You are not logged in.

Pages: 1

#1 2009-09-19 08:44:35

cwjiof
Member
From: Taichung, TW
Registered: 2008-01-27
Posts: 131

Upgrading openvpn from 2.09 to 2.1 makes the vpn unusable

I had connected to Alonweb's free vpn network with the configuration supplied by itself. It works well when I'm using openvpn 2.09.

Then I upgraded the openvpn from 2.09 to 2.1. When the vpn connection has been established with the same configuration, it just become unusable. I looked up my IP online, and found the IP address didn't change.

So it's really strange, because I found vpn connection established successfully by ifconfig:

%  ifconfig
eth0      Link encap:Ethernet  HWaddr **********
          inet addr:192.168.1.104  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: ************ Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53857 errors:0 dropped:0 overruns:0 frame:0
          TX packets:63726 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:40999698 (39.1 Mb)  TX bytes:11520128 (10.9 Mb)
          Interrupt:22 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1247 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1247 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:597855 (583.8 Kb)  TX bytes:597855 (583.8 Kb)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:172.32.3.82  P-t-P:172.32.3.81  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

After downgrading the openvpn to 2.09, the connection works again!

In short, what's wrong with the openvpn 2.1 ?

Last edited by cwjiof (2009-09-19 08:45:58)

Offline

#2 2009-09-19 15:14:42

neddie_seagoon
Member
Registered: 2009-08-23
Posts: 121

Re: Upgrading openvpn from 2.09 to 2.1 makes the vpn unusable

If you manually run openvpn directly with the config file, do you see any errors?

Offline

#3 2009-09-19 22:41:07

cwjiof
Member
From: Taichung, TW
Registered: 2008-01-27
Posts: 131

Re: Upgrading openvpn from 2.09 to 2.1 makes the vpn unusable

No errors. Here are the outputs by the two version of openvpn,where I can't find any obvious difference between them:

openvpn 2.09

 6:27 [~] % sudo openvpn --config /etc/openvpn/alonweb.conf --ca /etc/openvpn/alonweb.crt
Sun Sep 20 06:28:15 2009 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Sep 19 2009
Enter Auth Username:****
Enter Auth Password:
Sun Sep 20 06:28:24 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Sep 20 06:28:24 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 20 06:28:24 2009 LZO compression initialized
Sun Sep 20 06:28:24 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Sep 20 06:28:24 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Sep 20 06:28:24 2009 Local Options hash (VER=V4): '69109d17'
Sun Sep 20 06:28:24 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Sep 20 06:28:24 2009 Attempting to establish TCP connection with 85.17.136.142:443
Sun Sep 20 06:28:25 2009 TCP connection established with 85.17.136.142:443
Sun Sep 20 06:28:25 2009 TCPv4_CLIENT link local: [undef]
Sun Sep 20 06:28:25 2009 TCPv4_CLIENT link remote: 85.17.136.142:443
Sun Sep 20 06:28:25 2009 TLS: Initial packet from 85.17.136.142:443, sid=e5c8389a 123579fc
Sun Sep 20 06:28:30 2009 VERIFY OK: depth=1, /C=BY/ST=BY/L=Minsk/O=Lesavik/CN=Lesavik_CA/emailAddress=lesavik@alonweb.com
Sun Sep 20 06:28:30 2009 VERIFY OK: depth=0, /C=BY/ST=BY/L=Minsk/O=Lesavik/CN=server/emailAddress=lesavik@alonweb.com
Sun Sep 20 06:28:33 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 20 06:28:33 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 20 06:28:33 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 20 06:28:33 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 20 06:28:33 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 20 06:28:33 2009 [server] Peer Connection Initiated with 85.17.136.142:443
Sun Sep 20 06:28:34 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Sep 20 06:28:34 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 156.154.70.1,dhcp-option DNS 208.67.220.220,redirect-gateway,route 172.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 172.32.0.194 172.32.0.193'
Sun Sep 20 06:28:34 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: topology (2.0.9)
Sun Sep 20 06:28:34 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 20 06:28:34 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 20 06:28:34 2009 OPTIONS IMPORT: route options modified
Sun Sep 20 06:28:34 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 20 06:28:34 2009 TUN/TAP device tun0 opened
Sun Sep 20 06:28:34 2009 /sbin/ifconfig tun0 172.32.0.194 pointopoint 172.32.0.193 mtu 1500
Sun Sep 20 06:28:34 2009 /sbin/route add -net 85.17.136.142 netmask 255.255.255.255 gw 192.168.1.1
Sun Sep 20 06:28:34 2009 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sun Sep 20 06:28:34 2009 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 172.32.0.193
Sun Sep 20 06:28:34 2009 /sbin/route add -net 172.32.0.1 netmask 255.255.255.255 gw 172.32.0.193
Sun Sep 20 06:28:34 2009 Initialization Sequence Completed

