[ previous ] [ next ] [ threads ]
 
 From:  Fernando Costa <cusquinho at gmail dot com>
 To:  Brent Cook <bcook at networklogistic dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Problem regarding OpenVpn on b9 version
 Date:  Thu, 11 Aug 2005 10:37:42 -0300
I see, we would need to change the verbose level of openvpn so we
could trace additional events (if they are already going to custom
log). There is also a file that could store user and IP, so it will

The main feature I want is to see who is connected.

Fernando

On 8/11/05, Brent Cook <bcook at networklogistic dot com> wrote:
> I recompiled the OpenVPN executable to write to log to a certain syslog facility. Then fixed up
the logging page in m0n0wall and the syslog ini file to catch the logs. Otherwise, it all goes into
the main system log.
> 
> -----Original Message-----
> From: Fernando Costa [mailto:cusquinho at gmail dot com]
> Sent: Thursday, August 11, 2005 8:09 AM
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall-dev] Problem regarding OpenVpn on b9 version
> 
> Hello all,
> 


one in the list mentioned that. The problem I was having is a bug in b9 openvpn.inc file, which wont
set the TCP option. Changing that file and rewriting the iso file got it working, even with windows
openvpn 2.0 client.
> 
> There is one thing that I still need to solve. How about openvpn logs?
> How can I find out who is connected? As far as I checked, it wont redirect openvpn logs to any
file. I think we could do that very easily, and also, add a TAB in Diagnostics.
> 
> Thanks
> 
> Fernando Costa
> 
> >Michael,
> >
> >  Thanks for you fast response. I&#180;ll build a new version with that
> >fix for my personal use. Wondering, have you tried to support openvpn2?
> >I saw it is on freebsd port list. The problem is that Windows xp SP2
> >only works with version 2 protocol. Any luck on openvpn2?
> >
> >Thanks
> >
> >Fernando
> 
> On 8/3/05, M. G. (Michael) de Bruin <mg dot debruin at buum dot nl> wrote:
> > Fernando Costa wrote:
> > > Hello All,
> > >
> > >     I'm new to m0n0wall project but I think I have found a bug in
> > > OpenVPN support (lastest beta version). I know most VPNs would run
> > > using UDP but I can't use because it is blocked in my University
> > > firewall. The thing is, whenever I turn TCP option on, it still
> > > accepts connection on UDP port only. I've tested it, rebooting and
> > > stuff, and even when I click TCP it only listens on UDP port.
> > >
> > > nc -u 192.168.200.1 1976 -v (UDP Test) cusco.mine.nu [192.168.200.1]
> > > 1976 (?) open
> > >
> > > nc 192.168.200.1 1976 -v (TCP Test)
> > > cusco.mine.nu [192.168.200.1] 1976 (?): connection refused
> > >
> > >   The logs also tells me that it's waiting for UDP connections:
> > >
> > > Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976
> > > Aug 3 00:03:21 openvpn[319]: UDPv4 link local (bound): [undef]:1976
> > > Aug 3 00:03:21 openvpn[319]: UDPv4 link remote: [undef] Aug 3
> > > 00:03:21 openvpn[319]: UDPv4 link remote: [undef]
> > >
> > > Guess it's something pretty simple regarding the config file parser.
> > >
> > > Thanks
> > >
> > > Fernando Costa
> > >
> > > --------------------------------------------------------------------
> > > - To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at
> > > lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash
> > > dev dash help at lists dot m0n0 dot ch
> > >
> > Fernando,
> >
> > you are correct, this is indeed a bug in m0n0wall. I actually
> > mentioned this 18th of february, but apparently Manual hasn't come
> > around to fixing it.
> >
> > I have pasted the entire mail (including the solution) below, hope
> > that helps you.
> >
> > Cheers,
> >
> > Michael
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > All,
> >
> > I am either going nuts (hey, almost weekend) or there is a bug in the
> > OpenVPN configuration. What I am trying to do, is get OpenVPN to
> > listen on a tcp port, so I can connect  to it through any firewall.
> > However, even when I select TCP in the OpenVPN config, it still starts
> > up as an UDP service (long live syslog):
> >
> > Feb 18 16:57:40 mercury openvpn[678]: OpenVPN 2.0_beta11
> > i386-unknown-freebsd4.10 [SSL] built on Oct 23 2004 Feb 18 16:57:40
> > mercury openvpn[678]: OpenVPN 2.0_beta11 i386-unknown-freebsd4.10
> > [SSL] built on Oct 23 2004 <snip uninteresting stuff> Feb 18 16:57:40
> > mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000 Feb 18
> > 16:57:40 mercury openvpn[683]: UDPv4 link local (bound): x.x.x.x:8000
> > Feb 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef] Feb
> > 18 16:57:40 mercury openvpn[683]: UDPv4 link remote: [undef]
> >
> > If I check the process page, this seems logical, since the option
> > '--proto tcp-server' is missing.
> >
> > Now, if I check /etc/inc/openvpn.inc (more specifically, the function
> > ovpn_config_server()), I can't find the option proto being set
> > anywhere, which would explain UDP (which is default) being used as a protocol.
> >
> > If I am not mistaking, the following section should be added:
> >
> > /* Set protocol being used (TCP or UDP)
> >    if ($server['proto'] == 'TCP') {
> >      $ovpn_config .= "--proto tcp-server";
> >      }
> >
> >
> > Cheers,
> >
> > Michael de Bruin
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.6 (FreeBSD)
> >
> > iD8DBQFCFhbHQ9cfgf1E1Y4RAs7AAKDTo0E25Qvs9Qy1vPMNaH2XU3aDTQCg/nzG
> > E7z5PyrpKORDMnfdc9e0CbE=
> > =oNnE
> > -----END PGP SIGNATURE-----
> >
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> 
>