Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenVPN - "Destination Host Unreachable" via one network
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
manwe_
Guru
Guru


Joined: 01 Feb 2006
Posts: 563
Location: Kraków/Cracow, Poland

PostPosted: Thu May 23, 2013 4:28 pm    Post subject: OpenVPN - "Destination Host Unreachable" via one n Reply with quote

Hi *.

I need some help with OpenVPN. I'm in a hotel with Wi-Fi and almost everything except http ports locked. Luckily I have one server with ssh on 443 so I was able to socks-proxy for last 2 days. Nevertheless I decided to set up OpenVPN (also on 443) on another server to be covered for situations like this.

Config on the server (/etc/openvpn/XXX/local.conf):
Code:

proto tcp-server
local 176.58.XX.XX
port 443
dev tap0
tls-server
cd /etc/openvpn/XXX
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 10.100.0.1 255.255.255.0
ifconfig-pool 10.100.0.2 10.100.0.11 255.255.255.0
push "dhcp-option DNS 176.58.XX.XX"
push "redirect-gateway"
push "route-gateway 10.100.0.1"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 10.100.0.0 255.255.255.0 10.100.0.1"
comp-lzo
status openvpn-status.log
verb 4


I know this might not be the prettiest config ever but those are my first steps with OpenVPN.

Firewall for forwarding OpenVPN clients to the outside world:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT



Now client (/etc/openvpn/XXX/local.conf):
Code:
proto tcp-client
port 443
dev tap0
remote 176.58.XX.XX
tls-client
cd /etc/openvpn/XXX
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb 4


It works when I connect my laptop with phone [Android AccessPoint] or go to a restaurant. VPN connects, client gets IP 10.100.0.2 and transfers everything via server. But in that damn hotel I get "Destination Host Unreachable" for ping 10.100.0.1 and every connections times out. Is there something wrong with my config? How can I get this working?

Client's dmesg log when connecting through hotel's WiFi:
Code:

