[ previous ] [ next ] [ threads ]
 
 From:  Fernando Costa <cusquinho at gmail dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Problem regarding OpenVpn on b9 version
 Date:  Wed, 3 Aug 2005 20:44:13 -0300
Michael,


for my personal use. Wondering, have you tried to support openvpn2? I
saw it is on freebsd port list. The problem is that Windows xp SP2
only works with version 2 protocol. Any luck on openvpn2?

Thanks

Fernando

On 8/3/05, M. G. (Michael) de Bruin <mg dot debruin at buum dot nl> wrote:
> Fernando Costa wrote:
> > Hello All,
> >
> >     I'm new to m0n0wall project but I think I have found a bug in
> > OpenVPN support (lastest beta version). I know most VPNs would run
> > using UDP but I can't use because it is blocked in my University
> > firewall. The thing is, whenever I turn TCP option on, it still
> > accepts connection on UDP port only. I've tested it, rebooting and
> > stuff, and even when I click TCP it only listens on UDP port.
> >
> > nc -u 192.168.200.1 1976 -v (UDP Test)
> > cusco.mine.nu [192.168.200.1] 1976 (?) open
> >
> > nc 192.168.200.1 1976 -v (TCP Test)
> > cusco.mine.nu [192.168.200.1] 1976 (?): connection refused
> >
> >   The logs also tells me that it's waiting for UDP connections:
> >
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef]
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef]
> >
> > Guess it's something pretty simple regarding the config file parser.
> >
> > Thanks
> >
> > Fernando Costa
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >
> Fernando,
> 
> you are correct, this is indeed a bug in m0n0wall. I actually mentioned
> this 18th of february, but apparently Manual hasn't come around to
> fixing it.
> 
> I have pasted the entire mail (including the solution) below, hope that
> helps you.
> 
> Cheers,
> 
> Michael
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> All,
> 
> I am either going nuts (hey, almost weekend) or there is a bug in the
> OpenVPN configuration. What I am trying to do, is get OpenVPN to listen on
> a tcp port, so I can connect  to it through any firewall. However, even
> when I select TCP in the OpenVPN config, it still starts up as an UDP
> service (long live syslog):
> 
> Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
> i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004
> Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
> i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004
> <snip uninteresting stuff>
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]
> 
> If I check the process page, this seems logical, since the option '--proto
> tcp-server' is missing.
> 
> Now, if I check /etc/inc/openvpn.inc (more specifically, the function
> ovpn_config_server()), I can't find the option proto being set anywhere,
> which would explain UDP (which is default) being used as a protocol.
> 
> If I am not mistaking, the following section should be added:
> 
> /* Set protocol being used (TCP or UDP)
>    if ($server['proto'] == 'TCP') {
>      $ovpn_config .= "--proto tcp-server";
>      }
> 
> 
> Cheers,
> 
> Michael de Bruin
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (FreeBSD)
> 
> iD8DBQFCFhbHQ9cfgf1E1Y4RAs7AAKDTo0E25Qvs9Qy1vPMNaH2XU3aDTQCg/nzG
> E7z5PyrpKORDMnfdc9e0CbE=
> =oNnE
> -----END PGP SIGNATURE-----
> 
> 
>