|
Re: VPN suggestions
For future reference: Really good SSH tunneling howto on Undeadly.org (OpenBSD Journal). I know, TS picked OpenVPN and almost has it running, just found it of good quality that its worth to share. Maybe sth for wiki, or wiki entry for VPN solutions in general.
|
Re: VPN suggestions
Quote:
Again thank you for all your help. Here is the current log when I run a test: "Sun Oct 18 01:23:08 2009 OpenVPN 2.1_rc19 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Sep 7 2009 Enter Auth Username:Enter Auth Password:Sun Oct 18 01:23:08 2009 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Oct 18 01:23:08 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted> Sun Oct 18 01:23:08 2009 ******* WARNING *******: '(null)' is a known vulnerable key. See 'man openvpn-vulnkey' for details. Sun Oct 18 01:23:08 2009 WARNING: file 'ivacy-tls.key' is group or others accessible Sun Oct 18 01:23:08 2009 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file Sun Oct 18 01:23:08 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Oct 18 01:23:08 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Oct 18 01:23:08 2009 LZO compression initialized Sun Oct 18 01:23:08 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Sun Oct 18 01:23:08 2009 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses, choosing one by random Sun Oct 18 01:23:08 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sun Oct 18 01:23:08 2009 Local Options hash (VER=V4): '504e774e' Sun Oct 18 01:23:08 2009 Expected Remote Options hash (VER=V4): '14168603' Sun Oct 18 01:23:08 2009 Socket Buffers: R=[105472->131072] S=[105472->131072] Sun Oct 18 01:23:08 2009 UDPv4 link local: [undef] Sun Oct 18 01:23:08 2009 UDPv4 link remote: 85.249.223.27:1194 Sun Oct 18 01:23:13 2009 TLS: Initial packet from 85.249.223.27:1194, sid=a20c53ca dcb26178 Sun Oct 18 01:23:13 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun Oct 18 01:23:25 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com Sun Oct 18 01:23:26 2009 VERIFY OK: nsCertType=SERVER Sun Oct 18 01:23:26 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Oct 18 01:23:37 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Oct 18 01:23:37 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Oct 18 01:23:38 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Sun Oct 18 01:23:38 2009 [openvpn.ivacy.com] Peer Connection Initiated with 85.249.223.27:1194 Sun Oct 18 01:23:39 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1) Sun Oct 18 01:23:41 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.106 255.255.255.0' Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: timers and/or timeouts modified Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: explicit notify parm(s) modified Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ifconfig/up options modified Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route options modified Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: route-related options modified Sun Oct 18 01:23:41 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun Oct 18 01:23:41 2009 ROUTE default_gateway=192.168.15.1 Sun Oct 18 01:23:41 2009 TUN/TAP device tun0 opened Sun Oct 18 01:23:41 2009 TUN/TAP TX queue length set to 100 Sun Oct 18 01:23:41 2009 /sbin/ifconfig tun0 1.2.124.106 netmask 255.255.255.0 mtu 1500 broadcast 1.2.124.255 Sun Oct 18 01:23:41 2009 /sbin/route add -net 85.249.223.27 netmask 255.255.255.255 gw 192.168.15.1 Sun Oct 18 01:23:42 2009 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.124.1 Sun Oct 18 01:23:42 2009 Initialization Sequence Completed" Hope that helps. |
Re: VPN suggestions
Post the openvpn log.
|
Re: VPN suggestions
I put it above
is it something on my NIT that I needed to do? |
Re: VPN suggestions
Quote:
|
Re: VPN suggestions
not to have you do all the work for me, but what would that code look like in the terminal?
|
Re: VPN suggestions
I got to go to bed...It's like 2am here. Thanks for every ones help. I'll be up in 5 hours with a coffee in my hand going right to this thread. I am so close to getting this going I can taste it.
|
Re: VPN suggestions
Quote:
The command would look like something like this: sudo openvpn --config /etc/openvpn/config/Ivacy-client.ovpn --redirect-gateway def1 Two notes: 1) Might instead execute rootsh and ditch sudo 2) I don't know where your config file resides After this authentication, going to http://ip.help.me.uk will say probably 85.249.223.27 (your VPN endpoint). If it does, it works. If not, I suggest running a tracepath. PS: Instead of using --redirect-gateway you can also set up routing manually!! |
Re: VPN suggestions
Quote:
|
Re: VPN suggestions
Quote:
|
| All times are GMT. The time now is 20:20. |
vBulletin® Version 3.8.8