Topic: [ANNOUNCE] smeserver-openvpn-bridge-fws-1.1-2.rpm

[Daniel B.]

Very nice and thank you for your answer. Could you tell me which RPM's you installed on 7.x to get the latest motion package running?

I didn't find any rpm so I compiled it myself on a test server.

I am still trying to get beta 5 going. I tried uninstalling everything and removing all directories and power down/up. I still have the "Unknown" selection possible at the bottom of my toolbar on the left of my smeserver manager screen. Shouldn't this have gone away?

Anyways I am the point where I may wipe everything and start again (ouch) unless you have any ideas re fix.

Thx in advance for any help.

Ian

To remove the .rnd from the panel, you need to delete a file:

rm -f /etc/e-smith/web/panels/manager/cgi-bin/.rnd

and to rebuild the left frame

/etc/e-smith/events/actions/navigation-conf

But for your openvpn which doesn't work, I don't know. I know there's still one or two problems to fix that's why I'm working on beta6 (which should manly bring sme6.x compatibility, and correct some problems of auth method 3/4) but beta5 should work.

[imcintyre]

Well; I removed those files and did a new install from your nov 26th update and got nowhere, tabarnak!

The only other thing that I can think of, that is different from other people's systems in general is that I have a dynamic ip address. I use zone edit to handle or resolve the address issues. I implemented the chron manager and a custom script I can always see my page so it can't be that???

It's funny that beta 4 worked perfectly on two different clients and 5 on neither. Perhaps in my ignorance I removed something that was required.

So I have backed all info up and will do a fresh install sme 7 over again.
I'll let you know how it goes.

[Daniel B.]

The problem cannot comes from the dynamic IP as my personal server has a dynamic IP also (I use a dyndns free account). If you don't wan't to do a fresh install, you can continu using beta4, but you loose the security improvement of beta5. Don't you have a test machine to perform a fresh install and check if it works with it?

[crazybob]

Hi imcintyre,
    I am using the latest beta5 on 5 or 6 SME7.0 boxes, and the only problems were self inflicted. I had the same .rnd entry in server-manager from the beta4 install , but as long as I didn't click on it, it was OK. I removed it on my server using VIP-ire's suggestion.
I guess I am curious as to what's not working for you.

Bob

[imcintyre]

Vip-ire/Bob

I have the cd in the drawer and the drawer is still open and I thought Iwould look one last time here to see if there was anything else I could try.

I am not sure what is wrong except the trivial "it doesn't work". Beta4 worked right out of the can on xp home client and after an windows upgrade to my xp pro client it worked also. Like perfectly, I was happy!

I tried to follow the instructions exactly as presented when upgrading to 5 but it does not work on either my xp home or xp pro clients.

I done two uninstall/install on the server and at least once on the xp pro client.  I seem to make some progress each time but can't get it complete. I sent my certificates, keys and certs to Vipire and he said he doesn't see why not. I am a complete noobie (ubernoobie) so I can provide some feedback but not alot of original thought.

 I will post the latest from my log, just need to switch machines. If you can help it would be muchly appreciated.

[imcintyre]

I see that it cannot load my crt. It is in the correct folder. When I try to open it in notepad it has nothing in it and appears to be 0k in size.

Is this right? I created it last night and downloaded it then tried it off site.

What if anything should I be doing with the server certificates and keys?

When I created my server certificates, should I have given it the same name as my server and should I have assigned it a local address?

Thx for any help you can lend.

