[ previous ] [ next ] [ threads ]
 
 From:  Andrew Harvey <pbook at bagheera dot id dot au>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  openVPN headaches
 Date:  Thu, 9 Jun 2005 20:53:44 +1000 
Hi,
I've been trying to setup openVPN on my m0n0wall, but to no avail.

I have set it up (so far as I can tell) according to the instructions 
in the docbook, but I can't seem to get it to work.

Here are my system log entries when I try to start openVPN

Jun  9 10:45:53 bender openvpn[79]: event_wait : Interrupted system 
call (code=4)
Jun  9 10:45:53 bender openvpn[79]: event_wait : Interrupted system 
call (code=4)
Jun  9 10:45:53 bender openvpn[79]: ERROR: FreeBSD route delete command 
failed: shell command exited with error status: 77
Jun  9 10:45:53 bender openvpn[79]: ERROR: FreeBSD route delete command 
failed: shell command exited with error status: 77
Jun  9 10:45:53 bender openvpn[79]: SIGTERM[hard,] received, process 
exiting
Jun  9 10:45:53 bender openvpn[79]: SIGTERM[hard,] received, process 
exiting
Jun  9 10:45:53 bender openvpn[442]: OpenVPN 2.0 
i386-unknown-freebsd4.11 [SSL] built on May  8 2005
Jun  9 10:45:53 bender openvpn[442]: OpenVPN 2.0 
i386-unknown-freebsd4.11 [SSL] built on May  8 2005
Jun  9 10:45:53 bender openvpn[442]: WARNING: you are using 
user/group/chroot without persist-key/persist-tun -- this may cause 
restarts to fail
Jun  9 10:45:53 bender openvpn[442]: WARNING: you are using 
user/group/chroot without persist-key/persist-tun -- this may cause 
restarts to fail
Jun  9 10:45:53 bender openvpn[442]: WARNING: --keepalive option is 
missing from server config
Jun  9 10:45:53 bender openvpn[442]: WARNING: --keepalive option is 
missing from server config
Jun  9 10:45:53 bender openvpn[442]: WARNING: file 
'/var/db/ovpn_srv_key.pem' is group or others accessible
Jun  9 10:45:53 bender openvpn[442]: WARNING: file 
'/var/db/ovpn_srv_key.pem' is group or others accessible
Jun  9 10:45:53 bender openvpn[442]: gw 211.30.78.1
Jun  9 10:45:53 bender openvpn[442]: gw 211.30.78.1
Jun  9 10:45:53 bender openvpn[442]: TUN/TAP device /dev/tun0 opened
Jun  9 10:45:53 bender openvpn[442]: TUN/TAP device /dev/tun0 opened
Jun  9 10:45:53 bender openvpn[442]: /sbin/ifconfig tun0 10.2.0.1 
10.2.0.2 mtu 1500 netmask 255.255.255.255 up
Jun  9 10:45:53 bender openvpn[442]: /sbin/ifconfig tun0 10.2.0.1 
10.2.0.2 mtu 1500 netmask 255.255.255.255 up
Jun  9 10:45:54 bender openvpn[447]: GID set to nobody
Jun  9 10:45:54 bender openvpn[447]: GID set to nobody
Jun  9 10:45:54 bender openvpn[447]: UID set to nobody
Jun  9 10:45:54 bender openvpn[447]: UID set to nobody
Jun  9 10:45:54 bender openvpn[447]: UDPv4 link local (bound): 
[undef]:143
Jun  9 10:45:54 bender openvpn[447]: UDPv4 link local (bound): 
[undef]:143
Jun  9 10:45:54 bender openvpn[447]: UDPv4 link remote: [undef]
Jun  9 10:45:54 bender openvpn[447]: UDPv4 link remote: [undef]
Jun  9 10:45:54 bender openvpn[447]: Initialization Sequence Completed
Jun  9 10:45:54 bender openvpn[447]: Initialization Sequence Completed



Nothing seems to be broken, but I can't connect to the interface on 
port 143 (the port it has been configured to be on) on any interface.

Any ideas? Below is my config.xml openVPN section.

<ovpn>
         <server>
             <tun_iface>tun0</tun_iface>
             <psh_options>
                 <redir/>
                 <ping>60</ping>
                 <pingexit>60</pingexit>
             </psh_options>
             <port>143</port>
             <proto>UDP</proto>
             <maxcli>25</maxcli>
             <crypto>BF-CBC</crypto>
             <dupcn/>
             <verb>1</verb>
             <enable/>
             <bind_iface>all</bind_iface>
             <ipblock>10.2.0.0</ipblock>
             <prefix>29</prefix>
             <ca_cert>(snip)</srv_cert>
             <srv_key>(snip)</srv_key>
             <dh_param>(snip)</dh_param>
             <cli2cli/>
         </server>
     </ovpn>