[Wolves] OpenVPN under Ubuntu on both its server & client
John Rose
john.aaron.rose at gmail.com
Tue Apr 15 11:11:03 UTC 2014
I'm using OpenVPN to setup a VPN server on a desktop with the client on
a laptop also using OpenVPN. Both machines are Ubuntu Precise Desktop.
All that I want to do is to access website securely using OpenVPN when
away from home by leaving the desktop switched on. I've followed the
Ubuntu Community Guide for OpenVPN on a Ubuntu Server and everyting is
OK except for a line on the client's /var/log/syslog repeated many
times: shown at end of this message. Any ideas?
VPN Server (on desktop) starts OK:
root at JohnDesktop:/etc/openvpn# /etc/init.d/openvpn start
* Starting virtual private network daemon(s)...
* Autostarting VPN 'server'
root at JohnDesktop:/etc/openvpn# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:220 (220.0 B)
I'd already opened UDP port 1194 on the 'server' (i.e. the desktop) for
input & output using GUFW. Extract from server.conf:
|port 1194
proto udp
dev tun
ca ca.crt
cert VPNServer.crt
key VPNServer.key # This file should be kept secret
dh dh1024.pem
|
I'd already opened UDP port 1194 on the 'client' (i.e. the laptop) for
input & output using GUFW. Extracts from client.conf:
client
dev tun
proto udp
remote 109.155.214.166 1194
ca ca.crt
cert Laptop.crt
key Laptop.key
VPN Client on the laptop starts OK:
root at JudithLaptop:/etc/openvpn# /etc/init.d/openvpn start
* Starting virtual private network
daemon(s)... * Autostarting VPN
'client' root at JudithLaptop:/etc/openvpn# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root at JudithLaptop:/etc/openvpn# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=5.50 ms
64 bytes from 10.8.0.1: icmp_req=2 ttl=64 time=5.47 ms
64 bytes from 10.8.0.1: icmp_req=3 ttl=64 time=5.37 ms
64 bytes from 10.8.0.1: icmp_req=4 ttl=64 time=5.43 ms
64 bytes from 10.8.0.1: icmp_req=5 ttl=64 time=5.42 ms
64 bytes from 10.8.0.1: icmp_req=6 ttl=64 time=5.96 ms
^C
--- 10.8.0.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5006ms
rtt min/avg/max/mdev = 5.376/5.529/5.964/0.220 ms
root at JudithLaptop:/etc/openvpn# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 192.168.101.1 0.0.0.0 UG 0 0 0
wlan0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0
tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0
tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
wlan0
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0
wlan0
No relevant error messages on the server's /var/log/syslog.
Connecting to www.bbc.co.uk from the laptop works OK and most of the
client's /var/log/syslog is OK:
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: OpenVPN 2.2.1
i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6]
[IPv6 payload 20110424-2 (2.2RC2)] built on Mar 13 2014
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: NOTE: the current
--script-security setting may allow this configuration to call
user-defined scripts
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: WARNING: file
'Laptop.key' is group or others accessible
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: LZO compression initialized
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Control Channel MTU
parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Socket Buffers:
R=[163840->131072] S=[163840->131072]
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Data Channel MTU parms
[ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Local Options hash
(VER=V4): '41690919'
Apr 15 11:54:38 JudithLaptop ovpn-client[18926]: Expected Remote Options
hash (VER=V4): '530fdded'
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: UDPv4 link local: [undef]
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: UDPv4 link remote:
[AF_INET]109.155.214.166:1194
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: TLS: Initial packet
from [AF_INET]109.155.214.166:1194, sid=4036da72 088de39f
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: VERIFY OK: depth=1,
/C=GB/ST=WestMidlands/L=Wolverhampton/O=Rose/OU=changeme/CN=changeme/name=changeme/emailAddress=mail at host.domain
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: VERIFY OK:
nsCertType=SERVER
Apr 15 11:54:38 JudithLaptop ovpn-client[18927]: VERIFY OK: depth=0,
/C=GB/ST=WestMidlands/L=Wolverhampton/O=Rose/OU=changeme/CN=VPNServer/name=changeme/emailAddress=mail at host.domain
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Apr 15 11:54:39 JudithLaptop ovpn-client[18927]: [VPNServer] Peer
Connection Initiated with [AF_INET]109.155.214.166:1194
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: SENT CONTROL
[VPNServer]: 'PUSH_REQUEST' (status=1)
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: PUSH: Received control
message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart
120,ifconfig 10.8.0.6 10.8.0.5'
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: OPTIONS IMPORT: timers
and/or timeouts modified
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: OPTIONS IMPORT:
--ifconfig/up options modified
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: OPTIONS IMPORT: route
options modified
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: ROUTE
default_gateway=192.168.101.1
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: TUN/TAP device tun0 opened
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: TUN/TAP TX queue length
set to 100
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: do_ifconfig,
tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: /sbin/ifconfig tun0
10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Apr 15 11:54:41 JudithLaptop NetworkManager[1056]: SCPlugin-Ifupdown:
devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Apr 15 11:54:41 JudithLaptop NetworkManager[1056]: SCPlugin-Ifupdown:
device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no
ifupdown configuration found.
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: /sbin/route add -net
10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Apr 15 11:54:41 JudithLaptop ovpn-client[18927]: Initialization Sequence
Completed
However, the last line of the client's /var/log/syslog is repeated many
times and is:
Apr 15 11:54:53 JudithLaptop kernel: [136090.793598] [UFW BLOCK]
IN=wlan0 OUT= MAC= SRC=192.168.101.13 DST=239.0.0.250 LEN=49 TOS=0x00
PREC=0x00 TTL=1 ID=41113 DF PROTO=UDP SPT=56556 DPT=32412 LEN=29
I don't understand why these ports (56556 & 32412) on the client are
used. Please explain.
--
Regards,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140415/86689008/attachment-0001.html>
More information about the Wolves
mailing list