Wed Nov 29 10:43:46 2006 us=634854 Current Parameter Settings:
Wed Nov 29 10:43:46 2006 us=634956   config = 'VPN.ovpn'
Wed Nov 29 10:43:46 2006 us=634982   mode = 0
Wed Nov 29 10:43:46 2006 us=635007   show_ciphers = DISABLED
Wed Nov 29 10:43:46 2006 us=635030   show_digests = DISABLED
Wed Nov 29 10:43:46 2006 us=635055   show_engines = DISABLED
Wed Nov 29 10:43:46 2006 us=635078   genkey = DISABLED
Wed Nov 29 10:43:46 2006 us=635101   key_pass_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635126   show_tls_ciphers = DISABLED
Wed Nov 29 10:43:46 2006 us=635149   proto = 0
Wed Nov 29 10:43:46 2006 us=635172   local = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635200   remote_list[0] = {'mcintyres.ca', 1194}
Wed Nov 29 10:43:46 2006 us=635225   remote_random = DISABLED
Wed Nov 29 10:43:46 2006 us=635251   local_port = 1194
Wed Nov 29 10:43:46 2006 us=635275   remote_port = 1194
Wed Nov 29 10:43:46 2006 us=635299   remote_float = DISABLED
Wed Nov 29 10:43:46 2006 us=635322   ipchange = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635346   bind_local = DISABLED
Wed Nov 29 10:43:46 2006 us=635369   dev = 'tap'
Wed Nov 29 10:43:46 2006 us=635393   dev_type = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635417   dev_node = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635441   tun_ipv6 = DISABLED
Wed Nov 29 10:43:46 2006 us=635467   ifconfig_local = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635492   ifconfig_remote_netmask = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=635517   ifconfig_noexec = DISABLED
Wed Nov 29 10:43:46 2006 us=635541   ifconfig_nowarn = DISABLED
Wed Nov 29 10:43:46 2006 us=635564   shaper = 0
Wed Nov 29 10:43:46 2006 us=635588   tun_mtu = 1500
Wed Nov 29 10:43:46 2006 us=635612   tun_mtu_defined = ENABLED
Wed Nov 29 10:43:46 2006 us=635636   link_mtu = 1500
Wed Nov 29 10:43:46 2006 us=635660   link_mtu_defined = DISABLED
Wed Nov 29 10:43:46 2006 us=635684   tun_mtu_extra = 32
Wed Nov 29 10:43:46 2006 us=635709   tun_mtu_extra_defined = ENABLED
Wed Nov 29 10:43:46 2006 us=635733   fragment = 1400
Wed Nov 29 10:43:46 2006 us=635758   mtu_discover_type = -1
Wed Nov 29 10:43:46 2006 us=635781   mtu_test = 0
Wed Nov 29 10:43:46 2006 us=635803   mlock = DISABLED
Wed Nov 29 10:43:46 2006 us=635827   keepalive_ping = 0
Wed Nov 29 10:43:46 2006 us=635851   keepalive_timeout = 0
Wed Nov 29 10:43:46 2006 us=635875   inactivity_timeout = 0
Wed Nov 29 10:43:46 2006 us=635899   ping_send_timeout = 0
Wed Nov 29 10:43:46 2006 us=635923   ping_rec_timeout = 120
Wed Nov 29 10:43:46 2006 us=635947   ping_rec_timeout_action = 2
Wed Nov 29 10:43:46 2006 us=635971   ping_timer_remote = DISABLED
Wed Nov 29 10:43:46 2006 us=635995   remap_sigusr1 = 0
Wed Nov 29 10:43:46 2006 us=636020   explicit_exit_notification = 0
Wed Nov 29 10:43:46 2006 us=636044   persist_tun = DISABLED
Wed Nov 29 10:43:46 2006 us=636068   persist_local_ip = DISABLED
Wed Nov 29 10:43:46 2006 us=636093   persist_remote_ip = DISABLED
Wed Nov 29 10:43:46 2006 us=636117   persist_key = DISABLED
Wed Nov 29 10:43:46 2006 us=636141   mssfix = 1450
Wed Nov 29 10:43:46 2006 us=636175   resolve_retry_seconds = 1000000000
Wed Nov 29 10:43:46 2006 us=636201   connect_retry_seconds = 5
Wed Nov 29 10:43:46 2006 us=636225   username = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636250   groupname = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636274   chroot_dir = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636297   cd_dir = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636321   writepid = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636345   up_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636368   down_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=636392   down_pre = DISABLED
Wed Nov 29 10:43:46 2006 us=636416   up_restart = DISABLED
Wed Nov 29 10:43:46 2006 us=636439   up_delay = DISABLED
Wed Nov 29 10:43:46 2006 us=636463   daemon = DISABLED
Wed Nov 29 10:43:46 2006 us=636485   inetd = 0
Wed Nov 29 10:43:46 2006 us=636508   log = DISABLED
Wed Nov 29 10:43:46 2006 us=636532   suppress_timestamps = DISABLED
Wed Nov 29 10:43:46 2006 us=636555   nice = 0
Wed Nov 29 10:43:46 2006 us=636578   verbosity = 4
Wed Nov 29 10:43:46 2006 us=677207   mute = 0
Wed Nov 29 10:43:46 2006 us=677231   gremlin = 0
Wed Nov 29 10:43:46 2006 us=677243   status_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677254   status_file_version = 1
Wed Nov 29 10:43:46 2006 us=677265   status_file_update_freq = 60
Wed Nov 29 10:43:46 2006 us=677275   occ = ENABLED
Wed Nov 29 10:43:46 2006 us=677285   rcvbuf = 0
Wed Nov 29 10:43:46 2006 us=677295   sndbuf = 0
Wed Nov 29 10:43:46 2006 us=677308   socks_proxy_server = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677332   socks_proxy_port = 0
Wed Nov 29 10:43:46 2006 us=677343   socks_proxy_retry = DISABLED
Wed Nov 29 10:43:46 2006 us=677353   fast_io = DISABLED
Wed Nov 29 10:43:46 2006 us=677364   comp_lzo = ENABLED
Wed Nov 29 10:43:46 2006 us=677375   comp_lzo_adaptive = ENABLED
Wed Nov 29 10:43:46 2006 us=677386   route_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677396   route_default_gateway = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677407   route_noexec = DISABLED
Wed Nov 29 10:43:46 2006 us=677417   route_delay = 0
Wed Nov 29 10:43:46 2006 us=677428   route_delay_window = 30
Wed Nov 29 10:43:46 2006 us=677438   route_delay_defined = ENABLED
Wed Nov 29 10:43:46 2006 us=677450   management_addr = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677460   management_port = 0
Wed Nov 29 10:43:46 2006 us=677471   management_user_pass = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677484   management_log_history_cache = 250
Wed Nov 29 10:43:46 2006 us=677496   management_echo_buffer_size = 100
Wed Nov 29 10:43:46 2006 us=677508   management_query_passwords = DISABLED
Wed Nov 29 10:43:46 2006 us=677519   management_hold = DISABLED
Wed Nov 29 10:43:46 2006 us=677531   shared_secret_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=677542   key_direction = 2
Wed Nov 29 10:43:46 2006 us=677553   ciphername_defined = ENABLED
Wed Nov 29 10:43:46 2006 us=677564   ciphername = 'BF-CBC'
Wed Nov 29 10:43:46 2006 us=677575   authname_defined = ENABLED
Wed Nov 29 10:43:46 2006 us=677586   authname = 'SHA1'
Wed Nov 29 10:43:46 2006 us=698598   keysize = 0
Wed Nov 29 10:43:46 2006 us=698622   engine = DISABLED
Wed Nov 29 10:43:46 2006 us=698633   replay = ENABLED
Wed Nov 29 10:43:46 2006 us=698644   mute_replay_warnings = DISABLED
Wed Nov 29 10:43:46 2006 us=698654   replay_window = 64
Wed Nov 29 10:43:46 2006 us=698665   replay_time = 15
Wed Nov 29 10:43:46 2006 us=698676   packet_id_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=698687   use_iv = ENABLED
Wed Nov 29 10:43:46 2006 us=698697   test_crypto = DISABLED
Wed Nov 29 10:43:46 2006 us=698708   tls_server = DISABLED
Wed Nov 29 10:43:46 2006 us=698718   tls_client = ENABLED
Wed Nov 29 10:43:46 2006 us=698729   key_method = 2
Wed Nov 29 10:43:46 2006 us=698739   ca_file = 'ca.crt'
Wed Nov 29 10:43:46 2006 us=698751   dh_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=698761   cert_file = 'ian.crt'
Wed Nov 29 10:43:46 2006 us=698772   priv_key_file = 'ian.key'
Wed Nov 29 10:43:46 2006 us=698783   pkcs12_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=707452   cryptoapi_cert = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=707472   cipher_list = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=707484   tls_verify = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=707494   tls_remote = 'server'
Wed Nov 29 10:43:46 2006 us=707505   crl_file = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=707515   ns_cert_type = 64
Wed Nov 29 10:43:46 2006 us=707525   tls_timeout = 2
Wed Nov 29 10:43:46 2006 us=707536   renegotiate_bytes = 0
Wed Nov 29 10:43:46 2006 us=707546   renegotiate_packets = 0
Wed Nov 29 10:43:46 2006 us=707557   renegotiate_seconds = 3600
Wed Nov 29 10:43:46 2006 us=707567   handshake_window = 60
Wed Nov 29 10:43:46 2006 us=707578   transition_window = 3600
