openvpn connessione stabilita ma ping destination host unreachable

[Lorem Ipsum]

Ho un server 8.04.3 LTS sul quale ho installato openvpn, e' sempre andato tutto bene fino ad oggi:

installo maverick sul client e configuro la vpn su nm, si connette, ma tra client e server non c'e' dialogo.

se pingo un indirizzo della rete sotto vpn mi da destination host unreachable.

ho provato di tutto, compreso configurare manualmente ed aggiornare nm alla 0.8.2, stesso problema.

Sperando che qualcuno sappia darmi una mano posto i log.

openvpn.log sul server:

Codice: Seleziona tutto

Mon Feb 21 16:15:04 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Feb 21 16:15:14 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Mon Feb 21 16:15:16 2011 event_wait : Interrupted system call (code=4)
Mon Feb 21 16:15:16 2011 TCP/UDP: Closing socket
Mon Feb 21 16:15:16 2011 Closing TUN/TAP interface
Mon Feb 21 16:15:16 2011 SIGTERM[hard,] received, process exiting
Mon Feb 21 16:15:17 2011 OpenVPN 2.1_rc7 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May  8 2009
Mon Feb 21 16:15:17 2011 Diffie-Hellman initialized with 1024 bit key                                                                                                                                            
Mon Feb 21 16:15:17 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Mon Feb 21 16:15:19 2011 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Mon Feb 21 16:15:19 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 21 16:15:19 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 21 16:15:19 2011 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]                                                                                                                                
Mon Feb 21 16:15:19 2011 TUN/TAP device tap0 opened                                                                                                                                                              
Mon Feb 21 16:15:19 2011 TUN/TAP TX queue length set to 100
Mon Feb 21 16:15:19 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Feb 21 16:15:19 2011 UID set to nobody                                                                                                                                                                       
Mon Feb 21 16:15:19 2011 Socket Buffers: R=[111616->131072] S=[111616->131072]
Mon Feb 21 16:15:19 2011 UDPv4 link local (bound): [undef]:1194                                                                                                                                                  
Mon Feb 21 16:15:19 2011 UDPv4 link remote: [undef]                                                                                                                                                              
Mon Feb 21 16:15:19 2011 MULTI: multi_init called, r=256 v=256
Mon Feb 21 16:15:19 2011 IFCONFIG POOL: base=10.0.0.90 size=11
Mon Feb 21 16:15:19 2011 IFCONFIG POOL LIST                                                                                                                                                                      
Mon Feb 21 16:15:19 2011 server,10.0.0.91                                                                                                                                                                        
Mon Feb 21 16:15:19 2011 Initialization Sequence Completed
Mon Feb 21 17:00:47 2011 MULTI: multi_create_instance called
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 Re-using SSL/TLS context
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 LZO compression initialized
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 Local Options hash (VER=V4): '360696c5'
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 Expected Remote Options hash (VER=V4): '13a273ba'
Mon Feb 21 17:00:47 2011 94.165.165.130:58577 TLS: Initial packet from 94.165.165.130:58577, sid=265d00c0 43084516
Mon Feb 21 17:00:49 2011 94.165.165.130:58577 VERIFY OK: depth=1, /C=IT/ST=MC/L=Macerata/O=Studio2006/OU=vpn/CN=server/emailAddress=localhost@localdomain
Mon Feb 21 17:00:49 2011 94.165.165.130:58577 VERIFY OK: depth=0, /C=IT/ST=MC/L=Macerata/O=Studio2006/OU=vpn/CN=server/emailAddress=localhost@localdomain
Mon Feb 21 17:00:49 2011 94.165.165.130:58577 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Feb 21 17:00:49 2011 94.165.165.130:58577 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 21 17:00:49 2011 94.165.165.130:58577 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Feb 21 17:00:49 2011 94.165.165.130:58577 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 21 17:00:50 2011 94.165.165.130:58577 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Feb 21 17:00:50 2011 94.165.165.130:58577 [server] Peer Connection Initiated with 94.165.165.130:58577
Mon Feb 21 17:00:52 2011 server/94.165.165.130:58577 PUSH: Received control message: 'PUSH_REQUEST'
Mon Feb 21 17:00:52 2011 server/94.165.165.130:58577 SENT CONTROL [server]: 'PUSH_REPLY,route-gateway 10.0.0.6,ping 10,ping-restart 120,ifconfig 10.0.0.91 255.255.255.0' (status=1)
Mon Feb 21 17:00:52 2011 server/94.165.165.130:58577 MULTI: Learn: 62:8a:08:9a:21:ae -> server/94.165.165.130:58577

syslog sul client:

Codice: Seleziona tutto

Feb 21 17:00:46 primario NetworkManager[893]: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Feb 21 17:00:46 primario NetworkManager[893]: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2571
Feb 21 17:00:46 primario NetworkManager[893]: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' appeared, activating connections
Feb 21 17:00:46 primario NetworkManager[893]: <info> VPN plugin state changed: 1
Feb 21 17:00:46 primario NetworkManager[893]: <info> VPN plugin state changed: 3
Feb 21 17:00:46 primario NetworkManager[893]: <info> VPN connection 'Studio2006' (Connect) reply received.
Feb 21 17:00:46 primario nm-openvpn[2575]: OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Feb 21 17:00:46 primario nm-openvpn[2575]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Feb 21 17:00:46 primario nm-openvpn[2575]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 21 17:00:46 primario nm-openvpn[2575]: WARNING: file '/home/leo/Documenti/Chiavi/VPN Studio2006/username.key' is group or others accessible
Feb 21 17:00:46 primario nm-openvpn[2575]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Feb 21 17:00:47 primario nm-openvpn[2575]: WARNING: file '/home/leo/Documenti/Chiavi/VPN Studio2006/ta.key' is group or others accessible
Feb 21 17:00:47 primario nm-openvpn[2575]: Control Channel Authentication: using '/home/leo/Documenti/Chiavi/VPN Studio2006/ta.key' as a OpenVPN static key file
Feb 21 17:00:47 primario nm-openvpn[2575]: LZO compression initialized
Feb 21 17:00:47 primario nm-openvpn[2575]: UDPv4 link local: [undef]
Feb 21 17:00:47 primario nm-openvpn[2575]: UDPv4 link remote: [AF_INET]88.149.182.8:1194
Feb 21 17:00:49 primario nm-openvpn[2575]: [server] Peer Connection Initiated with [AF_INET]88.149.182.8:1194
Feb 21 17:00:52 primario NetworkManager[893]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Feb 21 17:00:52 primario NetworkManager[893]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Feb 21 17:00:52 primario NetworkManager[893]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Feb 21 17:00:52 primario modem-manager: (net/tap0): could not get port's parent device
Feb 21 17:00:52 primario nm-openvpn[2575]: TUN/TAP device tap0 opened
Feb 21 17:00:52 primario nm-openvpn[2575]: /sbin/ifconfig tap0 10.0.0.91 netmask 255.255.255.0 mtu 1500 broadcast 10.0.0.255
Feb 21 17:00:52 primario avahi-daemon[863]: Joining mDNS multicast group on interface tap0.IPv4 with address 10.0.0.91.
Feb 21 17:00:52 primario avahi-daemon[863]: New relevant interface tap0.IPv4 for mDNS.
Feb 21 17:00:52 primario avahi-daemon[863]: Registering new address record for 10.0.0.91 on tap0.IPv4.
Feb 21 17:00:52 primario avahi-daemon[863]: Withdrawing address record for 10.0.0.91 on tap0.
Feb 21 17:00:52 primario avahi-daemon[863]: Leaving mDNS multicast group on interface tap0.IPv4 with address 10.0.0.91.
Feb 21 17:00:52 primario avahi-daemon[863]: Interface tap0.IPv4 no longer relevant for mDNS.
Feb 21 17:00:52 primario avahi-daemon[863]: Joining mDNS multicast group on interface tap0.IPv4 with address 10.0.0.91.
Feb 21 17:00:52 primario avahi-daemon[863]: New relevant interface tap0.IPv4 for mDNS.
Feb 21 17:00:52 primario avahi-daemon[863]: Registering new address record for 10.0.0.91 on tap0.IPv4.
Feb 21 17:00:52 primario nm-openvpn[2575]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tap0 1500 1574 10.0.0.91 255.255.255.0 init
Feb 21 17:00:52 primario NetworkManager[893]: <info> VPN connection 'Studio2006' (IP Config Get) reply received.
Feb 21 17:00:52 primario NetworkManager[893]: <info> VPN Gateway: 88.149.182.8
Feb 21 17:00:52 primario NetworkManager[893]: <info> Tunnel Device: tap0
Feb 21 17:00:52 primario NetworkManager[893]: <info> Internal IP4 Address: 10.0.0.91
Feb 21 17:00:52 primario NetworkManager[893]: <info> Internal IP4 Prefix: 24
Feb 21 17:00:52 primario NetworkManager[893]: <info> Internal IP4 Point-to-Point Address: 0.0.0.0
Feb 21 17:00:52 primario NetworkManager[893]: <info> Maximum Segment Size (MSS): 0
Feb 21 17:00:52 primario NetworkManager[893]: <info> DNS Domain: '(none)'
Feb 21 17:00:52 primario nm-openvpn[2575]: Initialization Sequence Completed
Feb 21 17:00:53 primario NetworkManager[893]: <info> VPN connection 'Studio2006' (IP Config Get) complete.
Feb 21 17:00:53 primario NetworkManager[893]: <info> Policy set 'Studio2006' (tap0) as default for IPv4 routing and DNS.
Feb 21 17:00:53 primario NetworkManager[893]: <info> VPN plugin state changed: 4
Feb 21 17:00:53 primario avahi-daemon[863]: Joining mDNS multicast group on interface tap0.IPv6 with address fe80::608a:8ff:fe9a:21ae.
Feb 21 17:00:53 primario avahi-daemon[863]: New relevant interface tap0.IPv6 for mDNS.
Feb 21 17:00:53 primario avahi-daemon[863]: Registering new address record for fe80::608a:8ff:fe9a:21ae on tap0.*.
Feb 21 17:01:02 primario kernel: [ 5957.904025] tap0: no IPv6 routers present

