Mailinglist Archive: opensuse (1318 mails)
| < Previous | Next > |
[opensuse] TLS negotiation and client-side virtual-interface.
- From: Patrik Hasibuan <patrikhasibuan@xxxxxxxxx>
- Date: Sat, 1 Nov 2008 00:50:38 -0700 (PDT)
- Message-id: <96831.70124.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Dear my friends,
I am confused about the virtual interface (tun0-00) for the client-side. Why is
the virtual-interface(tun0-00) on the server-side visible from 'ifconfig' and
the virtual-interface(tun0-00) on the client-side not visible/displayed from
'ifconfig'?
Please underbelow:
=====
server-side:
-----
mysussy:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:D1:3C:A0:30
inet addr:192.168.1.9 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::219:d1ff:fe3c:a030/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1515061 errors:0 dropped:0 overruns:0 frame:0
TX packets:2533595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:99929181 (95.2 Mb) TX bytes:3658131803 (3488.6 Mb)
Memory:30300000-30320000
eth5 Link encap:Ethernet HWaddr 00:50:DA:C4:C7:95
inet addr:219.83.114.179 Bcast:219.83.114.183 Mask:255.255.255.248
inet6 addr: fe80::250:daff:fec4:c795/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:299136 errors:0 dropped:0 overruns:0 frame:0
TX packets:210000 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:352775825 (336.4 Mb) TX bytes:20866755 (19.9 Mb)
Interrupt:21 Base address:0x2800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4387376 errors:0 dropped:0 overruns:0 frame:0
TX packets:4387376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1814729105 (1730.6 Mb) TX bytes:1814729105 (1730.6 Mb)
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
mysussy:~ #
=====
client-side
-----
sussy-MND:~ # ifconfig
dsl0 Link encap:Point-to-Point Protocol
inet addr:192.168.11.3 P-t-P:192.168.21.110 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:14049 errors:0 dropped:0 overruns:0 frame:0
TX packets:12576 errors:0 dropped:8 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:8422795 (8.0 Mb) TX bytes:1941219 (1.8 Mb)
eth1 Link encap:Ethernet HWaddr 00:19:21:66:02:F5
inet addr:192.161.1.42 Bcast:192.161.1.255 Mask:255.255.255.0
inet6 addr: fe80::219:21ff:fe66:2f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90600 errors:0 dropped:0 overruns:0 frame:0
TX packets:25048 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23090572 (22.0 Mb) TX bytes:3703103 (3.5 Mb)
Interrupt:20 Base address:0x6800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:895 errors:0 dropped:0 overruns:0 frame:0
TX packets:895 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:63695 (62.2 Kb) TX bytes:63695 (62.2 Kb)
sussy-MND:~ #
=====
This is my '*.conf' file:
=====
server-side (server.conf):
-----
mysussy:~ # mysussy:~ # cat /etc/openvpn/server.conf
local 219.83.114.179
port 1194
proto tcp
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/toka-site.crt
key /etc/openvpn/easy-rsa/2.0/keys/toka-site.key
dev tun
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
ns-cert-type server
comp-lzo
verb 3
mysussy:~ #
=====
client-side (client.conf):
-----
sussy-MND:~ # cat /etc/openvpn/client.conf
client
dev tun
proto tcp
remote 219.83.114.179 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cli-MND.crt
key /etc/openvpn/keys/cli-MND.key
ns-cert-type server
comp-lzo
verb 3
sussy-MND:~ #
=====
If I haven't the 'tun0-00' on my client-side station, how can I have the
virtual interface whose ip-address of '10.8.0.2'?
And why is connection is always reset? I don't understand.
"
Nov 1 15:43:44 sussy-MND openvpn[9479]: Connection reset, restarting [0]
".
Please tell me my mistake.
Thank you very much in advance.
