[ previous ] [ next ] [ threads ]
 
 From:  "M. G. (Michael) de Bruin" <mg dot debruin at buum dot nl>
 To:  Fernando Costa <cusquinho at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Problem regarding OpenVpn on b9 version
 Date:  Wed, 03 Aug 2005 22:52:04 +0200
Fernando Costa wrote:
> Hello All,
> 
>     I'm new to m0n0wall project but I think I have found a bug in
> OpenVPN support (lastest beta version). I know most VPNs would run
> using UDP but I can't use because it is blocked in my University
> firewall. The thing is, whenever I turn TCP option on, it still
> accepts connection on UDP port only. I've tested it, rebooting and
> stuff, and even when I click TCP it only listens on UDP port.
> 
> nc -u 192.168.200.1 1976 -v (UDP Test)
> cusco.mine.nu [192.168.200.1] 1976 (?) open
> 
> nc 192.168.200.1 1976 -v (TCP Test)
> cusco.mine.nu [192.168.200.1] 1976 (?): connection refused
> 
>   The logs also tells me that it's waiting for UDP connections:
> 
> Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976 
> Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976 
> Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef] 
> Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef] 
> 
> Guess it's something pretty simple regarding the config file parser.
> 
> Thanks
> 
> Fernando Costa
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> 
Fernando,

you are correct, this is indeed a bug in m0n0wall. I actually mentioned 
this 18th of february, but apparently Manual hasn't come around to 
fixing it.

I have pasted the entire mail (including the solution) below, hope that 
helps you.

Cheers,

Michael


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I am either going nuts (hey, almost weekend) or there is a bug in the
OpenVPN configuration. What I am trying to do, is get OpenVPN to listen on
a tcp port, so I can connect  to it through any firewall. However, even
when I select TCP in the OpenVPN config, it still starts up as an UDP
service (long live syslog):

Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004
Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004
<snip uninteresting stuff>
Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]
Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]

If I check the process page, this seems logical, since the option '--proto
tcp-server' is missing.

Now, if I check /etc/inc/openvpn.inc (more specifically, the function
ovpn_config_server()), I can't find the option proto being set anywhere,
which would explain UDP (which is default) being used as a protocol.

If I am not mistaking, the following section should be added:

/* Set protocol being used (TCP or UDP)
   if ($server['proto'] == 'TCP') {
     $ovpn_config .= "--proto tcp-server";
     }


Cheers,

Michael de Bruin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFCFhbHQ9cfgf1E1Y4RAs7AAKDTo0E25Qvs9Qy1vPMNaH2XU3aDTQCg/nzG
E7z5PyrpKORDMnfdc9e0CbE=
=oNnE
-----END PGP SIGNATURE-----
smime.p7s (4.5 KB, application/x-pkcs7-signature)