port 1194 proto udp dev tun ca privnet/ca.crt cert privnet/server.crt key privnet/server.key dh privnet/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3
client script-security 2 up /etc/openvpn/nokia.up down /etc/openvpn/nokia.down dev tun proto udp remote asterisk.dyndns.org 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3
nokia.up #!/bin/sh run-standalone.sh /usr/bin/mc-tool update sofiasip/sip/_3101_40asterisk_2edyndns_2eorg0 string:local-ip-address=$4 run-standalone.sh /usr/bin/mc-tool enable sofiasip/sip/_3101_40asterisk_2edyndns_2eor nokia.down run-standalone.sh /usr/bin/mc-tool disable sofiasip/sip/_3101_40asterisk_2edyndns_2eorg0
Apr 9 20:26:05 2010 OpenVPN 2.1_rc20 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [MH] [PF_INET6] built on Nov 29 2009 Fri Apr 9 20:26:05 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Fri Apr 9 20:26:05 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> Fri Apr 9 20:26:05 2010 ******* WARNING *******: 'client.key' cannot be verified as a non-vulnerable key. See 'man openssl-vulnkey' for details. Fri Apr 9 20:26:05 2010 LZO compression initialized Fri Apr 9 20:26:05 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Fri Apr 9 20:26:05 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Fri Apr 9 20:26:05 2010 Local Options hash (VER=V4): '41690919' Fri Apr 9 20:26:05 2010 Expected Remote Options hash (VER=V4): '530fdded' Fri Apr 9 20:26:05 2010 Socket Buffers: R=[65536->131072] S=[16384->131072] Fri Apr 9 20:26:05 2010 UDPv4 link local: [undef] Fri Apr 9 20:26:05 2010 UDPv4 link remote: [AF_INET]86.9.87.233:1194 Fri Apr 9 20:26:05 2010 TLS: Initial packet from [AF_INET]86.9.87.233:1194, sid=a7692b5f 7a0dab40 Fri Apr 9 20:26:09 2010 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain Fri Apr 9 20:26:09 2010 VERIFY OK: nsCertType=SERVER Fri Apr 9 20:26:09 2010 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain Fri Apr 9 20:26:16 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Apr 9 20:26:16 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 9 20:26:16 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Apr 9 20:26:16 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 9 20:26:16 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Fri Apr 9 20:26:16 2010 [server] Peer Connection Initiated with [AF_INET]86.9.87.233:1194 Fri Apr 9 20:26:18 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Fri Apr 9 20:26:19 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 1 Fri Apr 9 20:26:19 2010 OPTIONS IMPORT: timers and/or timeouts modified Fri Apr 9 20:26:19 2010 OPTIONS IMPORT: --ifconfig/up options modified Fri Apr 9 20:26:19 2010 OPTIONS IMPORT: route options modified Fri Apr 9 20:26:19 2010 ROUTE default_gateway=192.168.1.254 Fri Apr 9 20:26:19 2010 TUN/TAP device tun0 opened Fri Apr 9 20:26:19 2010 TUN/TAP TX queue length set to 100 Fri Apr 9 20:26:19 2010 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500 Fri Apr 9 20:26:19 2010 /etc/openvpn/nokia.up tun0 1500 1542 10.8.0.6 10.8.0.5 init Fri Apr 9 20:26:20 2010 /sbin/route add -net 86.9.87.233 netmask 255.255.255.255 gw 192.168.1.254 Fri Apr 9 20:26:20 2010 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5 Fri Apr 9 20:26:20 2010 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5 Fri Apr 9 20:26:20 2010 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5 Fri Apr 9 20:26:20 2010 Initialization Sequence Completed
echo 1 > /proc/sys/net/ipv4/ip_forward