=====
This is the '/var/log/messages' on the client-side
-----
sussy-MND:~ # tail -n 40 /var/log/messages
Nov 1 15:43:03 sussy-MND openvpn[9479]: TCP connection established with
219.83.114.179:1194
Nov 1 15:43:03 sussy-MND openvpn[9479]: TCPv4_CLIENT link local: [undef]
Nov 1 15:43:03 sussy-MND openvpn[9479]: TCPv4_CLIENT link remote:
219.83.114.179:1194
Nov 1 15:43:04 sussy-MND openvpn[9479]: TLS: Initial packet from
219.83.114.179:1194, sid=15e7403e 2ed3956a
Nov 1 15:43:22 sussy-MND openvpn[9479]: VERIFY OK: depth=1,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
Nov 1 15:43:22 sussy-MND openvpn[9479]: VERIFY OK: nsCertType=SERVER
Nov 1 15:43:22 sussy-MND openvpn[9479]: VERIFY OK: depth=0,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
Nov 1 15:43:38 sussy-MND openvpn[9479]: event_wait : Interrupted system call
(code=4)
Nov 1 15:43:38 sussy-MND openvpn[9479]: OpenVPN STATISTICS
Nov 1 15:43:38 sussy-MND openvpn[9479]: Updated,Sat Nov 1 15:43:38 2008
Nov 1 15:43:38 sussy-MND openvpn[9479]: TUN/TAP read bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: TUN/TAP write bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: TCP/UDP read bytes,5398
Nov 1 15:43:38 sussy-MND openvpn[9479]: TCP/UDP write bytes,3828
Nov 1 15:43:38 sussy-MND openvpn[9479]: Auth read bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: pre-compress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: post-compress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: pre-decompress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: post-decompress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: END
Nov 1 15:43:44 sussy-MND openvpn[9479]: Connection reset, restarting [0]
Nov 1 15:43:44 sussy-MND openvpn[9479]: TCP/UDP: Closing socket
Nov 1 15:43:44 sussy-MND openvpn[9479]: SIGUSR1[soft,connection-reset]
received, process restarting
Nov 1 15:43:44 sussy-MND openvpn[9479]: Restart pause, 5 second(s)
Nov 1 15:43:49 sussy-MND openvpn[9479]: IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Nov 1 15:43:49 sussy-MND openvpn[9479]: Re-using SSL/TLS context
Nov 1 15:43:49 sussy-MND openvpn[9479]: LZO compression initialized
Nov 1 15:43:49 sussy-MND openvpn[9479]: Control Channel MTU parms [ L:1544
D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov 1 15:43:49 sussy-MND openvpn[9479]: Data Channel MTU parms [ L:1544 D:1450
EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 1 15:43:49 sussy-MND openvpn[9479]: Local Options hash (VER=V4): '69109d17'
Nov 1 15:43:49 sussy-MND openvpn[9479]: Expected Remote Options hash (VER=V4):
'c0103fa8'
Nov 1 15:43:49 sussy-MND openvpn[9479]: Attempting to establish TCP connection
with 219.83.114.179:1194
Nov 1 15:43:50 sussy-MND openvpn[9479]: TCP connection established with
219.83.114.179:1194
Nov 1 15:43:50 sussy-MND openvpn[9479]: TCPv4_CLIENT link local: [undef]
Nov 1 15:43:50 sussy-MND openvpn[9479]: TCPv4_CLIENT link remote:
219.83.114.179:1194
Nov 1 15:43:50 sussy-MND openvpn[9479]: TLS: Initial packet from
219.83.114.179:1194, sid=8a938fc2 c9c42384
Nov 1 15:43:51 sussy-MND smartd[3926]: Device: /dev/sda, SMART Usage
Attribute: 194 Temperature_Celsius changed from 152 to 148
Nov 1 15:44:07 sussy-MND openvpn[9479]: VERIFY OK: depth=1,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
Nov 1 15:44:07 sussy-MND openvpn[9479]: VERIFY OK: nsCertType=SERVER
Nov 1 15:44:07 sussy-MND openvpn[9479]: VERIFY OK: depth=0,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
sussy-MND:~ #
=====
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I am confused about the virtual interface (tun0-00) for the client-side. Why is
the virtual-interface(tun0-00) on the server-side visible from 'ifconfig' and
the virtual-interface(tun0-00) on the client-side not visible/displayed from
'ifconfig'?
Please underbelow:
=====
server-side:
-----
mysussy:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:D1:3C:A0:30
inet addr:192.168.1.9 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::219:d1ff:fe3c:a030/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1515061 errors:0 dropped:0 overruns:0 frame:0
TX packets:2533595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:99929181 (95.2 Mb) TX bytes:3658131803 (3488.6 Mb)
Memory:30300000-30320000
eth5 Link encap:Ethernet HWaddr 00:50:DA:C4:C7:95
inet addr:219.83.114.179 Bcast:219.83.114.183 Mask:255.255.255.248
inet6 addr: fe80::250:daff:fec4:c795/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:299136 errors:0 dropped:0 overruns:0 frame:0
TX packets:210000 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:352775825 (336.4 Mb) TX bytes:20866755 (19.9 Mb)
Interrupt:21 Base address:0x2800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4387376 errors:0 dropped:0 overruns:0 frame:0
TX packets:4387376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1814729105 (1730.6 Mb) TX bytes:1814729105 (1730.6 Mb)
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
mysussy:~ #
=====
client-side
-----
sussy-MND:~ # ifconfig
dsl0 Link encap:Point-to-Point Protocol
inet addr:192.168.11.3 P-t-P:192.168.21.110 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:14049 errors:0 dropped:0 overruns:0 frame:0
TX packets:12576 errors:0 dropped:8 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:8422795 (8.0 Mb) TX bytes:1941219 (1.8 Mb)
eth1 Link encap:Ethernet HWaddr 00:19:21:66:02:F5
inet addr:192.161.1.42 Bcast:192.161.1.255 Mask:255.255.255.0
inet6 addr: fe80::219:21ff:fe66:2f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90600 errors:0 dropped:0 overruns:0 frame:0
TX packets:25048 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23090572 (22.0 Mb) TX bytes:3703103 (3.5 Mb)
Interrupt:20 Base address:0x6800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:895 errors:0 dropped:0 overruns:0 frame:0
TX packets:895 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:63695 (62.2 Kb) TX bytes:63695 (62.2 Kb)
sussy-MND:~ #
=====
This is my '*.conf' file:
=====
server-side (server.conf):
-----
mysussy:~ # mysussy:~ # cat /etc/openvpn/server.conf
local 219.83.114.179
port 1194
proto tcp
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/toka-site.crt
key /etc/openvpn/easy-rsa/2.0/keys/toka-site.key
dev tun
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
ns-cert-type server
comp-lzo
verb 3
mysussy:~ #
=====
client-side (client.conf):
-----
sussy-MND:~ # cat /etc/openvpn/client.conf
client
dev tun
proto tcp
remote 219.83.114.179 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cli-MND.crt
key /etc/openvpn/keys/cli-MND.key
ns-cert-type server
comp-lzo
verb 3
sussy-MND:~ #
=====
If I haven't the 'tun0-00' on my client-side station, how can I have the
virtual interface whose ip-address of '10.8.0.2'?
And why is connection is always reset? I don't understand.
"
Nov 1 15:43:44 sussy-MND openvpn[9479]: Connection reset, restarting [0]
".
Please tell me my mistake.
Thank you very much in advance.
=====
This is the '/var/log/messages' on the client-side
-----
sussy-MND:~ # tail -n 40 /var/log/messages
Nov 1 15:43:03 sussy-MND openvpn[9479]: TCP connection established with
219.83.114.179:1194
Nov 1 15:43:03 sussy-MND openvpn[9479]: TCPv4_CLIENT link local: [undef]
Nov 1 15:43:03 sussy-MND openvpn[9479]: TCPv4_CLIENT link remote:
219.83.114.179:1194
Nov 1 15:43:04 sussy-MND openvpn[9479]: TLS: Initial packet from
219.83.114.179:1194, sid=15e7403e 2ed3956a
Nov 1 15:43:22 sussy-MND openvpn[9479]: VERIFY OK: depth=1,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
Nov 1 15:43:22 sussy-MND openvpn[9479]: VERIFY OK: nsCertType=SERVER
Nov 1 15:43:22 sussy-MND openvpn[9479]: VERIFY OK: depth=0,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
Nov 1 15:43:38 sussy-MND openvpn[9479]: event_wait : Interrupted system call
(code=4)
Nov 1 15:43:38 sussy-MND openvpn[9479]: OpenVPN STATISTICS
Nov 1 15:43:38 sussy-MND openvpn[9479]: Updated,Sat Nov 1 15:43:38 2008
Nov 1 15:43:38 sussy-MND openvpn[9479]: TUN/TAP read bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: TUN/TAP write bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: TCP/UDP read bytes,5398
Nov 1 15:43:38 sussy-MND openvpn[9479]: TCP/UDP write bytes,3828
Nov 1 15:43:38 sussy-MND openvpn[9479]: Auth read bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: pre-compress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: post-compress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: pre-decompress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: post-decompress bytes,0
Nov 1 15:43:38 sussy-MND openvpn[9479]: END
Nov 1 15:43:44 sussy-MND openvpn[9479]: Connection reset, restarting [0]
Nov 1 15:43:44 sussy-MND openvpn[9479]: TCP/UDP: Closing socket
Nov 1 15:43:44 sussy-MND openvpn[9479]: SIGUSR1[soft,connection-reset]
received, process restarting
Nov 1 15:43:44 sussy-MND openvpn[9479]: Restart pause, 5 second(s)
Nov 1 15:43:49 sussy-MND openvpn[9479]: IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Nov 1 15:43:49 sussy-MND openvpn[9479]: Re-using SSL/TLS context
Nov 1 15:43:49 sussy-MND openvpn[9479]: LZO compression initialized
Nov 1 15:43:49 sussy-MND openvpn[9479]: Control Channel MTU parms [ L:1544
D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov 1 15:43:49 sussy-MND openvpn[9479]: Data Channel MTU parms [ L:1544 D:1450
EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 1 15:43:49 sussy-MND openvpn[9479]: Local Options hash (VER=V4): '69109d17'
Nov 1 15:43:49 sussy-MND openvpn[9479]: Expected Remote Options hash (VER=V4):
'c0103fa8'
Nov 1 15:43:49 sussy-MND openvpn[9479]: Attempting to establish TCP connection
with 219.83.114.179:1194
Nov 1 15:43:50 sussy-MND openvpn[9479]: TCP connection established with
219.83.114.179:1194
Nov 1 15:43:50 sussy-MND openvpn[9479]: TCPv4_CLIENT link local: [undef]
Nov 1 15:43:50 sussy-MND openvpn[9479]: TCPv4_CLIENT link remote:
219.83.114.179:1194
Nov 1 15:43:50 sussy-MND openvpn[9479]: TLS: Initial packet from
219.83.114.179:1194, sid=8a938fc2 c9c42384
Nov 1 15:43:51 sussy-MND smartd[3926]: Device: /dev/sda, SMART Usage
Attribute: 194 Temperature_Celsius changed from 152 to 148
Nov 1 15:44:07 sussy-MND openvpn[9479]: VERIFY OK: depth=1,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
Nov 1 15:44:07 sussy-MND openvpn[9479]: VERIFY OK: nsCertType=SERVER
Nov 1 15:44:07 sussy-MND openvpn[9479]: VERIFY OK: depth=0,
/C=ID/ST=SU/L=MND/O=MSM-TTN/OU=PT/CN=mysussy/emailAddress=ilham.firdaus@xxxxxxxxxxxxxxx
sussy-MND:~ #
=====
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |