[ previous ] [ next ] [ threads ]
 
 From:  Fernando Costa <cusquinho at gmail dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Problem regarding OpenVpn on b9 version
 Date:  Thu, 11 Aug 2005 10:08:35 -0300
Hello all,




in the list mentioned that. The problem I was having is a bug in b9
openvpn.inc file, which wont set the TCP option. Changing that file
and rewriting the iso file got it working, even with windows openvpn
2.0 client.

There is one thing that I still need to solve. How about openvpn logs?
How can I find out who is connected? As far as I checked, it wont
redirect openvpn logs to any file. I think we could do that very
easily, and also, add a TAB in Diagnostics.

Thanks

Fernando Costa

>Michael,
>
>  Thanks for you fast response. I&#180;ll build a new version with that fix
>for my personal use. Wondering, have you tried to support openvpn2? I
>saw it is on freebsd port list. The problem is that Windows xp SP2
>only works with version 2 protocol. Any luck on openvpn2?
>
>Thanks
>
>Fernando

On 8/3/05, M. G. (Michael) de Bruin <mg dot debruin at buum dot nl> wrote:
> Fernando Costa wrote:
> > Hello All,
> >
> >     I'm new to m0n0wall project but I think I have found a bug in
> > OpenVPN support (lastest beta version). I know most VPNs would run
> > using UDP but I can't use because it is blocked in my University
> > firewall. The thing is, whenever I turn TCP option on, it still
> > accepts connection on UDP port only. I've tested it, rebooting and
> > stuff, and even when I click TCP it only listens on UDP port.
> >
> > nc -u 192.168.200.1 1976 -v (UDP Test)
> > cusco.mine.nu [192.168.200.1] 1976 (?) open
> >
> > nc 192.168.200.1 1976 -v (TCP Test)
> > cusco.mine.nu [192.168.200.1] 1976 (?): connection refused
> >
> >   The logs also tells me that it's waiting for UDP connections:
> >
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef]
> > Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef]
> >
> > Guess it's something pretty simple regarding the config file parser.
> >
> > Thanks
> >
> > Fernando Costa
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >
> Fernando,
> 
> you are correct, this is indeed a bug in m0n0wall. I actually mentioned
> this 18th of february, but apparently Manual hasn't come around to
> fixing it.
> 
> I have pasted the entire mail (including the solution) below, hope that
> helps you.
> 
> Cheers,
> 
> Michael
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> All,
> 
> I am either going nuts (hey, almost weekend) or there is a bug in the
> OpenVPN configuration. What I am trying to do, is get OpenVPN to listen on
> a tcp port, so I can connect  to it through any firewall. However, even
> when I select TCP in the OpenVPN config, it still starts up as an UDP
> service (long live syslog):
> 
> Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
> i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004
> Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
> i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004
> <snip uninteresting stuff>
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]
> Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]
> 
> If I check the process page, this seems logical, since the option '--proto
> tcp-server' is missing.
> 
> Now, if I check /etc/inc/openvpn.inc (more specifically, the function
> ovpn_config_server()), I can't find the option proto being set anywhere,
> which would explain UDP (which is default) being used as a protocol.
> 
> If I am not mistaking, the following section should be added:
> 
> /* Set protocol being used (TCP or UDP)
>    if ($server['proto'] == 'TCP') {
>      $ovpn_config .= "--proto tcp-server";
>      }
> 
> 
> Cheers,
> 
> Michael de Bruin
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (FreeBSD)
> 
> iD8DBQFCFhbHQ9cfgf1E1Y4RAs7AAKDTo0E25Qvs9Qy1vPMNaH2XU3aDTQCg/nzG
> E7z5PyrpKORDMnfdc9e0CbE=
> =oNnE
> -----END PGP SIGNATURE-----
> 
> 
>