On Thu, Aug 30, 2012 at 11:16 PM, cletusjenkins <cletusjenk...@zoho.com> wrote: > >>Whether you are acting as a server or a client you need to have a >>config file (.conf) in the /etc/openvpn directory (wich is the default >>location where the openvpn service will look for .conf files and will >>try to start those connections automatically when the service is >>started). Check if there is one. In case there is one, you can open a >>console and try to start the connection manually so you could see if >>it throws any errors with the following command: >> >># openvpn /etc/openvpn/.conf >> >>If there is no .conf file, you need to set one up. Check for examples >>at the openvpn.net site >>(http://openvpn.net/index.php/open-source.html). >> >>Cheers! >>Fred. > > thanks for the reply. I've built a *.conf file, 99% of it is the example file > for a client from the link, my changes were to make it: > use tcp (told to by the VPN company) > the hostname to connect and port (from the company) > to use tun (when I tried it with tap it acted like it connected, but it > totally shutdown my internet connectivity, can't find any advice on this from > the company) > then I appended the following: > > log-append /tmp/openvpn.log > > auth-user-pass > > ca /etc/openvpn/<companyname>.ca.crt > > The last line above is the ca the company told me to download and save. > > I can now start openvpn as you suggest, I can still browse, but I am not > going through the VPN (sites that tell you your IP address, show my actual IP > not the VPN's) > > Here is the output in the openvpn.log: > > Thu Aug 30 17:03:00 2012 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] > [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 20 2012 > Thu Aug 30 17:03:08 2012 WARNING: No server certificate verification method > has been enabled. See http://openvpn.net/howto.html#mitm for more info. > Thu Aug 30 17:03:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or > higher to call user-defined scripts or executables > Thu Aug 30 17:03:08 2012 LZO compression initialized > Thu Aug 30 17:03:08 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 > ET:0 EL:0 ] > Thu Aug 30 17:03:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] > Thu Aug 30 17:03:09 2012 RESOLVE: NOTE: vpn.<companyname>.com resolves to 10 > addresses > Thu Aug 30 17:03:09 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 > ET:32 EL:0 AF:3/1 ] > Thu Aug 30 17:03:09 2012 Local Options hash (VER=V4): '31fdf004' > Thu Aug 30 17:03:09 2012 Expected Remote Options hash (VER=V4): '3e6d1056' > Thu Aug 30 17:03:09 2012 Attempting to establish TCP connection with > [AF_INET]95.211.149.152:1194 [nonblock] > Thu Aug 30 17:03:10 2012 TCP connection established with > [AF_INET]95.211.149.152:1194 > Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link local: [undef] > Thu Aug 30 17:03:10 2012 TCPv4_CLIENT link remote: > [AF_INET]95.211.149.152:1194 > Thu Aug 30 17:03:10 2012 TLS: Initial packet from > [AF_INET]95.211.149.152:1194, sid=9c3a1f31 9ecb2837 > Thu Aug 30 17:03:10 2012 WARNING: this configuration may cache passwords in > memory -- use the auth-nocache option to prevent this > Thu Aug 30 17:03:12 2012 VERIFY OK: depth=1, > /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=BTGuard_CA/emailAddress=supp...@btguard.com > Thu Aug 30 17:03:12 2012 VERIFY OK: depth=0, > /C=DE/ST=Hesse-Nassau/L=Frankfurt/O=BTGuard/CN=server/emailAddress=supp...@btguard.com > Thu Aug 30 17:03:13 2012 WARNING: 'dev-type' is used inconsistently, > local='dev-type tap', remote='dev-type tun' > Thu Aug 30 17:03:13 2012 WARNING: 'link-mtu' is used inconsistently, > local='link-mtu 1576', remote='link-mtu 1543' > Thu Aug 30 17:03:13 2012 WARNING: 'tun-mtu' is used inconsistently, > local='tun-mtu 1532', remote='tun-mtu 1500' > Thu Aug 30 17:03:13 2012 WARNING: 'comp-lzo' is present in local config but > missing in remote config, local='comp-lzo' > Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized > with 128 bit key > Thu Aug 30 17:03:13 2012 Data Channel Encrypt: Using 160 bit message hash > 'SHA1' for HMAC authentication > Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized > with 128 bit key > Thu Aug 30 17:03:13 2012 Data Channel Decrypt: Using 160 bit message hash > 'SHA1' for HMAC authentication > Thu Aug 30 17:03:13 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 > DHE-RSA-AES256-SHA, 1024 bit RSA > Thu Aug 30 17:03:13 2012 [server] Peer Connection Initiated with > [AF_INET]95.211.149.152:1194 > Thu Aug 30 17:03:16 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) > Thu Aug 30 17:03:16 2012 PUSH: Received control message: > 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway,route 10.10.0.1,topology > net30,ping 20,ping-restart 240,ifconfig 10.10.0.170 10.10.0.169' > Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: timers and/or timeouts modified > Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ifconfig/up options modified > Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: route options modified > Thu Aug 30 17:03:16 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option > options modified > Thu Aug 30 17:03:16 2012 WARNING: Since you are using --dev tap, the second > argument to --ifconfig must be a netmask, for example something like > 255.255.255.0. (silence this warning with --ifconfig-nowarn) > Thu Aug 30 17:03:16 2012 ROUTE default_gateway=192.168.1.254 > Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for > a --route option and no default was specified by either --route-gateway or > --ifconfig options > Thu Aug 30 17:03:16 2012 OpenVPN ROUTE: failed to parse/resolve route for > host/network: 10.10.0.1 > Thu Aug 30 17:03:16 2012 TUN/TAP device tap0 opened > Thu Aug 30 17:03:16 2012 TUN/TAP TX queue length set to 100 > Thu Aug 30 17:03:16 2012 /sbin/ifconfig tap0 10.10.0.170 netmask 10.10.0.169 > mtu 1500 broadcast 255.255.255.254 > SIOCSIFNETMASK: Invalid argument > Thu Aug 30 17:03:16 2012 Linux ifconfig failed: external program exited with > error status: 1 > Thu Aug 30 17:03:16 2012 Exiting > > I can post the entire *.conf file if that would be better, the only reason I > didn't is because of its length. > > What I don't get is the contents of this file are the same settings I entered > into the network-manager-openvpn-gnome gui. Shouldn't that gui set up such a > file or some gconf or some other equivalent? Does using the gui normally work? > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > http://lists.debian.org/704043732.1389.1346361667460.JavaMail.sas@172.29.254.227 >
For what I see in the log, there seems to be some inconsistencies in your config file. If you haven't made it to work by now, feel free to post your config file (only the relevant lines, not the comments) and i'll see if I can find where the problem is. I cant help you with the network-manager-openvpn-gnome though, since I've never used it myself. Cheers!, Fred -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAP4bfpzAoo-XROJhXDF=pqYnF5r2oPknhwVDbTj0wBqkJ=k...@mail.gmail.com
