[Linux beginner, SME Server 8.1]
Hello - I can connect but not do anything once connected.
I get an ip address on the server network but cannot do anything with it.
One problem I solved myself by switching off Lzo compression as Chromebook does not seem to support it.
Otherwise I am stuck.
From the listings below I seem to have an Ip address, a nameserver address but no gateway. Is that significant?
Any help or ideas gratefully received.
Thanks.
I have munged external addresses as best I could.
2014-11-27 14:56:07.924479500 OpenVPN 2.3.1 i386-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on May 24 2013
2014-11-27 14:56:07.924482500 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:11194
2014-11-27 14:56:07.931987500 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
2014-11-27 14:56:08.039756500 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
2014-11-27 14:56:08.075654500 Diffie-Hellman initialized with 1024 bit key
2014-11-27 14:56:08.092221500 WARNING: file 'priv/key.pem' is group or others accessible
2014-11-27 14:56:08.100577500 Socket Buffers: R=[110592->131072] S=[110592->131072]
2014-11-27 14:56:08.100578500 TUN/TAP device tap0 opened
2014-11-27 14:56:08.100579500 TUN/TAP TX queue length set to 100
2014-11-27 14:56:08.100742500 nice 5 succeeded
2014-11-27 14:56:08.100752500 chroot to '/etc/openvpn/bridge' and cd to '/' succeeded
2014-11-27 14:56:08.100761500 GID set to nobody
2014-11-27 14:56:08.100768500 UID set to nobody
2014-11-27 14:56:08.100776500 UDPv4 link local (bound): [undef]
2014-11-27 14:56:08.100781500 UDPv4 link remote: [undef]
2014-11-27 14:56:08.100789500 MULTI: multi_init called, r=256 v=256
2014-11-27 14:56:08.153225500 IFCONFIG POOL: base=192.168.3.10 size=21, ipv6=0
2014-11-27 14:56:08.153261500 Initialization Sequence Completed
2014-11-27 14:57:52.024597500 12.34.56.78:56381 TLS: Initial packet from [AF_INET]12.34.56.78:56381, sid=7f4ae132 7ff4c66b
2014-11-27 14:57:54.334330500 12.34.56.78:56381 CRL CHECK OK: C=GB, ST=Lancs, L=Skelmersdale, O=our Lets, OU=Certificate Authority, CN=PHPki Certificate Authority, emailAddress=admin@admin.admin
2014-11-27 14:57:54.334352500 12.34.56.78:56381 VERIFY OK: depth=1, C=GB, ST=Lancs, L=Skelmersdale, O=our Lets, OU=Certificate Authority, CN=PHPki Certificate Authority, emailAddress=admin@admin.admin
2014-11-27 14:57:54.335482500 12.34.56.78:56381 CRL CHECK OK: C=GB, ST=Lancs, L=Skelmersdale, O=Your Lets, O=21232f297a57a5a743894a0e4a801fc3, OU=VPN, CN=chromeboook1, emailAddress=admin@admin.admin
2014-11-27 14:57:54.335501500 12.34.56.78:56381 VERIFY OK: depth=0, C=GB, ST=Lancs, L=Skelmersdale, O=Your Lets, O=21232f297a57a5a743894a0e4a801fc3, OU=VPN, CN=chromeboook1, emailAddress=admin@admin.admin
2014-11-27 14:57:54.544393500 12.34.56.78:56381 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
2014-11-27 14:57:54.544414500 12.34.56.78:56381 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1541'
2014-11-27 14:57:54.544433500 12.34.56.78:56381 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2014-11-27 14:57:54.544734500 12.34.56.78:56381 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-11-27 14:57:54.544752500 12.34.56.78:56381 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-11-27 14:57:54.544864500 12.34.56.78:56381 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-11-27 14:57:54.544881500 12.34.56.78:56381 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-11-27 14:57:54.612711500 12.34.56.78:56381 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2014-11-27 14:57:54.612764500 12.34.56.78:56381 [chromeboook1] Peer Connection Initiated with [AF_INET]12.34.56.78:56381
2014-11-27 14:57:54.612862500 chromeboook1/12.34.56.78:56381 MULTI_sva: pool returned IPv4=192.168.3.10, IPv6=(Not enabled)
2014-11-27 14:57:55.775771500 chromeboook1/12.34.56.78:56381 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
2014-11-27 14:57:56.882421500 chromeboook1/12.34.56.78:56381 PUSH: Received control message: 'PUSH_REQUEST'
2014-11-27 14:57:56.882444500 chromeboook1/12.34.56.78:56381 send_push_reply(): safe_cap=940
2014-11-27 14:57:56.882489500 chromeboook1/12.34.56.78:56381 SENT CONTROL [chromeboook1]: 'PUSH_REPLY,dhcp-option DOMAIN yourlets.biz,dhcp-option DNS 192.168.3.2,dhcp-option WINS 192.168.3.2,route-gateway 192.168.3.2,ping 10,ping-restart 120,ifconfig 192.168.3.10 255.255.255.0' (status=1)