Wed Nov 29 10:43:46 2006 us=707589   single_session = DISABLED
Wed Nov 29 10:43:46 2006 us=707599   tls_exit = DISABLED
Wed Nov 29 10:43:46 2006 us=707609   tls_auth_file = 'ta.key'
Wed Nov 29 10:43:46 2006 us=707642   server_network = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716176   server_netmask = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716194   server_bridge_ip = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716206   server_bridge_netmask = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716219   server_bridge_pool_start = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716232   server_bridge_pool_end = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716243   ifconfig_pool_defined = DISABLED
Wed Nov 29 10:43:46 2006 us=716256   ifconfig_pool_start = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716267   ifconfig_pool_end = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716279   ifconfig_pool_netmask = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=716291   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=716303   ifconfig_pool_persist_refresh_freq = 600
Wed Nov 29 10:43:46 2006 us=716315   ifconfig_pool_linear = DISABLED
Wed Nov 29 10:43:46 2006 us=716325   n_bcast_buf = 256
Wed Nov 29 10:43:46 2006 us=716336   tcp_queue_limit = 64
Wed Nov 29 10:43:46 2006 us=716347   real_hash_size = 256
Wed Nov 29 10:43:46 2006 us=724821   virtual_hash_size = 256
Wed Nov 29 10:43:46 2006 us=724838   client_connect_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=724850   learn_address_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=724862   client_disconnect_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=724873   client_config_dir = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=724883   ccd_exclusive = DISABLED
Wed Nov 29 10:43:46 2006 us=724894   tmp_dir = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=724905   push_ifconfig_defined = DISABLED
Wed Nov 29 10:43:46 2006 us=724918   push_ifconfig_local = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=724930   push_ifconfig_remote_netmask = 0.0.0.0
Wed Nov 29 10:43:46 2006 us=724941   enable_c2c = DISABLED
Wed Nov 29 10:43:46 2006 us=724951   duplicate_cn = DISABLED
Wed Nov 29 10:43:46 2006 us=724961   cf_max = 0
Wed Nov 29 10:43:46 2006 us=724971   cf_per = 0
Wed Nov 29 10:43:46 2006 us=724981   max_clients = 1024
Wed Nov 29 10:43:46 2006 us=732413   max_routes_per_client = 256
Wed Nov 29 10:43:46 2006 us=732429   client_cert_not_required = DISABLED
Wed Nov 29 10:43:46 2006 us=732441   username_as_common_name = DISABLED
Wed Nov 29 10:43:46 2006 us=732453   auth_user_pass_verify_script = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=732465   auth_user_pass_verify_script_via_file = DISABLED
Wed Nov 29 10:43:46 2006 us=732476   client = DISABLED
Wed Nov 29 10:43:46 2006 us=732486   pull = ENABLED
Wed Nov 29 10:43:46 2006 us=732497   auth_user_pass_file = 'stdin'
Wed Nov 29 10:43:46 2006 us=732511   show_net_up = DISABLED
Wed Nov 29 10:43:46 2006 us=732522   route_method = 0
Wed Nov 29 10:43:46 2006 us=732533   ip_win32_defined = DISABLED
Wed Nov 29 10:43:46 2006 us=732543   ip_win32_type = 3
Wed Nov 29 10:43:46 2006 us=732554   dhcp_masq_offset = 0
Wed Nov 29 10:43:46 2006 us=732565   dhcp_lease_time = 31536000
Wed Nov 29 10:43:46 2006 us=732575   tap_sleep = 0
Wed Nov 29 10:43:46 2006 us=732585   dhcp_options = DISABLED
Wed Nov 29 10:43:46 2006 us=740995   dhcp_renew = DISABLED
Wed Nov 29 10:43:46 2006 us=741010   dhcp_pre_release = DISABLED
Wed Nov 29 10:43:46 2006 us=741020   dhcp_release = DISABLED
Wed Nov 29 10:43:46 2006 us=741031   domain = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=741041   netbios_scope = '[UNDEF]'
Wed Nov 29 10:43:46 2006 us=741052   netbios_node_type = 0
Wed Nov 29 10:43:46 2006 us=741062   disable_nbt = DISABLED
Wed Nov 29 10:43:46 2006 us=741085 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Nov 29 10:43:58 2006 us=3134 Cannot load certificate file ian.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Nov 29 10:43:58 2006 us=3180 Exiting

[imcintyre]

Vip-ire said
 

 Don't you have a test machine to perform a fresh install and check if it works with it?
 

I was thinking that this might be the way to go, but had some practical considerations.

Seeing as I am running this at home, how does one test vpn access when you already have a server as gateway and server. I can think of how it might be done but am easily confused and the practical knowledge eludes me. I searched this site for any posts or how to's but couldnt find any.

imcintyre

[crazybob]

I had one install that gave me a cert that was empty like that, and I used the delete all certs, then recreated them. then everything worked fine. When you create the certs, give it a little extra time (30 sec. or so) to complete the task.

bob

[imcintyre]

Bob;

I am currently travelling, but just before I left I recreated and left more time as you mentioned. Now that I am in my hotel, I try to connect and the I get the repeating "connection reset by peer" (see below).

I go onto the internet and I had created some bs on the beginner web site, which I can see with no problems so I know that the connectivity is there.

I had gotten this far before, but cannot begin to fathom the problem.
Beta 4 worked flawlessly, so it must be something with the certs, keys or beta 5. Are any of your client machines running xp pro?

Thx in advance for any help you can lend.

Wed Nov 29 22:07:10 2006 us=636839 Current Parameter Settings:
Wed Nov 29 22:07:10 2006 us=636947   config = 'VPN.ovpn'
Wed Nov 29 22:07:10 2006 us=636975   mode = 0
Wed Nov 29 22:07:10 2006 us=636999   show_ciphers = DISABLED
Wed Nov 29 22:07:10 2006 us=637023   show_digests = DISABLED
Wed Nov 29 22:07:10 2006 us=637046   show_engines = DISABLED
Wed Nov 29 22:07:10 2006 us=637070   genkey = DISABLED
Wed Nov 29 22:07:10 2006 us=637093   key_pass_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637118   show_tls_ciphers = DISABLED
Wed Nov 29 22:07:10 2006 us=637141   proto = 0
Wed Nov 29 22:07:10 2006 us=637163   local = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637191   remote_list[0] = {'mcintyres.ca', 1194}
Wed Nov 29 22:07:10 2006 us=637216   remote_random = DISABLED
Wed Nov 29 22:07:10 2006 us=637240   local_port = 1194
Wed Nov 29 22:07:10 2006 us=637263   remote_port = 1194
Wed Nov 29 22:07:10 2006 us=637286   remote_float = DISABLED
Wed Nov 29 22:07:10 2006 us=637310   ipchange = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637333   bind_local = DISABLED
Wed Nov 29 22:07:10 2006 us=637355   dev = 'tap'
Wed Nov 29 22:07:10 2006 us=637378   dev_type = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637401   dev_node = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637424   tun_ipv6 = DISABLED
Wed Nov 29 22:07:10 2006 us=637447   ifconfig_local = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637472   ifconfig_remote_netmask = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=637496   ifconfig_noexec = DISABLED
Wed Nov 29 22:07:10 2006 us=637519   ifconfig_nowarn = DISABLED
Wed Nov 29 22:07:10 2006 us=637541   shaper = 0
Wed Nov 29 22:07:10 2006 us=637564   tun_mtu = 1500
Wed Nov 29 22:07:10 2006 us=637587   tun_mtu_defined = ENABLED
Wed Nov 29 22:07:10 2006 us=637610   link_mtu = 1500
Wed Nov 29 22:07:10 2006 us=637634   link_mtu_defined = DISABLED
Wed Nov 29 22:07:10 2006 us=637657   tun_mtu_extra = 32
Wed Nov 29 22:07:10 2006 us=637681   tun_mtu_extra_defined = ENABLED
Wed Nov 29 22:07:10 2006 us=637704   fragment = 1400
Wed Nov 29 22:07:10 2006 us=637728   mtu_discover_type = -1
Wed Nov 29 22:07:10 2006 us=637750   mtu_test = 0
Wed Nov 29 22:07:10 2006 us=637772   mlock = DISABLED
Wed Nov 29 22:07:10 2006 us=637795   keepalive_ping = 0
Wed Nov 29 22:07:10 2006 us=637817   keepalive_timeout = 0
Wed Nov 29 22:07:10 2006 us=637841   inactivity_timeout = 0
Wed Nov 29 22:07:10 2006 us=637864   ping_send_timeout = 0
Wed Nov 29 22:07:10 2006 us=637887   ping_rec_timeout = 120
Wed Nov 29 22:07:10 2006 us=637910   ping_rec_timeout_action = 2
Wed Nov 29 22:07:10 2006 us=637934   ping_timer_remote = DISABLED
Wed Nov 29 22:07:10 2006 us=637957   remap_sigusr1 = 0
Wed Nov 29 22:07:10 2006 us=637981   explicit_exit_notification = 0
Wed Nov 29 22:07:10 2006 us=638004   persist_tun = DISABLED
Wed Nov 29 22:07:10 2006 us=638027   persist_local_ip = DISABLED
Wed Nov 29 22:07:10 2006 us=638051   persist_remote_ip = DISABLED
Wed Nov 29 22:07:10 2006 us=638074   persist_key = DISABLED
Wed Nov 29 22:07:10 2006 us=638097   mssfix = 1450
Wed Nov 29 22:07:10 2006 us=638134   resolve_retry_seconds = 1000000000
Wed Nov 29 22:07:10 2006 us=638159   connect_retry_seconds = 5
Wed Nov 29 22:07:10 2006 us=638182   username = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638205   groupname = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638228   chroot_dir = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638251   cd_dir = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638274   writepid = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638297   up_script = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638320   down_script = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=638343   down_pre = DISABLED
Wed Nov 29 22:07:10 2006 us=638365   up_restart = DISABLED
Wed Nov 29 22:07:10 2006 us=638388   up_delay = DISABLED
Wed Nov 29 22:07:10 2006 us=638410   daemon = DISABLED
Wed Nov 29 22:07:10 2006 us=638432   inetd = 0
Wed Nov 29 22:07:10 2006 us=638454   log = DISABLED
Wed Nov 29 22:07:10 2006 us=638477   suppress_timestamps = DISABLED
Wed Nov 29 22:07:10 2006 us=638499   nice = 0
Wed Nov 29 22:07:10 2006 us=638521   verbosity = 4
Wed Nov 29 22:07:10 2006 us=638543   mute = 0
Wed Nov 29 22:07:10 2006 us=661247   gremlin = 0
Wed Nov 29 22:07:10 2006 us=661282   status_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=661306   status_file_version = 1
Wed Nov 29 22:07:10 2006 us=661330   status_file_update_freq = 60
Wed Nov 29 22:07:10 2006 us=661353   occ = ENABLED
Wed Nov 29 22:07:10 2006 us=661374   rcvbuf = 0
Wed Nov 29 22:07:10 2006 us=661396   sndbuf = 0
Wed Nov 29 22:07:10 2006 us=661419   socks_proxy_server = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=661453   socks_proxy_port = 0
Wed Nov 29 22:07:10 2006 us=661477   socks_proxy_retry = DISABLED
Wed Nov 29 22:07:10 2006 us=661500   fast_io = DISABLED
Wed Nov 29 22:07:10 2006 us=661522   comp_lzo = ENABLED
Wed Nov 29 22:07:10 2006 us=661544   comp_lzo_adaptive = ENABLED
Wed Nov 29 22:07:10 2006 us=661567   route_script = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=661591   route_default_gateway = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=661614   route_noexec = DISABLED
Wed Nov 29 22:07:10 2006 us=661636   route_delay = 0
Wed Nov 29 22:07:10 2006 us=678873   route_delay_window = 30
Wed Nov 29 22:07:10 2006 us=678908   route_delay_defined = ENABLED
Wed Nov 29 22:07:10 2006 us=678934   management_addr = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=678957   management_port = 0
Wed Nov 29 22:07:10 2006 us=678981   management_user_pass = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=679007   management_log_history_cache = 250
Wed Nov 29 22:07:10 2006 us=679032   management_echo_buffer_size = 100
Wed Nov 29 22:07:10 2006 us=679056   management_query_passwords = DISABLED
Wed Nov 29 22:07:10 2006 us=679080   management_hold = DISABLED
Wed Nov 29 22:07:10 2006 us=679104   shared_secret_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=679127   key_direction = 2
Wed Nov 29 22:07:10 2006 us=679150   ciphername_defined = ENABLED
Wed Nov 29 22:07:10 2006 us=679173   ciphername = 'BF-CBC'
Wed Nov 29 22:07:10 2006 us=679197   authname_defined = ENABLED
Wed Nov 29 22:07:10 2006 us=679220   authname = 'SHA1'
Wed Nov 29 22:07:10 2006 us=679242   keysize = 0
Wed Nov 29 22:07:10 2006 us=746684   engine = DISABLED
Wed Nov 29 22:07:10 2006 us=746834   replay = ENABLED
Wed Nov 29 22:07:10 2006 us=746861   mute_replay_warnings = DISABLED
Wed Nov 29 22:07:10 2006 us=746886   replay_window = 64
Wed Nov 29 22:07:10 2006 us=746910   replay_time = 15
Wed Nov 29 22:07:10 2006 us=746934   packet_id_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=746957   use_iv = ENABLED
Wed Nov 29 22:07:10 2006 us=746980   test_crypto = DISABLED
Wed Nov 29 22:07:10 2006 us=747003   tls_server = DISABLED
Wed Nov 29 22:07:10 2006 us=747027   tls_client = ENABLED
Wed Nov 29 22:07:10 2006 us=747050   key_method = 2
Wed Nov 29 22:07:10 2006 us=747072   ca_file = 'ca.crt'
Wed Nov 29 22:07:10 2006 us=747095   dh_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=747119   cert_file = 'ian.crt'
Wed Nov 29 22:07:10 2006 us=747142   priv_key_file = 'ian.key'
Wed Nov 29 22:07:10 2006 us=747165   pkcs12_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=747189   cryptoapi_cert = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=804993   cipher_list = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=805031   tls_verify = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=805055   tls_remote = 'server'
Wed Nov 29 22:07:10 2006 us=805078   crl_file = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=805102   ns_cert_type = 64
Wed Nov 29 22:07:10 2006 us=805124   tls_timeout = 2
Wed Nov 29 22:07:10 2006 us=805147   renegotiate_bytes = 0
Wed Nov 29 22:07:10 2006 us=805171   renegotiate_packets = 0
Wed Nov 29 22:07:10 2006 us=805195   renegotiate_seconds = 3600
Wed Nov 29 22:07:10 2006 us=805218   handshake_window = 60
Wed Nov 29 22:07:10 2006 us=805242   transition_window = 3600
Wed Nov 29 22:07:10 2006 us=805265   single_session = DISABLED
Wed Nov 29 22:07:10 2006 us=805288   tls_exit = DISABLED
Wed Nov 29 22:07:10 2006 us=805311   tls_auth_file = 'ta.key'
Wed Nov 29 22:07:10 2006 us=805358   server_network = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=805385   server_netmask = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866481   server_bridge_ip = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866522   server_bridge_netmask = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866551   server_bridge_pool_start = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866578   server_bridge_pool_end = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866604   ifconfig_pool_defined = DISABLED
Wed Nov 29 22:07:10 2006 us=866631   ifconfig_pool_start = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866657   ifconfig_pool_end = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866684   ifconfig_pool_netmask = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=866710   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=866736   ifconfig_pool_persist_refresh_freq = 600
Wed Nov 29 22:07:10 2006 us=866761   ifconfig_pool_linear = DISABLED
Wed Nov 29 22:07:10 2006 us=866785   n_bcast_buf = 256
Wed Nov 29 22:07:10 2006 us=866808   tcp_queue_limit = 64
Wed Nov 29 22:07:10 2006 us=866832   real_hash_size = 256
Wed Nov 29 22:07:10 2006 us=866856   virtual_hash_size = 256
Wed Nov 29 22:07:10 2006 us=926090   client_connect_script = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=926129   learn_address_script = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=926157   client_disconnect_script = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=926182   client_config_dir = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=926206   ccd_exclusive = DISABLED
Wed Nov 29 22:07:10 2006 us=926229   tmp_dir = '[UNDEF]'
Wed Nov 29 22:07:10 2006 us=926253   push_ifconfig_defined = DISABLED
Wed Nov 29 22:07:10 2006 us=926283   push_ifconfig_local = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=926310   push_ifconfig_remote_netmask = 0.0.0.0
Wed Nov 29 22:07:10 2006 us=926334   enable_c2c = DISABLED
Wed Nov 29 22:07:10 2006 us=926357   duplicate_cn = DISABLED
Wed Nov 29 22:07:10 2006 us=926380   cf_max = 0
Wed Nov 29 22:07:10 2006 us=926402   cf_per = 0
Wed Nov 29 22:07:10 2006 us=926425   max_clients = 1024
Wed Nov 29 22:07:10 2006 us=926449   max_routes_per_client = 256
Wed Nov 29 22:07:11 2006 us=13888   client_cert_not_required = DISABLED
Wed Nov 29 22:07:11 2006 us=13932   username_as_common_name = DISABLED
Wed Nov 29 22:07:11 2006 us=13960   auth_user_pass_verify_script = '[UNDEF]'
Wed Nov 29 22:07:11 2006 us=13987   auth_user_pass_verify_script_via_file = DISABLED
Wed Nov 29 22:07:11 2006 us=14011   client = DISABLED
Wed Nov 29 22:07:11 2006 us=14033   pull = ENABLED
Wed Nov 29 22:07:11 2006 us=14057   auth_user_pass_file = 'stdin'
Wed Nov 29 22:07:11 2006 us=14088   show_net_up = DISABLED
Wed Nov 29 22:07:11 2006 us=14111   route_method = 0
Wed Nov 29 22:07:11 2006 us=14135   ip_win32_defined = DISABLED
Wed Nov 29 22:07:11 2006 us=14158   ip_win32_type = 3
Wed Nov 29 22:07:11 2006 us=14181   dhcp_masq_offset = 0
Wed Nov 29 22:07:11 2006 us=14206   dhcp_lease_time = 31536000
Wed Nov 29 22:07:11 2006 us=14228   tap_sleep = 0
Wed Nov 29 22:07:11 2006 us=14250   dhcp_options = DISABLED
Wed Nov 29 22:07:11 2006 us=14272   dhcp_renew = DISABLED
Wed Nov 29 22:07:11 2006 us=66815   dhcp_pre_release = DISABLED
Wed Nov 29 22:07:11 2006 us=66852   dhcp_release = DISABLED
Wed Nov 29 22:07:11 2006 us=66876   domain = '[UNDEF]'
Wed Nov 29 22:07:11 2006 us=66899   netbios_scope = '[UNDEF]'
Wed Nov 29 22:07:11 2006 us=66922   netbios_node_type = 0
Wed Nov 29 22:07:11 2006 us=66944   disable_nbt = DISABLED
Wed Nov 29 22:07:11 2006 us=66987 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Nov 29 22:07:25 2006 us=42972 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Nov 29 22:07:25 2006 us=43059 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 29 22:07:25 2006 us=43102 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 29 22:07:25 2006 us=43164 LZO compression initialized
Wed Nov 29 22:07:25 2006 us=43379 Control Channel MTU parms [ L:1578 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Nov 29 22:07:25 2006 us=214027 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Nov 29 22:07:25 2006 us=214092 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Wed Nov 29 22:07:25 2006 us=214189 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Nov 29 22:07:25 2006 us=214224 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Nov 29 22:07:25 2006 us=214293 Local Options hash (VER=V4): 'a257ef04'
Wed Nov 29 22:07:25 2006 us=214343 Expected Remote Options hash (VER=V4): '8f3da10b'
Wed Nov 29 22:07:25 2006 us=214408 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Nov 29 22:07:25 2006 us=216452 UDPv4 link local: [undef]
Wed Nov 29 22:07:25 2006 us=216488 UDPv4 link remote: 70.48.39.53:1194
Wed Nov 29 22:07:25 2006 us=282954 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:26 2006 us=544161 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:29 2006 us=51585 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:30 2006 us=311382 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:32 2006 us=848300 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:35 2006 us=369898 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:37 2006 us=686658 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:40 2006 us=8853 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:42 2006 us=332480 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:44 2006 us=655802 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:47 2006 us=71361 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:48 2006 us=332873 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:50 2006 us=851444 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:53 2006 us=350539 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:55 2006 us=850847 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:07:57 2006 us=969311 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:00 2006 us=89575 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:02 2006 us=221719 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:03 2006 us=303333 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:05 2006 us=426187 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:07 2006 us=953637 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:10 2006 us=477587 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:13 2006 us=2638 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:15 2006 us=524357 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:17 2006 us=946061 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:20 2006 us=366486 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Nov 29 22:08:22 2006 us=780949 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

[crazybob]

did you enable vpn for yourself under users? It kind of looks like you didn't

[imcintyre]

I'll have to have a look. It was working.......

[Daniel B.]

I was thinking that this might be the way to go, but had some practical considerations.

Seeing as I am running this at home, how does one test vpn access when you already have a server as gateway and server. I can think of how it might be done but am easily confused and the practical knowledge eludes me. I searched this site for any posts or how to's but couldnt find any.

imcintyre

If you have a test machine you can:
- perform a fresh install of SME7 in server-only mode
- give it a fixed IP on you local network, for example 192.168.1.50
- install the contrib smeserver-openvpn-bridge_beta5 on it
- configure it as you want, you can let the default port 1194 or choose another
- disable openvpn-server-bridge on your server&gateway
- redirect a port on the server&gateway server: port 1194, proto UDP, destination host 192.168.1.50

Now your server-only host is rechable on port 1194 for proto UDP and you can test the contrib.

As crazybob told you, if you have an emty certificate, you must erease all the certificate and regenerate them. I know you already try this but if you have an empty certificate, you had a problem with the generation.

For your server certificate, a default one should configured with the common-name server-bridge. You can generate a new one if you want but it shouldn't be necessary.

When all the certificates are generated, can you post the result of

ll /etc/openvpn/easy-rsa/keys/server-bridge

you should see all the certificates, the dh file, the crl, the ta.key and the client cert if you have generate one. None of this file should be empty.

If you still have an empty file, please mail me your /var/log/httpd/admin_error_log file.

Cheers, Daniel

[imcintyre]

Thx, I'll follow both these up when I get home Friday

[imcintyre]

Well I made sure I had the vpn option turned on and I did. I also remembered that I did an upgrade to Internet Explorer 7 from 6. I uninstalled v7. It did tell me that Openvpn may not work properly as well as 4 other programs I wasn't aware of. Uninstalled anyways but same error as previously posted.

I guess I will try beta 4 again to see if that is the issue.

[imcintyre]

Vip-ire:

I tried running your command line "ll   etc/openvpn/easy-rsa/keys/server-bridge" but got error about no command, no directory. I went in and found that I had a directory named "bridge". Below are the contents of the directory "bridge". Is this a mistake that I made with the naming? Or is "server-bridge" a generic name and I should have used the name of my server itself. Using Midnight Commander, I can see that none of the files are empty.

01.pem  ca.key   ian.crt  index.txt      serial.old  server.key
02.pem  crl.pem  ian.csr  index.txt.old  server.crt  ta.key
ca.crt  dh.pem   ian.key  serial         server.csr

Imcintyre