<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="post-text" itemprop="description">
<p>I'm using OpenVPN to setup a VPN server on a desktop with the
client on a laptop also using OpenVPN. Both machines are Ubuntu
Precise Desktop. All that I want to do is to access website
securely using OpenVPN when away from home by leaving the
desktop switched on. I've followed the Ubuntu Community Guide
for OpenVPN on a Ubuntu Server and everyting is OK except for a
line on the client's /var/log/syslog repeated many times: shown
at end of this message. Any ideas?<br>
</p>
<p>VPN Server (on desktop) starts OK:<br>
<font face="Courier New, Courier, monospace">root@JohnDesktop:/etc/openvpn#
/etc/init.d/openvpn start<br>
* Starting virtual private network
daemon(s)... <br>
* Autostarting VPN 'server'<br>
</font><font face="Courier New, Courier, monospace"><font
face="Courier New, Courier, monospace">root@JohnDesktop:/etc/openvpn#
ifconfig tun0<br>
</font>tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 <br>
inet addr:10.8.0.1 P-t-P:10.8.0.2
Mask:255.255.255.255<br>
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500
Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:100 <br>
RX bytes:0 (0.0 B) TX bytes:220 (220.0 B)<br>
</font></p>
<p>I'd already opened UDP port 1194 on the 'server' (i.e. the
desktop) for input & output using GUFW. Extract from
server.conf:<br>
</p>
<pre><code><big><big><font face="Courier New, Courier, monospace">port 1194
proto udp
dev tun
ca ca.crt
cert VPNServer.crt
key VPNServer.key # This file should be kept secret
dh dh1024.pem</font></big></big>
</code></pre>
<p>I'd already opened UDP port 1194 on the 'client' (i.e. the
laptop) for input & output using GUFW. Extracts from
client.conf:<br>
<font face="Courier New, Courier, monospace">client<br>
dev tun<br>
proto udp<br>
remote 109.155.214.166 1194<br>
ca ca.crt<br>
cert Laptop.crt<br>
key Laptop.key
</font></p>
<p>VPN Client on the laptop starts OK:<br>
</p>
<font face="Courier New, Courier, monospace">root@JudithLaptop:/etc/openvpn#
/etc/init.d/openvpn start<br>
* Starting virtual private network
daemon(s)... * Autostarting
VPN 'client'
root@JudithLaptop:/etc/openvpn# ifconfig tun0<br>
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 <br>
inet addr:10.8.0.6 P-t-P:10.8.0.5
Mask:255.255.255.255<br>
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500
Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:100 <br>
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)<br>
<br>
root@JudithLaptop:/etc/openvpn# ping 10.8.0.1<br>
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.<br>
64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=5.50 ms<br>
64 bytes from 10.8.0.1: icmp_req=2 ttl=64 time=5.47 ms<br>
64 bytes from 10.8.0.1: icmp_req=3 ttl=64 time=5.37 ms<br>
64 bytes from 10.8.0.1: icmp_req=4 ttl=64 time=5.43 ms<br>
64 bytes from 10.8.0.1: icmp_req=5 ttl=64 time=5.42 ms<br>
64 bytes from 10.8.0.1: icmp_req=6 ttl=64 time=5.96 ms<br>
^C<br>
--- 10.8.0.1 ping statistics ---<br>
6 packets transmitted, 6 received, 0% packet loss, time 5006ms<br>
rtt min/avg/max/mdev = 5.376/5.529/5.964/0.220 ms<br>
root@JudithLaptop:/etc/openvpn# netstat -rn<br>
Kernel IP routing table<br>
Destination Gateway Genmask Flags MSS
Window irtt Iface<br>
0.0.0.0 192.168.101.1 0.0.0.0 UG 0
0 0 wlan0<br>
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0
0 0 tun0<br>
10.8.0.5 0.0.0.0 255.255.255.255 UH 0
0 0 tun0<br>
169.254.0.0 0.0.0.0 255.255.0.0 U 0
0 0 wlan0<br>
192.168.101.0 0.0.0.0 255.255.255.0 U 0
0 0 wlan0<br>
</font><br>
<br>
No relevant error messages on the server's /var/log/syslog. <br>
<p>Connecting to <a class="moz-txt-link-abbreviated" href="http://www.bbc.co.uk">www.bbc.co.uk</a> from the laptop works OK and most
of the client's /var/log/syslog is OK:<br>
<font face="Courier New, Courier, monospace">Apr 15 11:54:38
JudithLaptop ovpn-client[18926]: OpenVPN 2.2.1 i686-linux-gnu
[SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6
payload 20110424-2 (2.2RC2)] built on Mar 13 2014<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: NOTE: the
current --script-security setting may allow this configuration
to call user-defined scripts<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: WARNING: file
'Laptop.key' is group or others accessible<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: LZO
compression initialized<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Socket
Buffers: R=[163840->131072] S=[163840->131072]<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Data Channel
MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Local Options
hash (VER=V4): '41690919'<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Expected
Remote Options hash (VER=V4): '530fdded'<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: UDPv4 link
local: [undef]<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: UDPv4 link
remote: [AF_INET]109.155.214.166:1194<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: TLS: Initial
packet from [AF_INET]109.155.214.166:1194, sid=4036da72
088de39f<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: VERIFY OK:
depth=1,
/C=GB/ST=WestMidlands/L=Wolverhampton/O=Rose/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: VERIFY OK:
nsCertType=SERVER<br>
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: VERIFY OK:
depth=0,
/C=GB/ST=WestMidlands/L=Wolverhampton/O=Rose/OU=changeme/CN=VPNServer/name=changeme/emailAddress=mail@host.domain<br>
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel
Encrypt: Cipher 'BF-CBC' initialized with 128 bit key<br>
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel
Encrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication<br>
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel
Decrypt: Cipher 'BF-CBC' initialized with 128 bit key<br>
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel
Decrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication<br>
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Control
Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024
bit RSA<br>
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: [VPNServer]
Peer Connection Initiated with [AF_INET]109.155.214.166:1194<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: SENT CONTROL
[VPNServer]: 'PUSH_REQUEST' (status=1)<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: PUSH:
Received control message: 'PUSH_REPLY,route 10.8.0.1,topology
net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: OPTIONS
IMPORT: timers and/or timeouts modified<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: OPTIONS
IMPORT: --ifconfig/up options modified<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: OPTIONS
IMPORT: route options modified<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: ROUTE
default_gateway=192.168.101.1<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: TUN/TAP
device tun0 opened<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: TUN/TAP TX
queue length set to 100<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: do_ifconfig,
tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]:
/sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500<br>
Apr 15 11:54:41 JudithLaptop NetworkManager[1056]:
SCPlugin-Ifupdown: devices added (path:
/sys/devices/virtual/net/tun0, iface: tun0)<br>
Apr 15 11:54:41 JudithLaptop NetworkManager[1056]:
SCPlugin-Ifupdown: device added (path:
/sys/devices/virtual/net/tun0, iface: tun0): no ifupdown
configuration found.<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: /sbin/route
add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5<br>
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]:
Initialization Sequence Completed<br>
</font></p>
<p><big><font face="Helvetica, Arial, sans-serif">However, the
last line of the client's /var/log/syslog is repeated many
times and is:</font></big></p>
<p><font face="Courier New, Courier, monospace">Apr 15 11:54:53
JudithLaptop kernel: [136090.793598] [UFW BLOCK] IN=wlan0 OUT=
MAC= SRC=192.168.101.13 DST=239.0.0.250 LEN=49 TOS=0x00
PREC=0x00 TTL=1 ID=41113 DF PROTO=UDP SPT=56556 DPT=32412
LEN=29 <br>
<br>
</font></p>
<p>I don't understand why these ports (56556 & 32412) on the
client are used. Please explain.<br>
</p>
<p><br>
</p>
</div>
<pre class="moz-signature" cols="72">--
Regards,
John</pre>
</body>
</html>