Use OpenVPN to connect to ivacy.com - troubles

[Tompa]

Hi,

I'm trying to use openvpn to connect to an online vpn service called ivacy.com, but having some troubles.

Here's the output I get:

Code: Select all

bubba:/etc/openvpn# openvpn --config client.conf
Thu Apr  2 16:04:46 2009 OpenVPN 2.0.9 powerpc-unknown-linux-gnu [SSL] [LZO] [EPOLL] built on Sep 23 2007
Thu Apr  2 16:04:51 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Apr  2 16:04:51 2009 WARNING: file 'client.key' is group or others accessible
Thu Apr  2 16:04:51 2009 WARNING: file 'tls.key' is group or others accessible
Thu Apr  2 16:04:51 2009 Control Channel Authentication: using 'tls.key' as a OpenVPN static key file
Thu Apr  2 16:04:51 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 16:04:51 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 16:04:51 2009 LZO compression initialized
Thu Apr  2 16:04:51 2009 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Apr  2 16:04:51 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  2 16:04:51 2009 Local Options hash (VER=V4): '504e774e'
Thu Apr  2 16:04:51 2009 Expected Remote Options hash (VER=V4): '14168603'
Thu Apr  2 16:04:51 2009 UDPv4 link local: [undef]
Thu Apr  2 16:04:51 2009 UDPv4 link remote: 213.232.208.199:1194
Thu Apr  2 16:04:51 2009 TLS: Initial packet from 213.232.208.199:1194, sid=dbca5fa8 4f48e748
Thu Apr  2 16:04:52 2009 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Thu Apr  2 16:04:52 2009 VERIFY OK: nsCertType=SERVER
Thu Apr  2 16:04:52 2009 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Thu Apr  2 16:04:53 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr  2 16:04:53 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 16:04:53 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr  2 16:04:53 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 16:04:53 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Apr  2 16:04:53 2009 [openvpn.ivacy.com] Peer Connection Initiated with 213.232.208.199:1194
Thu Apr  2 16:04:55 2009 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Thu Apr  2 16:04:55 2009 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.100 255.255.255.0'
Thu Apr  2 16:04:55 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:7: topology (2.0.9)
Thu Apr  2 16:04:55 2009 OPTIONS IMPORT: timers and/or timeouts modified
Thu Apr  2 16:04:55 2009 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Apr  2 16:04:55 2009 OPTIONS IMPORT: --ifconfig/up options modified
Thu Apr  2 16:04:55 2009 OPTIONS IMPORT: route options modified
Thu Apr  2 16:04:55 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Apr  2 16:04:55 2009 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Thu Apr  2 16:04:55 2009 TUN/TAP device tun0 opened
Thu Apr  2 16:04:55 2009 ifconfig tun0 1.2.124.100 pointopoint 255.255.255.0 mtu 1500
SIOCSIFDSTADDR: Invalid argument
Thu Apr  2 16:04:55 2009 Linux ifconfig failed: shell command exited with error status: 1
Thu Apr  2 16:04:55 2009 Exiting

It seems as if the tun0 device is not created correctly since if I do a ifconfig it doesnt show - shouldn't it?

And also it seems as if some faulty settings are pushed down from the server - or maybe I need an upgrade of something locally to support them?

/Tompa

[Tompa]

For the interested I solved this. It was neccesary to upgrade to OpenVPN 2.1 for the service to work.

/Tompa

[ejvn]

Dear Tompa,

Can you tell us how you upgraded the openvpn client on the bubba? It seems I have similar problems using an openvpn service. (I tried to download the 2.1 source, but then I need a compiler; a 2.1 deb package needs all kinds of other more recent modules...)

Regards,

Ernst Jan

[Tompa]

It was some time ago I did it so I don't remember the details, but I think I downloaded the source and compiled them to get my 2.1 running.

To be able to compile you need to install build tools, try this:

Code: Select all

apt-get install build-essential

/Tompa

[ejvn]

Thanks! With that I was able to compile the new version (which works)!

I have attached the installation scripts for those who want to use a Bubba|2 router as a OpenVPN Client (so, connecting that bubba router to another vpn service). Note that all the computers that are connected to that bubba (via the LAN network) are routed through that vpn.

Note: use it at your own risk. (But I have performed the scripts at two up-to-date bubba systems, and it all works find up to now.)

/Ernst Jan

[scoobynz]

Hi ejvn.

I have been trying a similar scenario - through anonine.se.

I can connect to the vpn service and return the assigned ip address etc.

The only thing is that when I try to connect to the bubba interface (webserver) whilst connected to the vpn, or ssh through the assigned ip to bubba it does not work. Obviously I am updating my domain with ddclient, this is updating to the ip assigned by the service successfully.

Your post is a long time ago, so my question is simple. Did you ever have or have this functionality working - i.e. to connect to the webserver through the ip assigned by the vpn service.

C