2014-11-27 14:57:57.122042500 chromeboook1/12.34.56.78:56381 MULTI: Learn: 40:00:40:11:ce:95 -> chromeboook1/12.34.56.78:56381
2014-11-27 14:57:57.153216500 chromeboook1/12.34.56.78:56381 MULTI: Learn: 40:00:40:11:ce:6a -> chromeboook1/12.34.56.78:56381
2014-11-27 14:57:57.153321500 chromeboook1/12.34.56.78:56381 MULTI: Learn: 40:00:40:11:ce:72 -> chromeboook1/12.34.56.78:56381
...lots and lots of similar lines then
2014-11-27 14:58:55.282822500 chromeboook1/12.34.56.78:56381 MULTI: Learn: 40:00:40:11:f7:0d -> chromeboook1/12.34.56.78:56381
2014-11-27 14:58:55.362192500 chromeboook1/12.34.56.78:56381 MULTI: Learn: 40:00:40:11:f6:c9 -> chromeboook1/12.34.56.78:56381
2014-11-27 14:58:55.372897500 chromeboook1/12.34.56.78:56381 MULTI ROUTE: route quota (256) exceeded for chromeboook1/12.34.56.78:56381 (see --max-routes-per-client option)
2014-11-27 14:58:55.372920500 chromeboook1/12.34.56.78:56381 MULTI: Learn FAILED: 40:00:40:11:fa:9e -> chromeboook1/12.34.56.78:56381
2014-11-27 14:58:55.892653500 chromeboook1/12.34.56.78:56381 MULTI ROUTE: route quota (256) exceeded for chromeboook1/12.34.56.78:56381 (see --max-routes-per-client option)
2014-11-27 14:58:55.892673500 chromeboook1/12.34.56.78:56381 MULTI: Learn FAILED: 40:00:40:11:e8:f1 -> chromeboook1/12.34.56.78:56381
2014-11-27 14:58:56.462788500 chromeboook1/12.34.56.78:56381 MULTI ROUTE: route quota (256) exceeded for chromeboook1/12.34.56.78:56381 (see --max-routes-per-client option)
...with lots and lots of similar then when I disconnect the chromebook
2014-11-27 15:21:35.642570500 chromeboook1/12.34.56.78:56381 MULTI ROUTE: route quota (256) exceeded for chromeboook1/12.34.56.78:56381 (see --max-routes-per-client option)
2014-11-27 15:21:35.642616500 chromeboook1/12.34.56.78:56381 MULTI: Learn FAILED: 40:00:40:11:35:39 -> chromeboook1/12.34.56.78:56381
2014-11-27 15:21:36.222876500 chromeboook1/12.34.56.78:56381 MULTI ROUTE: route quota (256) exceeded for chromeboook1/12.34.56.78:56381 (see --max-routes-per-client option)
2014-11-27 15:21:36.222937500 chromeboook1/12.34.56.78:56381 MULTI: Learn FAILED: 40:00:40:01:b3:4c -> chromeboook1/12.34.56.78:56381
2014-11-27 15:23:34.143569500 192.168.3.178:48897 TLS: Initial packet from [AF_INET]192.168.3.178:48897, sid=ef9484e0 0965c642
2014-11-27 15:24:34.261751500 192.168.3.178:48897 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-11-27 15:24:34.261801500 192.168.3.178:48897 TLS Error: TLS handshake failed
2014-11-27 15:24:34.261917500 192.168.3.178:48897 SIGUSR1[soft,tls-error] received, client-instance restarting
2014-11-27 15:25:36.424668500 chromeboook1/12.34.56.78:56381 [chromeboook1] Inactivity timeout (--ping-restart), restarting
2014-11-27 15:25:36.424719500 chromeboook1/12.34.56.78:56381 SIGUSR1[soft,ping-restart] received, client-instance restarting
here is what chromebook if config shows me
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 12.34.56.78 netmask 255.255.255.255 destination 10.64.64.64
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 798 bytes 185574 (181.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1443 bytes 241226 (235.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 192.168.3.10 netmask 255.255.255.0 destination 192.168.3.10
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 368 overruns 0 frame 0
TX packets 1004 bytes 70946 (69.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Here is the chromebook network_diagnostics listing
Trying to contact https://www.google.com ... (waiting up to 10 seconds)
Trying to contact http://www.google.com ... (waiting up to 10 seconds)
Trying to contact https://www.google.com ... (waiting up to 10 seconds)
FAIL: Got DNS resolution error -- trying to debug nameservers
Entering diag_nameservers
Testing connectivity to nameservers
Entering diag_ping 192.168.3.2
ping: icmp open socket: Operation not permitted
PASS: address 192.168.3.2: ping OK
FAIL: We can reach the nameservers but were not able to resolve hostnames
FAIL: You may be behind a captive portal or there may be a DNS
FAIL: configuration problem
Entering get_device_list
Device list:
ppp0 unknown::
tun0 unknown::
wlan0 pci:0034:168c ath9k
Entering diag_flimflam
PASS: shill is running, pid 1690
Listing of /var/run/shill
total 8
drwxr-xr-x 5 root root 160 Nov 25 18:13 .
drwxr-xr-x 21 root root 540 Nov 27 15:01 ..
drwxr-xr-x 2 root root 60 Nov 27 14:57 certificate_export
-rw-r--r-- 1 root root 56 Nov 25 17:51 loaded_profile_list
lrwxrwxrwx 1 root root 62 Nov 25 17:51 log -> /home/root/64f0fc3de7a722b8b56513748c08de25d928e52f/shill_logs
drwx------ 2 root root 60 Nov 27 14:57 openvpn_config
-rw-r--r-- 1 root root 87 Nov 27 14:57 resolv.conf
drwx------ 2 root root 60 Nov 25 17:51 user_profiles
Entering diag_flimflam_dbus
Flimflam Manager:
/0/ActiveProfile /profile/chronos/shill
/1/ArpGateway true
/2/AvailableTechnologies/0 cellular
/2/AvailableTechnologies/1 wifi
/3/CheckPortalList ethernet,wifi,cellular
/5/ConnectionState online
/6/Country
/7/DefaultService /service/59
/8/DefaultTechnology vpn
/9/Devices/0 /device/wlan0
/9/Devices/1 /device/no_netdev_2
/10/DisableWiFiVHT false
/11/EnabledTechnologies/0 cellular
/11/EnabledTechnologies/1 wifi
/12/HostName
/13/IgnoredDNSSearchPaths gateway.2wire.net
/14/LinkMonitorTechnologies wifi
/15/OfflineMode false
/16/PortalCheckInterval 30
/17/PortalURL http://www.gstatic.com/generate_204
/18/Profiles/0 /profile/default
/18/Profiles/1 /profile/chronos/shill
/19/ServiceCompleteList/0 /service/59
/19/ServiceCompleteList/1 /service/147
/19/ServiceCompleteList/2 /service/4
/19/ServiceCompleteList/3 /service/7
/19/ServiceCompleteList/4 /service/8
/19/ServiceCompleteList/5 /service/0
/19/ServiceCompleteList/6 /service/152
/19/ServiceCompleteList/7 /service/148
/19/ServiceCompleteList/8 /service/141
/19/ServiceCompleteList/9 /service/144
/19/ServiceCompleteList/10 /service/142
/19/ServiceCompleteList/11 /service/153
/19/ServiceCompleteList/12 /service/151
/19/ServiceCompleteList/13 /service/1
/20/ServiceWatchList/0 /service/59
/20/ServiceWatchList/1 /service/147
/21/Services/0 /service/59
/21/Services/1 /service/147
/21/Services/2 /service/4
/21/Services/3 /service/152
/21/Services/4 /service/148
/21/Services/5 /service/141
/21/Services/6 /service/144
/21/Services/7 /service/142
/21/Services/8 /service/153
/21/Services/9 /service/151
/22/State online
/24/WakeOnLanEnabled true
Service /service/59
/0/AutoConnect false
/1/CheckPortal auto
/2/Connectable true
/3/ConnectionId 0
/4/DNSAutoFallback false
/6/Diagnostics.Misconnects/0 2014-11-25T20:16:06.175284+0000
/8/Error Unknown
/9/ErrorDetails
/10/GUID
/11/HTTPProxyPort 53783
/12/IPConfig /ipconfig/tun0_19_ip
/13/IsActive true
/14/Name yole
/15/PhysicalTechnology vpn
/16/PortalDetectionFailedPhase
/17/PortalDetectionFailedStatus
/18/PreviousError connect-failed
/19/PreviousErrorSerialNumber 1
/20/Priority 0
/21/Profile /profile/chronos/shill
/22/Provider/0/Host 82.69.35.17
/22/Provider/1/OpenVPN.CACertPEM/0 -----BEGIN CERTIFICATE-----
MIIFODCCBCCg
...munge...
TQGuQjkyWWePklCK7jwed+h32LF
y8FfY0L59lyOC3aMzs9qVsFjKE8OZjpe+BlNAJmbCiQR6i9B60+nP3VN83k=
-----END CERTIFICATE-----
/22/Provider/2/OpenVPN.Pkcs11.ID 001D2226833B6BA4FBDCEF2248F8D6F60C4F3536
/22/Provider/3/OpenVPN.Pkcs11.PIN 111111
/22/Provider/4/OpenVPN.User william
/22/Provider/5/PassphraseRequired false
/22/Provider/6/Type openvpn
/23/ProxyConfig
/24/SaveCredentials true
/25/SavedIP.Address 192.168.3.10
/26/SavedIP.Gateway
/27/SavedIP.Mtu 1500
/28/SavedIP.NameServers 192.168.3.2
/29/SavedIP.PeerAddress
/30/SavedIP.Prefixlen 24
/31/State online
/32/Strength 00
/33/Type vpn
/34/UIData
/35/VPN.Domain
/36/Visible true