spero veramente che qualcuno mi possa dare una mano, ciao!

[ReMichael]

Se hai un file per il certificato e uno di configurazione (.conf) prova con il comando openvpn da riga di comando:

Codice: Seleziona tutto

sudo openvpn tuo_file.conf

[Lorem Ipsum]

Codice: Seleziona tutto

$ sudo openvpn client.conf
Mon Feb 21 21:10:39 2011 OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Mon Feb 21 21:10:39 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 21 21:10:39 2011 WARNING: file 'username.key' is group or others accessible
Mon Feb 21 21:10:39 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Mon Feb 21 21:10:39 2011 WARNING: file 'ta.key' is group or others accessible
Mon Feb 21 21:10:39 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Feb 21 21:10:39 2011 LZO compression initialized
Mon Feb 21 21:10:39 2011 UDPv4 link local: [undef]
Mon Feb 21 21:10:39 2011 UDPv4 link remote: [AF_INET]88.149.182.8:1194
Mon Feb 21 21:10:46 2011 [server] Peer Connection Initiated with [AF_INET]88.149.182.8:1194
Mon Feb 21 21:10:48 2011 TUN/TAP device tap1 opened
Mon Feb 21 21:10:48 2011 /sbin/ifconfig tap1 10.0.0.91 netmask 255.255.255.0 mtu 1500 broadcast 10.0.0.255
Mon Feb 21 21:10:48 2011 Initialization Sequence Completed

Codice: Seleziona tutto

$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From 10.0.0.91 icmp_seq=1 Destination Host Unreachable

aiuto!

[ReMichael]

Codice: Seleziona tutto

$ sudo openvpn client.conf
Mon Feb 21 21:10:39 2011 OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Mon Feb 21 21:10:39 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 21 21:10:39 2011 WARNING: file 'username.key' is group or others accessible
Mon Feb 21 21:10:39 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Mon Feb 21 21:10:39 2011 WARNING: file 'ta.key' is group or others accessible
Mon Feb 21 21:10:39 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Feb 21 21:10:39 2011 LZO compression initialized
Mon Feb 21 21:10:39 2011 UDPv4 link local: [undef]
Mon Feb 21 21:10:39 2011 UDPv4 link remote: [AF_INET]88.149.182.8:1194
Mon Feb 21 21:10:46 2011 [server] Peer Connection Initiated with [AF_INET]88.149.182.8:1194
Mon Feb 21 21:10:48 2011 TUN/TAP device tap1 opened
Mon Feb 21 21:10:48 2011 /sbin/ifconfig tap1 10.0.0.91 netmask 255.255.255.0 mtu 1500 broadcast 10.0.0.255
Mon Feb 21 21:10:48 2011 Initialization Sequence Completed

Codice: Seleziona tutto

$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From 10.0.0.91 icmp_seq=1 Destination Host Unreachable

aiuto!

La sequenza di connessione viene completata correttamente.. forse il problema è nel server. Immagino che hai già provato a riavviare il servizio giusto?

[Lorem Ipsum]

Si, ho provato a riavviare openvpn sul server:

Codice: Seleziona tutto

$ /etc/init.d/openvpn restart
Tue Feb 22 04:07:07 2011 server/94.165.165.130:46867 13 variation(s) on previous 10 message(s) suppressed by --mute
Tue Feb 22 04:07:07 2011 server/94.165.165.130:46867 [server] Inactivity timeout (--ping-restart), restarting
Tue Feb 22 04:07:07 2011 server/94.165.165.130:46867 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Feb 22 04:07:45 2011 event_wait : Interrupted system call (code=4)                                                                                                                                           
Tue Feb 22 04:07:45 2011 TCP/UDP: Closing socket                                                                                                                                                                 
Tue Feb 22 04:07:45 2011 Closing TUN/TAP interface                                                                                                                                                               
Tue Feb 22 04:07:46 2011 SIGTERM[hard,] received, process exiting                                                                                                                                                
Tue Feb 22 04:07:47 2011 OpenVPN 2.1_rc7 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May  8 2009                                                                                                             
Tue Feb 22 04:07:47 2011 Diffie-Hellman initialized with 1024 bit key                                                                                                                                            
Tue Feb 22 04:07:47 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>                                                                                                                                
Tue Feb 22 04:07:47 2011 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Tue Feb 22 04:07:47 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 22 04:07:47 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication                                                                                      
Tue Feb 22 04:07:47 2011 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]                                                                                                                                
Tue Feb 22 04:07:47 2011 TUN/TAP device tap0 opened                                                                                                                                                              
Tue Feb 22 04:07:47 2011 TUN/TAP TX queue length set to 100                                                                                                                                                      
Tue Feb 22 04:07:47 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]                                                                                                                 
Tue Feb 22 04:07:47 2011 UID set to nobody                                                                                                                                                                       
Tue Feb 22 04:07:47 2011 Socket Buffers: R=[111616->131072] S=[111616->131072]                                                                                                                                   
Tue Feb 22 04:07:47 2011 UDPv4 link local (bound): [undef]:1194                                                                                                                                                  
Tue Feb 22 04:07:47 2011 UDPv4 link remote: [undef]                                                                                                                                                              
Tue Feb 22 04:07:47 2011 MULTI: multi_init called, r=256 v=256                                                                                                                                                   
Tue Feb 22 04:07:47 2011 IFCONFIG POOL: base=10.0.0.90 size=11                                                                                                                                                   
Tue Feb 22 04:07:47 2011 IFCONFIG POOL LIST                                                                                                                                                                      
Tue Feb 22 04:07:47 2011 server,10.0.0.91                                                                                                                                                                        
Tue Feb 22 04:07:47 2011 Initialization Sequence Completed

sul client ho la seguente tabella di routing:

Codice: Seleziona tutto

$ route -n
Tabella di routing IP del kernel
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
88.149.182.8    192.168.0.3     255.255.255.255 UGH   0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0
192.168.0.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tap0

ho anche provato su di un portatile  Windows 7 con open vpn preso da http://openvpn.se, stesso problema, si connette ma niente scambio dati.

Sono prossimo alla rassegnazione  :'(

[ReMichael]

ho anche provato su di un portatile  Windows 7 con open vpn preso da http://openvpn.se, stesso problema, si connette ma niente scambio dati.

su Windows 7 devi eseguire openvpn come amministratore, altrimenti non funziona (anche se si connette)