May 23 18:00:47 openvpn[12605]: Current Parameter Settings:
May 23 18:00:47 openvpn[12605]:   config = '/etc/openvpn/XXX.conf'
May 23 18:00:47 openvpn[12605]:   mode = 0
May 23 18:00:47 openvpn[12605]:   persist_config = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_mode = 1
May 23 18:00:47 openvpn[12605]:   show_ciphers = DISABLED
May 23 18:00:47 openvpn[12605]:   show_digests = DISABLED
May 23 18:00:47 openvpn[12605]:   show_engines = DISABLED
May 23 18:00:47 openvpn[12605]:   genkey = DISABLED
May 23 18:00:47 openvpn[12605]:   key_pass_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   show_tls_ciphers = DISABLED
May 23 18:00:47 openvpn[12605]: Connection profiles [default]:
May 23 18:00:47 openvpn[12605]:   proto = tcp-client
May 23 18:00:47 openvpn[12605]:   local = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   local_port = 0
May 23 18:00:47 openvpn[12605]:   remote = '176.58.XX.XX'
May 23 18:00:47 openvpn[12605]:   remote_port = 443
May 23 18:00:47 openvpn[12605]:   remote_float = DISABLED
May 23 18:00:47 openvpn[12605]:   bind_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   bind_local = DISABLED
May 23 18:00:47 openvpn[12605]:   connect_retry_seconds = 5
May 23 18:00:47 openvpn[12605]:   connect_timeout = 10
May 23 18:00:47 openvpn[12605]:   connect_retry_max = 0
May 23 18:00:47 openvpn[12605]:   socks_proxy_server = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   socks_proxy_port = 0
May 23 18:00:47 openvpn[12605]:   socks_proxy_retry = DISABLED
May 23 18:00:47 openvpn[12605]:   tun_mtu = 1500
May 23 18:00:47 openvpn[12605]:   tun_mtu_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   link_mtu = 1500
May 23 18:00:47 openvpn[12605]:   link_mtu_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   tun_mtu_extra = 32
May 23 18:00:47 openvpn[12605]:   tun_mtu_extra_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   mtu_discover_type = -1
May 23 18:00:47 openvpn[12605]:   fragment = 0
May 23 18:00:47 openvpn[12605]:   mssfix = 1450
May 23 18:00:47 openvpn[12605]:   explicit_exit_notification = 0
May 23 18:00:47 openvpn[12605]: Connection profiles END
May 23 18:00:47 openvpn[12605]:   remote_random = DISABLED
May 23 18:00:47 openvpn[12605]:   ipchange = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   dev = 'tap0'
May 23 18:00:47 openvpn[12605]:   dev_type = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   dev_node = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   lladdr = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   topology = 1
May 23 18:00:47 openvpn[12605]:   tun_ipv6 = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_local = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_remote_netmask = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_noexec = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_nowarn = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_local = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_netbits = 0
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_remote = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   shaper = 0
May 23 18:00:47 openvpn[12605]:   mtu_test = 0
May 23 18:00:47 openvpn[12605]:   mlock = DISABLED
May 23 18:00:47 openvpn[12605]:   keepalive_ping = 0
May 23 18:00:47 openvpn[12605]:   keepalive_timeout = 0
May 23 18:00:47 openvpn[12605]:   inactivity_timeout = 0
May 23 18:00:47 openvpn[12605]:   ping_send_timeout = 0
May 23 18:00:47 openvpn[12605]:   ping_rec_timeout = 0
May 23 18:00:47 openvpn[12605]:   ping_rec_timeout_action = 0
May 23 18:00:47 openvpn[12605]:   ping_timer_remote = DISABLED
May 23 18:00:47 openvpn[12605]:   remap_sigusr1 = 0
May 23 18:00:47 openvpn[12605]:   persist_tun = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_local_ip = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_remote_ip = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_key = DISABLED
May 23 18:00:47 openvpn[12605]:   passtos = DISABLED
May 23 18:00:47 openvpn[12605]:   resolve_retry_seconds = 1000000000
May 23 18:00:47 openvpn[12605]:   username = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   groupname = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   chroot_dir = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   cd_dir = '/etc/openvpn/XXX'
May 23 18:00:47 openvpn[12605]:   writepid = '/var/run/openvpn.XXX.pid'
May 23 18:00:47 openvpn[12605]:   up_script = '/etc/openvpn/up.sh'
May 23 18:00:47 openvpn[12605]:   down_script = '/etc/openvpn/down.sh'
May 23 18:00:47 openvpn[12605]:   down_pre = ENABLED
May 23 18:00:47 openvpn[12605]:   up_restart = ENABLED
May 23 18:00:47 openvpn[12605]:   up_delay = ENABLED
May 23 18:00:47 openvpn[12605]:   daemon = ENABLED
May 23 18:00:47 openvpn[12605]:   inetd = 0
May 23 18:00:47 openvpn[12605]:   log = DISABLED
May 23 18:00:47 openvpn[12605]:   suppress_timestamps = DISABLED
May 23 18:00:47 openvpn[12605]:   nice = 0
May 23 18:00:47 openvpn[12605]:   verbosity = 4
May 23 18:00:47 openvpn[12605]:   mute = 0
May 23 18:00:47 openvpn[12605]:   gremlin = 0
May 23 18:00:47 openvpn[12605]:   status_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   status_file_version = 1
May 23 18:00:47 openvpn[12605]:   status_file_update_freq = 60
May 23 18:00:47 openvpn[12605]:   occ = ENABLED
May 23 18:00:47 openvpn[12605]:   rcvbuf = 65536
May 23 18:00:47 openvpn[12605]:   sndbuf = 65536
May 23 18:00:47 openvpn[12605]:   mark = 0
May 23 18:00:47 openvpn[12605]:   sockflags = 0
May 23 18:00:47 openvpn[12605]:   fast_io = DISABLED
May 23 18:00:47 openvpn[12605]:   lzo = 7
May 23 18:00:47 openvpn[12605]:   route_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   route_default_gateway = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   route_default_metric = 0
May 23 18:00:47 openvpn[12605]:   route_noexec = DISABLED
May 23 18:00:47 openvpn[12605]:   route_delay = 0
May 23 18:00:47 openvpn[12605]:   route_delay_window = 30
May 23 18:00:47 openvpn[12605]:   route_delay_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   route_nopull = DISABLED
May 23 18:00:47 openvpn[12605]:   route_gateway_via_dhcp = DISABLED
May 23 18:00:47 openvpn[12605]:   max_routes = 100
May 23 18:00:47 openvpn[12605]:   allow_pull_fqdn = DISABLED
May 23 18:00:47 openvpn[12605]:   management_addr = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_port = 0
May 23 18:00:47 openvpn[12605]:   management_user_pass = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_log_history_cache = 250
May 23 18:00:47 openvpn[12605]:   management_echo_buffer_size = 100
May 23 18:00:47 openvpn[12605]:   management_write_peer_info_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_client_user = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_client_group = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_flags = 0
May 23 18:00:47 openvpn[12605]:   shared_secret_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   key_direction = 2
May 23 18:00:47 openvpn[12605]:   ciphername_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   ciphername = 'BF-CBC'
May 23 18:00:47 openvpn[12605]:   authname_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   authname = 'SHA1'
May 23 18:00:47 openvpn[12605]:   prng_hash = 'SHA1'
May 23 18:00:47 openvpn[12605]:   prng_nonce_secret_len = 16
May 23 18:00:47 openvpn[12605]:   keysize = 0
May 23 18:00:47 openvpn[12605]:   engine = DISABLED
May 23 18:00:47 openvpn[12605]:   replay = ENABLED
May 23 18:00:47 openvpn[12605]:   mute_replay_warnings = DISABLED
May 23 18:00:47 openvpn[12605]:   replay_window = 64
May 23 18:00:47 openvpn[12605]:   replay_time = 15
May 23 18:00:47 openvpn[12605]:   packet_id_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   use_iv = ENABLED
May 23 18:00:47 openvpn[12605]:   test_crypto = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_server = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_client = ENABLED
May 23 18:00:47 openvpn[12605]:   key_method = 2
May 23 18:00:47 openvpn[12605]:   ca_file = 'ca.crt'
May 23 18:00:47 openvpn[12605]:   ca_path = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   dh_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   cert_file = 'client.crt'
May 23 18:00:47 openvpn[12605]:   priv_key_file = 'client.key'
May 23 18:00:47 openvpn[12605]:   pkcs12_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   cipher_list = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   tls_verify = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   tls_export_cert = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   verify_x509_type = 0
May 23 18:00:47 openvpn[12605]:   verify_x509_name = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   crl_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ns_cert_type = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_eku = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ssl_flags = 0
May 23 18:00:47 openvpn[12605]:   tls_timeout = 2
May 23 18:00:47 openvpn[12605]:   renegotiate_bytes = 0
May 23 18:00:47 openvpn[12605]:   renegotiate_packets = 0
May 23 18:00:47 openvpn[12605]:   renegotiate_seconds = 3600
May 23 18:00:47 openvpn[12605]:   handshake_window = 60
May 23 18:00:47 openvpn[12605]:   transition_window = 3600
May 23 18:00:47 openvpn[12605]:   single_session = DISABLED
May 23 18:00:47 openvpn[12605]:   push_peer_info = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_exit = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_auth_file = 'ta.key'
May 23 18:00:47 openvpn[12605]:   server_network = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_network_ipv6 = ::
May 23 18:00:47 openvpn[12605]:   server_netbits_ipv6 = 0
May 23 18:00:47 openvpn[12605]:   server_bridge_ip = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_bridge_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_bridge_pool_start = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_bridge_pool_end = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_start = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_end = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_persist_filename = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_persist_refresh_freq = 600
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_base = ::
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_netbits = 0
May 23 18:00:47 openvpn[12605]:   n_bcast_buf = 256
May 23 18:00:47 openvpn[12605]:   tcp_queue_limit = 64
May 23 18:00:47 openvpn[12605]:   real_hash_size = 256
May 23 18:00:47 openvpn[12605]:   virtual_hash_size = 256
May 23 18:00:47 openvpn[12605]:   client_connect_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   learn_address_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   client_disconnect_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   client_config_dir = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ccd_exclusive = DISABLED
May 23 18:00:47 openvpn[12605]:   tmp_dir = '/tmp'
May 23 18:00:47 openvpn[12605]:   push_ifconfig_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   push_ifconfig_local = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   push_ifconfig_remote_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_local = ::/0
May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_remote = ::
May 23 18:00:47 openvpn[12605]:   enable_c2c = DISABLED
May 23 18:00:47 openvpn[12605]:   duplicate_cn = DISABLED
May 23 18:00:47 openvpn[12605]:   cf_max = 0
May 23 18:00:47 openvpn[12605]:   cf_per = 0
May 23 18:00:47 openvpn[12605]:   max_clients = 1024
May 23 18:00:47 openvpn[12605]:   max_routes_per_client = 256
May 23 18:00:47 openvpn[12605]:   auth_user_pass_verify_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   auth_user_pass_verify_script_via_file = DISABLED
May 23 18:00:47 openvpn[12605]:   port_share_host = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   port_share_port = 0
May 23 18:00:47 openvpn[12605]:   client = DISABLED
May 23 18:00:47 openvpn[12605]:   pull = ENABLED
May 23 18:00:47 openvpn[12605]:   auth_user_pass_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]: OpenVPN 2.3.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 21 2013
May 23 18:00:47 openvpn[12605]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
May 23 18:00:47 openvpn[12605]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 23 18:00:47 openvpn[12605]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
May 23 18:00:47 openvpn[12605]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:47 openvpn[12605]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:47 openvpn[12605]: LZO compression initialized
May 23 18:00:47 openvpn[12605]: Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
May 23 18:00:47 openvpn[12605]: Socket Buffers: R=[87380->131072] S=[16384->131072]
May 23 18:00:47 openvpn[12605]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
May 23 18:00:47 openvpn[12605]: Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
May 23 18:00:47 openvpn[12605]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
May 23 18:00:47 openvpn[12605]: Local Options hash (VER=V4): 'e39a3273'
May 23 18:00:47 openvpn[12605]: Expected Remote Options hash (VER=V4): '3c14feac'
May 23 18:00:47 openvpn[12608]: Attempting to establish TCP connection with [AF_INET]176.58.XX.XX:443 [nonblock]
May 23 18:00:48 openvpn[12608]: TCP connection established with [AF_INET]176.58.XX.XX:443
May 23 18:00:48 openvpn[12608]: TCPv4_CLIENT link local: [undef]
May 23 18:00:48 openvpn[12608]: TCPv4_CLIENT link remote: [AF_INET]176.58.XX.XX:443
May 23 18:00:48 openvpn[12608]: TLS: Initial packet from [AF_INET]176.58.XX.XX:443, sid=362165fa 197ba310
May 23 18:00:49 openvpn[12608]: VERIFY OK: depth=1, C=PL, ST=malopolska, L=Krakow, O=manwe.pl, OU=XXX.manwe.pl, CN=XXX.manwe.pl, name=XXX.manwe.pl, emailAddress=@manwe.pl
May 23 18:00:49 openvpn[12608]: VERIFY OK: depth=0, C=PL, ST=malopolska, L=Krakow, O=manwe.pl, OU=XXX.manwe.pl, CN=server, name=XXX.manwe.pl, emailAddress=@manwe.pl
May 23 18:00:51 openvpn[12608]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 23 18:00:51 openvpn[12608]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:51 openvpn[12608]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 23 18:00:51 openvpn[12608]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:51 openvpn[12608]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
May 23 18:00:51 openvpn[12608]: [server] Peer Connection Initiated with [AF_INET]176.58.XX.XX:443
May 23 18:00:53 openvpn[12608]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 23 18:00:54 openvpn[12608]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 176.58.XX.XX,redirect-gateway,route-gateway 10.100.0.1,ping 10,ping-restart 60,route 10.100.0.0 255.255.255.0 10.100.0.1,ifconfig 10.100.0.2 255.255.255.0'
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: timers and/or timeouts modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: --ifconfig/up options modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: route options modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: route-related options modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 23 18:00:54 openvpn[12608]: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=48:5d:60:83:1e:14
May 23 18:00:54 openvpn[12608]: TUN/TAP device tap0 opened
May 23 18:00:54 openvpn[12608]: TUN/TAP TX queue length set to 100
May 23 18:00:54 openvpn[12608]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 23 18:00:54 openvpn[12608]: /bin/ip link set dev tap0 up mtu 1500
May 23 18:00:54 openvpn[12608]: /bin/ip addr add dev tap0 10.100.0.2/24 broadcast 10.100.0.255
May 23 18:00:54 openvpn[12608]: /etc/openvpn/up.sh tap0 1500 1576 10.100.0.2 255.255.255.0 init
May 23 18:00:54 openvpn[12608]: /bin/ip route add 176.58.XX.XX/32 via 192.168.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route del 0.0.0.0/0
May 23 18:00:54 openvpn[12608]: /bin/ip route add 0.0.0.0/0 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route add 10.100.0.0/24 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: ERROR: Linux route add command failed: external program exited with error status: 2
May 23 18:00:54 openvpn[12608]: Initialization Sequence Completed
Back to top
View user's profile Send private message
AngelKnight
Tux's lil' helper
Tux's lil' helper


Joined: 14 Jan 2003
Posts: 118

PostPosted: Sun May 26, 2013 7:14 am    Post subject: Re: OpenVPN - "Destination Host Unreachable" via o Reply with quote

manwe_ wrote:
I need some help with OpenVPN. I'm in a hotel with Wi-Fi and almost everything except http ports locked. Luckily I have one server with ssh on 443 so I was able to socks-proxy for last 2 days. Nevertheless I decided to set up OpenVPN (also on 443) on another server to be covered for situations like this.

Config on the server (/etc/openvpn/XXX/local.conf):
Code:

ifconfig 10.100.0.1 255.255.255.0
ifconfig-pool 10.100.0.2 10.100.0.11 255.255.255.0
push "route 10.100.0.0 255.255.255.0 10.100.0.1"


The server is already dealing out 10.100.0.0/24 as a reachable scope, why push another route for 10.100.0.0/24?

manwe_ wrote:
Client's dmesg log when connecting through hotel's WiFi:
Code:
May 23 18:00:54 openvpn[12608]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 176.58.XX.XX,redirect-gateway,route-gateway 10.100.0.1,ping 10,ping-restart 60,route 10.100.0.0 255.255.255.0 10.100.0.1,ifconfig 10.100.0.2 255.255.255.0'
May 23 18:00:54 openvpn[12608]: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=48:5d:60:83:1e:14
May 23 18:00:54 openvpn[12608]: TUN/TAP device tap0 opened
May 23 18:00:54 openvpn[12608]: TUN/TAP TX queue length set to 100
May 23 18:00:54 openvpn[12608]: /bin/ip link set dev tap0 up mtu 1500
May 23 18:00:54 openvpn[12608]: /bin/ip addr add dev tap0 10.100.0.2/24 broadcast 10.100.0.255
May 23 18:00:54 openvpn[12608]: /etc/openvpn/up.sh tap0 1500 1576 10.100.0.2 255.255.255.0 init
May 23 18:00:54 openvpn[12608]: /bin/ip route add 176.58.XX.XX/32 via 192.168.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route del 0.0.0.0/0
May 23 18:00:54 openvpn[12608]: /bin/ip route add 0.0.0.0/0 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route add 10.100.0.0/24 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: ERROR: Linux route add command failed: external program exited with error status: 2
May 23 18:00:54 openvpn[12608]: Initialization Sequence Completed


The error line is the kernel complaining that you're installing a nonsensical route indicating that a network is reached via a nexthop inside that same network.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum