BUG: OpenVPN2 client cannot comunicate to a OpenVPN Linux Server

[fcadili@…]

After opening the comunication between the client and the server the following message is displayed:

Dec 18 18:14:26 power-mac-g5 mDNSResponder: getifaddrs ifa_netmask for tun0(6) Flags 8851 Family 2 192.168.69.10 has different family: 0

My system is a PowerMac with Mac OS X 10.4, the server is a Linux Sarge. Both the system use openvpn version 2.0.5 (The last stable version).

When I dig into the code I found that there is an inconsistency on the structure sockaddr_in. The definion inside my Mac OS X is IPv6 compatible whereas the definition inside linux is the original IPv4 structure.

This is the uname -a output: Darwin power-mac-g5.local 8.3.0 Darwin Kernel Version 8.3.0: Mon Oct 3 20:04:04 PDT 2005; root:xnu-792.6.22.obj~2/RELEASE_PPC Power Macintosh powerpc

[pierre@…]

Hello Francesco, (adding Jordi as a Cc:, tell me if that annoys you Jordi) I'll have some time in this week-end to check it out. But just to be sure, do you use the standard debian package? I also have a sarge as a server, and I've seen that my available version is 2.0.1-sarge2. Do you use a backport? if so, where did you get it (I bet you compiled it yourself, but just making sure)?

[fcadili@…]

I beg your pardon, but when I asked to the person who supervision the VPN installation, about the linux version on the server side, it sayd me that the VPN server is installed inside a router (a LinkSys branded CISCO) with an enbeded version on Linux based on Kernel 2.4.21.

The openvpn version is 2.0.5 and it works fine with openvpn on Windows machine. It seems that the only client that has problems is my Mac OS X client.

I have tested it with pre-compiled "Tunnelblick-Tiger-2.0.1.dmg", compiled TunnelBrick 2.0.1 and 3.0 alpha and with some vesione on compiled openvpn (2.0.5 and 2.1)

Francesco

I can give you other information, if you need them, on mac os x side. For the right version of enbedded software I will receive other information in the following days.

[pierre@…]

(In reply to comment #2)

I have tested it with pre-compiled "Tunnelblick-Tiger-2.0.1.dmg", compiled TunnelBrick 2.0.1 and

3.0

alpha and with some vesione on compiled openvpn (2.0.5 and 2.1)

What version(s) do work? Does the TunnelBlick one work?

Other questions include:

1. can you ping the VPN server's IP without any VPN on (so without messing your route)?
2. can you establish the VPN? What's the log of running "sudo openvpn2 --config /opt/local/

<some_path_to_config_file>"?

3. can you initiate a ping to the VPN server on your tun/tap device?

I can give you other information, if you need them, on mac os x side. For the right version of

enbedded

software I will receive other information in the following days.

OK! Merry Christmas till then ;) -- Pierre

[fcadili@…]

The version that works at a very low speed (I can use only ssh to connect to the server) and pnly when there arem't other VPN clinet connected is "Tunnelblick-Tiger-2.0.1.dmg". This version works with the same limitation when I replace the openvpn version with mt compiled openvpn 2.0.5.

This is the log (extracted from the console) with verbosity set to 5. I have replaced the public ip with '120.10.153.23' and the public dns name of the vpn with 'vpn.mydomain.it'.

