[Wylug-help] OpenVPN - was simple iptables rule

Gary Stainburn gary.stainburn at ringways.co.uk
Thu Feb 17 22:35:44 GMT 2005 

On Tuesday 15 February 2005 7:09 pm, Gary Stainburn wrote:
> On Tuesday 15 February 2005 4:51 pm, lee at leeevans.org wrote:
> > hi,
> >
> > very simply:
> >
> > iptables -A INPUT -i eth1 -s your.ip.address.here -j ACCEPT
> > iptables -A INPUT -i eth1 -j DROP
> >
> >
> > lee
>
> Hi Lee
>
> The commands ran without errors but I was unable to connect to the
> host. Tomorrow I'll get someone to plug the cable back in and try
> again.
>
> Gary

Amazingly, when I connected the cables, it worked.  I then started
playing with OpenVPN again (tried a while back but had to leave it).

Eddie is the box at work listening, gary is my home PC making the
connection.

OpenVPN starts okay on eddie and sits there.
OpenVPN starts okay on gary with no error messages.
Once OpenVPN's running on gary, error messages (code=111) appear on
eddie. If I stop the program on gary the errors on eddie stop.

I don't manage to get a working VPN.  Below are the screen grabs for
both gary and eddie.

gary
~~~~
[root at garyh openvpn]# openvpn --config gary-home.conf
Thu Feb 17 22:29:53 2005 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] [LZO]
built on Aug 21 2004
Thu Feb 17 22:29:53 2005 1: Static Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Thu Feb 17 22:29:53 2005 2: Static Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Feb 17 22:29:53 2005 3: Static Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Thu Feb 17 22:29:53 2005 4: Static Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Feb 17 22:29:53 2005 5: LZO compression initialized
Thu Feb 17 22:29:53 2005 6: TUN/TAP device tun0 opened
Thu Feb 17 22:29:53 2005 7: /sbin/ifconfig tun0 192.168.2.2 pointopoint
192.168.2.1 mtu 1255
Thu Feb 17 22:29:53 2005 8: ./gary-home.up tun0 1255 1300 192.168.2.2
192.168.2.1 init
Thu Feb 17 22:29:53 2005 9: Data Channel MTU parms [ L:1300 D:1300 EF:45
EB:19 ET:0 EL:0 ]
Thu Feb 17 22:29:53 2005 10: Local Options hash (VER=V3): 'c8d38d76'
Thu Feb 17 22:29:53 2005 11: Expected Remote Options hash (VER=V3):
'4b8e646a'
Thu Feb 17 22:29:53 2005 12: UDPv4 link local (bound): [undef]:5000
Thu Feb 17 22:29:53 2005 13: UDPv4 link remote: 195.217.92.130:5000
Thu Feb 17 22:29:56 2005 14: select : Interrupted system call (code=4)
Thu Feb 17 22:29:56 2005 15: SIGINT received, exiting
Thu Feb 17 22:29:56 2005 16: Closing TCP/UDP socket
Thu Feb 17 22:29:56 2005 17: Closing TUN/TAP device
Thu Feb 17 22:29:56 2005 18: ./gary-home.down tun0 1255 1300   init
SIOCDELRT: No such process
SIOCDELRT: No such process
SIOCDELRT: No such process
SIOCDELRT: No such process
[root at garyh openvpn]#

eddie
~~~~~
[root at eddie openvpn]# openvpn --config gary-home.conf
Thu Feb 17 22:22:50 2005 0: OpenVPN 1.6.0 i686-pc-linux-gnu [SSL] [LZO]
built on Oct 27 2004
Thu Feb 17 22:22:50 2005 1: Static Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Thu Feb 17 22:22:50 2005 2: Static Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Feb 17 22:22:50 2005 3: Static Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Thu Feb 17 22:22:50 2005 4: Static Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Feb 17 22:22:50 2005 5: LZO compression initialized
Thu Feb 17 22:22:50 2005 6: TUN/TAP device tun0 opened
Thu Feb 17 22:22:50 2005 7: /sbin/ifconfig tun0 192.168.2.1 pointopoint
192.168.2.2 mtu 1255
Thu Feb 17 22:22:50 2005 8: ./gary-home.up tun0 1255 1300 192.168.2.1
192.168.2.2 init
Thu Feb 17 22:22:50 2005 9: Data Channel MTU parms [ L:1300 D:1300 EF:45
EB:19 ET:0 EL:0 ]
Thu Feb 17 22:22:50 2005 10: Local Options hash (VER=V3): '4b8e646a'
Thu Feb 17 22:22:50 2005 11: Expected Remote Options hash (VER=V3):
'c8d38d76'
Thu Feb 17 22:22:50 2005 12: UDPv4 link local (bound): [undef]:5000
Thu Feb 17 22:22:50 2005 13: UDPv4 link remote: [undef]
Thu Feb 17 22:23:00 2005 14: Peer Connection Initiated with
80.229.164.202:5000
Thu Feb 17 22:23:01 2005 15: read UDPv4 [ECONNREFUSED]: Connection
refused (code=111)
Thu Feb 17 22:23:02 2005 16: read UDPv4 [ECONNREFUSED]: Connection
refused (code=111)
Thu Feb 17 22:23:03 2005 17: read UDPv4 [ECONNREFUSED]: Connection
refused (code=111)
Thu Feb 17 22:23:10 2005 18: read UDPv4 [ECONNREFUSED]: Connection
refused (code=111)
Thu Feb 17 22:23:12 2005 19: select : Interrupted system call (code=4)
Thu Feb 17 22:23:12 2005 20: SIGINT received, exiting
Thu Feb 17 22:23:12 2005 21: Closing TCP/UDP socket
Thu Feb 17 22:23:12 2005 22: Closing TUN/TAP device
Thu Feb 17 22:23:12 2005 23: ./gary-home.down tun0 1255 1300   init
sh: ./gary-home.down: No such file or directory
Thu Feb 17 22:23:12 2005 24: script failed: could not execute shell
command
Thu Feb 17 22:23:12 2005 25: Exiting
[root at eddie openvpn]#
--
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000

More information about the Wylug-help mailing list