter...
Many thanks like always and hopefully the great masters can give me a hand.
Posted: Mon Oct 15, 2012 14:42 Post subject: Re: OpenVPN - Connected but nothing working - Fractal: 20058
mvyvoda wrote:
guess not. bump for help. same problem here...
Hi Mvyvoda,
I'm a bit frustrated, because I don't know why this didn't works...
I just tried the same with the build 20119 in WRT160NL in both sides and didn't worked neither, but in this case I also tried with a client in Windows and was working PERFECTLY everything as expected, seeing all the clients pinguing, etcetc...
Hopefully with the Mega version for 60k works with E4200 as a client also...
Many thanks and let me know if you see any other improvements from your side.
Regards. _________________ 7 x Broadcom BCM5300 chip rev 1 - Asus RT-AC66U ----> v3.0-r31899 giga (04/24/17)
1 x Marvel Armada 385 - LinkSys WRT1900ACS ---------> v3.0-r31899 std (04/24/17)
1 x Marvel Armada 370/XP - LinkSys WRT1900AC -------> v3.0-r31899 std (04/24/17)
1 x QCA IPQ806X - Linksys EA8500 -------------------> v3.0-r31899 std (04/24/17)
1 x Broadcom BCM4709 - Asus RT-AC3200 --------------> v3.0-r30880 std (11/14/16)
1 x ARMv7 Processor rev 0 (v7l) - Asus RT-AC68U ----> v3.0-r30880 std (11/14/16)
1 x ARMv7 Processor rev 0 (v7l) - Linksys EA6900 ---> v3.0-r30880 std (11/14/16)
1 x ARM Cortex-A9 Processor - Net Gear R7000 -------> v3.0-r30880 std (11/14/16)
5 x Broadcom BCM4716 chip rev 1 - Linksys E4200 ----> v24-sp2 (06/07/14) kingkong
1 x Broadcom BCM5300 chip rev 1 - Asus RT-AC66U ----> v24-sp2 (04/01/13) giga
Posted: Mon Oct 15, 2012 16:14 Post subject: Re: OpenVPN - Connected but nothing working - Fractal: 20058
Bronk-S wrote:
Hi Mvyvoda,
I'm a bit frustrated, because I don't know why this didn't works...
I just tried the same with the build 20119 in WRT160NL in both sides and didn't worked neither, but in this case I also tried with a client in Windows and was working PERFECTLY everything as expected, seeing all the clients pinguing, etcetc...
Hopefully with the Mega version for 60k works with E4200 as a client also...
Many thanks and let me know if you see any other improvements from your side.
Regards.
Replying myself, I have configured the E4200 with the current build tunneling to a WRT160NL with the new 20119 and didn't worked neither...
So, I can't be very optimist being honest as this one isn't working neither...
Regards. _________________ 7 x Broadcom BCM5300 chip rev 1 - Asus RT-AC66U ----> v3.0-r31899 giga (04/24/17)
1 x Marvel Armada 385 - LinkSys WRT1900ACS ---------> v3.0-r31899 std (04/24/17)
1 x Marvel Armada 370/XP - LinkSys WRT1900AC -------> v3.0-r31899 std (04/24/17)
1 x QCA IPQ806X - Linksys EA8500 -------------------> v3.0-r31899 std (04/24/17)
1 x Broadcom BCM4709 - Asus RT-AC3200 --------------> v3.0-r30880 std (11/14/16)
1 x ARMv7 Processor rev 0 (v7l) - Asus RT-AC68U ----> v3.0-r30880 std (11/14/16)
1 x ARMv7 Processor rev 0 (v7l) - Linksys EA6900 ---> v3.0-r30880 std (11/14/16)
1 x ARM Cortex-A9 Processor - Net Gear R7000 -------> v3.0-r30880 std (11/14/16)
5 x Broadcom BCM4716 chip rev 1 - Linksys E4200 ----> v24-sp2 (06/07/14) kingkong
1 x Broadcom BCM5300 chip rev 1 - Asus RT-AC66U ----> v24-sp2 (04/01/13) giga
Posted: Mon Oct 15, 2012 16:19 Post subject: Re: OpenVPN - Connected but nothing working - Fractal: 20058
Bronk-S wrote:
Bronk-S wrote:
Hi Mvyvoda,
I'm a bit frustrated, because I don't know why this didn't works...
I just tried the same with the build 20119 in WRT160NL in both sides and didn't worked neither, but in this case I also tried with a client in Windows and was working PERFECTLY everything as expected, seeing all the clients pinguing, etcetc...
Hopefully with the Mega version for 60k works with E4200 as a client also...
Many thanks and let me know if you see any other improvements from your side.
Regards.
Replying myself, I have configured the E4200 with the current build tunneling to a WRT160NL with the new 20119 and didn't worked neither...
So, I can't be very optimist being honest as this one isn't working neither...
Regards.
does anyone experience this?:
i switched to bridge mode to see if that connects. i am able to connect to the server ouside my LAN, however, I can not ping any computer on my network. the error code I get from Tunnelblick is:
Code:
Warning:
This computer's apparent public IP address was not different after connecting to server. It is still 70.194.66.154.
This may mean that your VPN is not configured correctly.
i think i am not on the right subnet, when I connect.