Mac OS X Version 10.4.3 (Build 8F46) 2005-12-25 10:34:09 +0100 2005-12-25 10:34:10.166 SystemUIServer[256] lang is:en 2005-12-25 10:34:10.497 FaxServer OEM[264] FaxServer started, created:12-15-2004 17:16 vers:10.5.3 userID: fcadili 2005-12-25 10:34:11.003 FaxServer OEM[264] FAXstfX OEM serial number registered Dec 25 10:34:16 power-mac-g5 /System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/InternalModemSupport.kext/Contents/Resources/AppleModemOnHold.app/Contents/MacOS/AppleModemOnHold: MOHServiceAddedProc >>\n Sun Dec 25 10:37:45 2005 us=330072 Current Parameter Settings: Sun Dec 25 10:37:45 2005 us=330680 config = '/Users/fcadili/Library/openvpn/openvpn.conf' Sun Dec 25 10:37:45 2005 us=330701 mode = 0 Sun Dec 25 10:37:45 2005 us=330719 show_ciphers = DISABLED Sun Dec 25 10:37:45 2005 us=330737 show_digests = DISABLED Sun Dec 25 10:37:45 2005 us=330758 show_engines = DISABLED Sun Dec 25 10:37:45 2005 us=330777 genkey = DISABLED Sun Dec 25 10:37:45 2005 us=330796 key_pass_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=330814 show_tls_ciphers = DISABLED Sun Dec 25 10:37:45 2005 us=330833 proto = 0 Sun Dec 25 10:37:45 2005 us=330852 local = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=330888 remote_list[0] = {'vpn.mydomain.it', 5000} Sun Dec 25 10:37:45 2005 us=330908 remote_random = DISABLED Sun Dec 25 10:37:45 2005 us=330927 local_port = 1194 Sun Dec 25 10:37:45 2005 us=330945 remote_port = 1194 Sun Dec 25 10:37:45 2005 us=330964 remote_float = DISABLED Sun Dec 25 10:37:45 2005 us=330983 ipchange = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331001 bind_local = DISABLED Sun Dec 25 10:37:45 2005 us=331020 dev = 'tun' Sun Dec 25 10:37:45 2005 us=331039 dev_type = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331057 dev_node = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331076 tun_ipv6 = DISABLED Sun Dec 25 10:37:45 2005 us=331095 ifconfig_local = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331114 ifconfig_remote_netmask = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331133 ifconfig_noexec = DISABLED Sun Dec 25 10:37:45 2005 us=331151 ifconfig_nowarn = DISABLED Sun Dec 25 10:37:45 2005 us=331170 shaper = 0 Sun Dec 25 10:37:45 2005 us=331188 tun_mtu = 1500 Sun Dec 25 10:37:45 2005 us=331207 tun_mtu_defined = ENABLED Sun Dec 25 10:37:45 2005 us=331226 link_mtu = 1500 Sun Dec 25 10:37:45 2005 us=331245 link_mtu_defined = DISABLED Sun Dec 25 10:37:45 2005 us=331277 tun_mtu_extra = 0 Sun Dec 25 10:37:45 2005 us=331410 tun_mtu_extra_defined = DISABLED Sun Dec 25 10:37:45 2005 us=331431 fragment = 0 Sun Dec 25 10:37:45 2005 us=331450 mtu_discover_type = -1 Sun Dec 25 10:37:45 2005 us=331467 mtu_test = 0 Sun Dec 25 10:37:45 2005 us=331486 mlock = DISABLED Sun Dec 25 10:37:45 2005 us=331504 keepalive_ping = 0 Sun Dec 25 10:37:45 2005 us=331523 keepalive_timeout = 0 Sun Dec 25 10:37:45 2005 us=331542 inactivity_timeout = 0 Sun Dec 25 10:37:45 2005 us=331561 ping_send_timeout = 0 Sun Dec 25 10:37:45 2005 us=331580 ping_rec_timeout = 120 Sun Dec 25 10:37:45 2005 us=331599 ping_rec_timeout_action = 2 Sun Dec 25 10:37:45 2005 us=331618 ping_timer_remote = DISABLED Sun Dec 25 10:37:45 2005 us=331636 remap_sigusr1 = 0 Sun Dec 25 10:37:45 2005 us=331655 explicit_exit_notification = 0 Sun Dec 25 10:37:45 2005 us=331674 persist_tun = ENABLED Sun Dec 25 10:37:45 2005 us=331693 persist_local_ip = DISABLED Sun Dec 25 10:37:45 2005 us=331712 persist_remote_ip = DISABLED Sun Dec 25 10:37:45 2005 