openvpn 2.1

6:36 [~] % sudo openvpn --config /etc/openvpn/alonweb.conf --ca /etc/openvpn/alonweb.crt
Sun Sep 20 06:36:36 2009 OpenVPN 2.1_rc19 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jul 25 2009
Enter Auth Username:****
Enter Auth Password:
Sun Sep 20 06:36:43 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 20 06:36:43 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 20 06:36:43 2009 LZO compression initialized
Sun Sep 20 06:36:43 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Sep 20 06:36:43 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Sep 20 06:36:43 2009 Local Options hash (VER=V4): '69109d17'
Sun Sep 20 06:36:43 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Sep 20 06:36:43 2009 Attempting to establish TCP connection with 85.17.136.142:443 [nonblock]
Sun Sep 20 06:36:44 2009 TCP connection established with 85.17.136.142:443
Sun Sep 20 06:36:44 2009 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 20 06:36:44 2009 TCPv4_CLIENT link local: [undef]
Sun Sep 20 06:36:44 2009 TCPv4_CLIENT link remote: 85.17.136.142:443
Sun Sep 20 06:36:44 2009 TLS: Initial packet from 85.17.136.142:443, sid=d0640fa8 fc32e974
Sun Sep 20 06:36:44 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Sep 20 06:36:49 2009 VERIFY OK: depth=1, /C=BY/ST=BY/L=Minsk/O=Lesavik/CN=Lesavik_CA/emailAddress=lesavik@alonweb.com
Sun Sep 20 06:36:49 2009 VERIFY OK: depth=0, /C=BY/ST=BY/L=Minsk/O=Lesavik/CN=server/emailAddress=lesavik@alonweb.com
Sun Sep 20 06:36:52 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 20 06:36:52 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 20 06:36:52 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 20 06:36:52 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 20 06:36:52 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 20 06:36:52 2009 [server] Peer Connection Initiated with 85.17.136.142:443
Sun Sep 20 06:36:53 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Sep 20 06:36:54 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 156.154.70.1,dhcp-option DNS 208.67.220.220,redirect-gateway,route 172.32.0.1,topology net30,ping 10,ping-restart 120,ifconfig 172.32.0.142 172.32.0.141'
Sun Sep 20 06:36:54 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 20 06:36:54 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 20 06:36:54 2009 OPTIONS IMPORT: route options modified
Sun Sep 20 06:36:54 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 20 06:36:54 2009 ROUTE default_gateway=192.168.1.1
Sun Sep 20 06:36:54 2009 TUN/TAP device tun0 opened
Sun Sep 20 06:36:54 2009 TUN/TAP TX queue length set to 100
Sun Sep 20 06:36:54 2009 /sbin/ifconfig tun0 172.32.0.142 pointopoint 172.32.0.141 mtu 1500
Sun Sep 20 06:36:54 2009 /sbin/route add -net 85.17.136.142 netmask 255.255.255.255 gw 192.168.1.1
Sun Sep 20 06:36:54 2009 /sbin/route add -net 172.32.0.1 netmask 255.255.255.255 gw 172.32.0.141
Sun Sep 20 06:36:54 2009 Initialization Sequence Completed

But where is the openvpn.log? I can't find it in /var/log.

Last edited by cwjiof (2009-09-19 22:41:52)

Offline

#4 2009-09-20 13:56:00

neddie_seagoon
Member
Registered: 2009-08-23
Posts: 121

Re: Upgrading openvpn from 2.09 to 2.1 makes the vpn unusable

This is the only difference I see is when it sets up routing:

2.09

Sun Sep 20 06:28:34 2009 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sun Sep 20 06:28:34 2009 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 172.32.0.193

2.1
No such lines. Maybe try to run the same commands post-connect but for the gw line use the address after 'pointopoint' when it brings up tun0.

Offline

Pages: 1

Board footer

Powered by FluxBB