us=331731 persist_key = ENABLED Sun Dec 25 10:37:45 2005 us=331749 mssfix = 1450 Sun Dec 25 10:37:45 2005 us=331768 passtos = DISABLED Sun Dec 25 10:37:45 2005 us=331787 resolve_retry_seconds = 1000000000 Sun Dec 25 10:37:45 2005 us=331806 connect_retry_seconds = 5 Sun Dec 25 10:37:45 2005 us=331825 username = 'nobody' Sun Dec 25 10:37:45 2005 us=331844 groupname = 'nobody' Sun Dec 25 10:37:45 2005 us=331863 chroot_dir = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331881 cd_dir = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331900 writepid = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331918 up_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331937 down_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=331954 down_pre = DISABLED Sun Dec 25 10:37:45 2005 us=331971 up_restart = DISABLED Sun Dec 25 10:37:45 2005 us=331988 up_delay = DISABLED Sun Dec 25 10:37:45 2005 us=332005 daemon = DISABLED Sun Dec 25 10:37:45 2005 us=332023 inetd = 0 Sun Dec 25 10:37:45 2005 us=332040 log = DISABLED Sun Dec 25 10:37:45 2005 us=332059 suppress_timestamps = DISABLED Sun Dec 25 10:37:45 2005 us=332077 nice = 0 Sun Dec 25 10:37:45 2005 us=332096 verbosity = 5 Sun Dec 25 10:37:45 2005 us=332114 mute = 0 Sun Dec 25 10:37:45 2005 us=332133 gremlin = 0 Sun Dec 25 10:37:45 2005 us=332152 status_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332186 status_file_version = 1 Sun Dec 25 10:37:45 2005 us=332205 status_file_update_freq = 60 Sun Dec 25 10:37:45 2005 us=332227 occ = ENABLED Sun Dec 25 10:37:45 2005 us=332246 rcvbuf = 65536 Sun Dec 25 10:37:45 2005 us=332265 sndbuf = 65536 Sun Dec 25 10:37:45 2005 us=332284 socks_proxy_server = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332303 socks_proxy_port = 0 Sun Dec 25 10:37:45 2005 us=332322 socks_proxy_retry = DISABLED Sun Dec 25 10:37:45 2005 us=332341 fast_io = DISABLED Sun Dec 25 10:37:45 2005 us=332359 comp_lzo = ENABLED Sun Dec 25 10:37:45 2005 us=332378 comp_lzo_adaptive = ENABLED Sun Dec 25 10:37:45 2005 us=332397 route_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332416 route_default_gateway = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332435 route_noexec = DISABLED Sun Dec 25 10:37:45 2005 us=332453 route_delay = 0 Sun Dec 25 10:37:45 2005 us=332472 route_delay_window = 30 Sun Dec 25 10:37:45 2005 us=332491 route_delay_defined = DISABLED Sun Dec 25 10:37:45 2005 us=332510 management_addr = '127.0.0.1' Sun Dec 25 10:37:45 2005 us=332529 management_port = 1838 Sun Dec 25 10:37:45 2005 us=332548 management_user_pass = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332568 management_log_history_cache = 250 Sun Dec 25 10:37:45 2005 us=332587 management_echo_buffer_size = 100 Sun Dec 25 10:37:45 2005 us=332606 management_query_passwords = ENABLED Sun Dec 25 10:37:45 2005 us=332625 management_hold = ENABLED Sun Dec 25 10:37:45 2005 us=332644 shared_secret_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332663 key_direction = 0 Sun Dec 25 10:37:45 2005 us=332682 ciphername_defined = ENABLED Sun Dec 25 10:37:45 2005 us=332701 ciphername = 'BF-CBC' Sun Dec 25 10:37:45 2005 us=332720 authname_defined = ENABLED Sun Dec 25 10:37:45 2005 us=332740 authname = 'SHA1' Sun Dec 25 10:37:45 2005 us=332758 keysize = 0 Sun Dec 25 10:37:45 2005 us=332777 engine = DISABLED Sun Dec 25 10:37:45 2005 us=332796 replay = ENABLED Sun Dec 25 10:37:45 2005 us=332815 mute_replay_warnings = DISABLED Sun Dec 25 10:37:45 2005 us=332834 replay_window = 64 Sun Dec 25 10:37:45 2005 us=332853 replay_time = 15 Sun Dec 25 10:37:45 2005 us=332872 packet_id_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=332891 use_iv = ENABLED Sun Dec 25 10:37:45 2005 us=332921 test_crypto = DISABLED Sun Dec 25 10:37:45 2005 us=332941 tls_server = DISABLED Sun Dec 25 10:37:45 2005 us=332960 tls_client = ENABLED Sun Dec 25 10:37:45 2005 us=332978 key_method = 2 Sun Dec 25 10:37:45 2005 us=333066 ca_file = 'cacert.pem' Sun Dec 25 10:37:45 2005 us=333091 dh_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333110 cert_file = 'client_cert.pem' Sun Dec 25 10:37:45 2005 us=333130 priv_key_file = 'client_key.pem' Sun Dec 25 10:37:45 2005 us=333149 pkcs12_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333168 cipher_list = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333187 tls_verify = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333206 tls_remote = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333225 crl_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333245 ns_cert_type = 0 Sun Dec 25 10:37:45 2005 us=333263 tls_timeout = 2 Sun Dec 25 10:37:45 2005 us=333282 renegotiate_bytes = 0 Sun Dec 25 10:37:45 2005 us=333301 renegotiate_packets = 0 Sun Dec 25 10:37:45 2005 us=333320 renegotiate_seconds = 3600 Sun Dec 25 10:37:45 2005 us=333337 handshake_window = 60 Sun Dec 25 10:37:45 2005 us=333355 transition_window = 3600 Sun Dec 25 10:37:45 2005 us=333372 single_session = DISABLED Sun Dec 25 10:37:45 2005 us=333391 tls_exit = DISABLED Sun Dec 25 10:37:45 2005 us=333409 tls_auth_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333471 server_network = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333493 server_netmask = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333527 server_bridge_ip = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333549 server_bridge_netmask = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333571 server_bridge_pool_start = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333594 server_bridge_pool_end = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333613 ifconfig_pool_defined = DISABLED Sun Dec 25 10:37:45 2005 us=333636 ifconfig_pool_start = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333657 ifconfig_pool_end = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333679 ifconfig_pool_netmask = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333699 ifconfig_pool_persist_filename = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333720 ifconfig_pool_persist_refresh_freq = 600 Sun Dec 25 10:37:45 2005 us=333739 ifconfig_pool_linear = DISABLED Sun Dec 25 10:37:45 2005 us=333758 n_bcast_buf = 256 Sun Dec 25 10:37:45 2005 us=333778 tcp_queue_limit = 64 Sun Dec 25 10:37:45 2005 us=333797 real_hash_size = 256 Sun Dec 25 10:37:45 2005 us=333816 virtual_hash_size = 256 Sun Dec 25 10:37:45 2005 us=333836 client_connect_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333856 learn_address_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333876 client_disconnect_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333895 client_config_dir = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333915 ccd_exclusive = DISABLED Sun Dec 25 10:37:45 2005 us=333934 tmp_dir = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=333954 push_ifconfig_defined = DISABLED Sun Dec 25 10:37:45 2005 us=333976 push_ifconfig_local = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=333998 push_ifconfig_remote_netmask = 0.0.0.0 Sun Dec 25 10:37:45 2005 us=334017 enable_c2c = DISABLED Sun Dec 25 10:37:45 2005 us=334036 duplicate_cn = DISABLED Sun Dec 25 10:37:45 2005 us=334055 cf_max = 0 Sun Dec 25 10:37:45 2005 us=334074 cf_per = 0 Sun Dec 25 10:37:45 2005 us=334093 max_clients = 1024 Sun Dec 25 10:37:45 2005 us=334113 max_routes_per_client = 256 Sun Dec 25 10:37:45 2005 us=334132 client_cert_not_required = DISABLED Sun Dec 25 10:37:45 2005 us=334152 username_as_common_name = DISABLED Sun Dec 25 10:37:45 2005 us=334171 auth_user_pass_verify_script = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=334191 auth_user_pass_verify_script_via_file = DISABLED Sun Dec 25 10:37:45 2005 us=334210 client = ENABLED Sun Dec 25 10:37:45 2005 us=334229 pull = ENABLED Sun Dec 25 10:37:45 2005 us=334249 auth_user_pass_file = '[UNDEF]' Sun Dec 25 10:37:45 2005 us=334274 OpenVPN 2.0.2 powerpc-apple-darwin8.2.0 [SSL] [LZO] built on Aug 30 2005 Sun Dec 25 10:37:45 2005 us=348886 MANAGEMENT: TCP Socket listening on 127.0.0.1:1838 Sun Dec 25 10:37:45 2005 us=349019 Need hold release from management interface, waiting... Sun Dec 25 10:37:48 2005 us=286565 MANAGEMENT: Client connected from 127.0.0.1:1838 Sun Dec 25 10:37:48 2005 us=287262 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sun Dec 25 10:37:48 2005 us=287344 WARNING: No server certificate verification method has been enabled. See ​http://openvpn.net/howto.html#mitm for more info. Sun Dec 25 10:37:48 2005 us=419934 LZO compression initialized Sun Dec 25 10:37:48 2005 us=420723 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sun Dec 25 10:37:48 2005 us=487586 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sun Dec 25 10:37:48 2005 us=487679 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sun Dec 25 10:37:48 2005 us=487700 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Sun Dec 25 10:37:48 2005 us=487803 Local Options hash (VER=V4): '41690919' Sun Dec 25 10:37:48 2005 us=487837 Expected Remote Options hash (VER=V4): '530fdded' Sun Dec 25 10:37:48 2005 us=490944 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Sun Dec 25 10:37:48 2005 us=491051 Socket Buffers: R=[42080->65536] S=[9216->65536] Sun Dec 25 10:37:48 2005 us=491081 UDPv4 link local: [undef] Sun Dec 25 10:37:48 2005 us=491107 UDPv4 link remote: 120.10.153.23:5000 WRSun Dec 25 10:37:48 2005 us=560063 TLS: Initial packet from 120.10.153.23:5000, sid=59154379 390d25de WWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRSun Dec 25 10:37:49 2005 us=194854 VERIFY OK: depth=1, /C=IT/ST=Italy/L=Milan/O=Half_Head/OU=mbuto/CN=Fab Sun Dec 25 10:37:49 2005 us=195404 VERIFY OK: depth=0, /C=IT/ST=Italy/L=Milan/O=Half_Head/OU=radius/CN=Fab WRWRWRWRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWWWWRRRRWRWRSun Dec 25 10:37:49 2005 us=987135 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Dec 25 10:37:49 2005 us=987187 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Dec 25 10:37:49 2005 us=987294 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Dec 25 10:37:49 2005 us=987322 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication WSun Dec 25 10:37:49 2005 us=987457 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sun Dec 25 10:37:49 2005 us=987516 [Fab] Peer Connection Initiated with 120.10.153.23:5000 Sun Dec 25 10:37:51 2005 us=43734 SENT CONTROL [Fab]: 'PUSH_REQUEST' (status=1) WRRWRWRSun Dec 25 10:37:51 2005 us=117205 PUSH: Received control message: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,route 192.168.11.0 255.255.255.0 192.168.69.1,dhcp-option DNS 192.168.10.2,redirect-gateway def1,route 192.168.69.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 192.168.69.6 192.168.69.5' Sun Dec 25 10:37:51 2005 us=117352 OPTIONS IMPORT: timers and/or timeouts modified Sun Dec 25 10:37:51 2005 us=117374 OPTIONS IMPORT: --ifconfig/up options modified Sun Dec 25 10:37:51 2005 us=117392 OPTIONS IMPORT: route options modified Sun Dec 25 10:37:51 2005 us=117410 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun Dec 25 10:37:51 2005 us=117566 gw 192.168.1.1 Sun Dec 25 10:37:51 2005 us=117980 TUN/TAP device /dev/tun0 opened Sun Dec 25 10:37:51 2005 us=118096 /sbin/ifconfig tun0 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address Sun Dec 25 10:37:51 2005 us=127886 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Sun Dec 25 10:37:51 2005 us=128070 /sbin/ifconfig tun0 192.168.69.6 192.168.69.5 mtu 1500 netmask 255.255.255.255 up Sun Dec 25 10:37:51 2005 us=137134 /sbin/route add -net 120.10.153.23 192.168.1.1 255.255.255.255 add net 120.10.153.23: gateway 192.168.1.1 Sun Dec 25 10:37:51 2005 us=168786 /sbin/route add -net 0.0.0.0 192.168.69.5 128.0.0.0 add net 0.0.0.0: gateway 192.168.69.5 Sun Dec 25 10:37:51 2005 us=178065 /sbin/route add -net 128.0.0.0 192.168.69.5 128.0.0.0 add net 128.0.0.0: gateway 192.168.69.5 Sun Dec 25 10:37:51 2005 us=188861 /sbin/route add -net 192.168.69.0 192.168.69.5 255.255.255.0 add net 192.168.69.0: gateway 192.168.69.5 Sun Dec 25 10:37:51 2005 us=198119 /sbin/route add -net 192.168.11.0 192.168.69.1 255.255.255.0 add net 192.168.11.0: gateway 192.168.69.1 Sun Dec 25 10:37:51 2005 us=207490 /sbin/route add -net 192.168.69.0 192.168.69.5 255.255.255.0 route: writing to routing socket: File exists add net 192.168.69.0: gateway 192.168.69.5: File exists Sun Dec 25 10:37:51 2005 us=217254 GID set to nobody Sun Dec 25 10:37:51 2005 us=218266 UID set to nobody Sun Dec 25 10:37:51 2005 us=218448 Initialization Sequence Completed WDec 25 10:37:53 power-mac-g5 mDNSResponder: getifaddrs ifa_netmask for tun0(6) Flags 8851 Family 2 192.168.69.6 has different family: 0 WRRWRWWRRWWarning: unrecognized command line flag -psn_0_3276801 rWRwrWRwrWRwrWrWRwRwRwrWrWrWRwRwrWRwrWRwrWrWRwRwRwrWrWRwrWrWrWrWRwrWRwRwrWrWRwRwrWRwRwrWRwRwRwrWrWrWrWrWrWRwRwRwRwRwrWRwRwrWrWrWrWRwRwrWrWrWrWRwrWRwRwrWrWRwRwRwRwrWrWrWrWrWrWRwrWRwrWRwrWRwRwrWRwrWRwrWRwRwrWRwRwrWrWRwrWRwRwrWrWRwrWRwrWRwRwrWRwRwrWRwRwRwrWRwrWRwRwrWrWRwrWRwRwRwrWRwRwrWRwrWRwRwrWRwRwRwrWrWRwrWRwRwRwrWrWRwrWRwrWRwRwRwrWRwRwrWRwRwrWRwrWRwRwWRWrWRRwrWRwrWrWRwRwrWRwRwRwrWRwRwrWRwRwrWRwRwrWRwrWRwRwrWRwrWRwRwrWRwRwrWrWRwrWRwrWrWRwrWrWRwrWRwRwrWrWRwRwrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWRwRwRwRwrWrWrWRwRwrWRwRwrWRwrWRwrWRwRwrWRwrWRwRwRwrWRwrWRwRwRwRwRwRwRwrWRwRwRwRwRwrWrWRwrWRwrWRwrWrWRwrWRwrWRwRwrWrWrWRwrWrWRwrWRwRwRwrWRwrWrWrWRwRwrWrWRwrWrWRwRwrWrWRwrWRwrWRwrWRwRwrWRwrWrWRwrWRwrWRwRwRwRwrWRwRwrWRwRwrWRwRwRwRwrWRwRwrWRwrWRwRwrWRwRwrWRwRwrWrWRwrWrWrWrWRwRwRwrWRwRwrWRwRwrWRwrWWRWRRWWRWRWRrWRwrWrWRwrWrWRwRwRwRwrWrWRwrWrWrWRwRwrWRwRwrWrWrWRwRwrWrWRwrWrWrWRwrWRwRwrWRwrWrWRwrWRwRwrWrWrWRwRwrWrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWrWRwrWRwrWRwrWRwRwrWRwrWRwrWRwrWrWRwrWRwrWRwrWRwrWRwRwrWRwrWRwRwrWRwrWRwrWRwRwrWRwRwrWRwRwRwrWrWrWRwRwrWrWRwrWRwrWRwRwrWrWRwrWRwRwrWRwrWRwrWRwRwrWRwrWRwrWRwrWrWRwrWRwrWRwrWRwRwRwrWRwrWRwrWRwrWrWRwRwRwrWrWRwRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRWRWWRWRRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWR

The route before table is:

IRouting tables

Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGSc 5 6 en0 127 localhost UCS 0 0 lo0 localhost localhost UH 21 1506 lo0 169.254 link#4 UCS 0 0 en0 192.168.1 link#4 UCS 2 0 en0 192.168.1.1 0:9:5b:13:a2:8d UHLW 5 0 en0 1186 192.168.1.3 localhost UHS 6 29 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 2 en0

Internet6: Destination Gateway Flags Netif Expire localhost link#1 UHL lo0

localhost Uc lo0

localhost link#1 UHL lo0

link#4 UC en0

power-mac-g5.local 0:11:24:37:cd:b6 UHL lo0 ff01:: localhost U lo0 ff02::%lo0 localhost UC lo0 ff02::%en0 link#4 UC en0

I have modify the openvpn version 2.0.5 to filter the "redirect-gateway def1".

The log is very similar but the routing table is cleaner:

Routing tables

Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGSc 7 9 en0 127 localhost UCS 0 0 lo0 localhost localhost UH 16 1692 lo0 169.254 link#4 UCS 0 0 en0 192.168.1 link#4 UCS 2 0 en0 192.168.1.1 0:9:5b:13:a2:8d UHLW 7 0 en0 935 192.168.1.3 localhost UHS 6 33 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 18 en0 192.168.11 192.168.69.1 UGSc 0 0 en0 192.168.69 192.168.69.5 UGSc 1 0 tun0 192.168.69.5 192.168.69.6 UH 1 0 tun0

Internet6: Destination Gateway Flags Netif Expire localhost link#1 UHL lo0

localhost Uc lo0

localhost link#1 UHL lo0

link#4 UC en0

power-mac-g5.local 0:11:24:37:cd:b6 UHL lo0 ff01:: localhost U lo0 ff02::%lo0 localhost UC lo0 ff02::%en0 link#4 UC en0

The remote address when I try to connect is 192.168.10.160 that is not on the routing table so I added manually the "/sbin/route add -net 192.168.10.0 192.168.69.5 255.255.255.0" since 192.168.69.5 is the remote end-point.

The status of my interfacies is:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

inet6 fe80::211:24ff:fe37:cdb6%en0 prefixlen 64 scopeid 0x4 inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:11:24:37:cd:b6 media: autoselect (100baseTX <full-duplex>) status: active supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP

<full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT <full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> 1000baseT <full-duplex,flow-control,hw-loopback> fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

lladdr 00:11:24:ff:fe:37:cd:b6 media: autoselect <full-duplex> status: inactive supported media: autoselect <full-duplex>

tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500

inet 192.168.69.6 --> 192.168.69.5 netmask 0xffffffff open (pid 294)

tap0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 74:61:70:00:00:00 closed

tun1: flags=8850<POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500

closed

Question

What version(s) do work? Does the TunnelBlick one work? Tunnelblick-Tiger-2.0.1.dmg and openvpn 2.0.5.

Other questions include:

1. can you ping the VPN server's IP without any VPN on (so without messing your

route)? Yes. it is a public ip.

2. can you establish the VPN? What's the log of running "sudo openvpn2 --config

/opt/local/ <some_path_to_config_file>"? I think that the above logging answer the question.

3. can you initiate a ping to the VPN server on your tun/tap device?

Yes.

[pierre@…]

This is really strange. At first look, it seems OK. I don't really know what to say, I guess you can get better support on the OpenVPN mailing list... Sorry for not being so helpful, and good luck... -- Pierre

[fcadili@…]

I have done further testing and I discovered that OpenVPN works fine with a Modem connection but have problems with my ADSL Router.

Any suggestion?

[pierre@…]

(In reply to comment #6)

I have done further testing and I discovered that OpenVPN works fine with a Modem connection but

have

problems with my ADSL Router. Any suggestion?

I'd check the NAT/QoS rules you have (either on the router or your local interface), and try to flush/test them for a while. I'd also tcpdump both ends, but I guess you won't be able to do it on the other side. I'd also sniff the TunnelBlick version you said worked, and compare packets with the DP one. As a side note, in my humble experience, DSL "routers" have the worst network stacks I've observed, although I'm half sure it's not a problem here. Good luck... -- Pierre Queinnec

[fcadili@…]

I bought a ADSL router to replace my ADSL modem. Now the OpenVPN works fine. The old ADSL modem was a Negear "DM602" with the latest available firmware. Now I use a Michelangelo Digicom Router (8E4176).

I think that you can consider this bug closed, since the Netgear is a old Modem that is not sold any more.

Thank you for your support,

Francesco

[pierre@…]

Good to hear it's solved. Could you please close the bug yourself, as I have no rights to close/reassign it? Thanks!