Forums

Skip to content

Advanced search
  • Quick links
    • Unanswered topics
    • Active topics
    • Search
  • FAQ
  • Login
  • Register
  • Board index Assistance Networking & Security
  • Search

OpenVPN - "Destination Host Unreachable" via one network

Having problems getting connected to the internet or running a server? Wondering about securing your box? Ask here.
Post Reply
Advanced search
2 posts • Page 1 of 1
Author
Message
manwe_
l33t
l33t
User avatar
Posts: 650
Joined: Wed Feb 01, 2006 4:10 pm
Location: Universe

OpenVPN - "Destination Host Unreachable" via one n

  • Quote

Post by manwe_ » Thu May 23, 2013 4:28 pm

Hi *.

I need some help with OpenVPN. I'm in a hotel with Wi-Fi and almost everything except http ports locked. Luckily I have one server with ssh on 443 so I was able to socks-proxy for last 2 days. Nevertheless I decided to set up OpenVPN (also on 443) on another server to be covered for situations like this.

Config on the server (/etc/openvpn/XXX/local.conf):

Code: Select all

proto tcp-server
local 176.58.XX.XX
port 443
dev tap0
tls-server
cd /etc/openvpn/XXX
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 10.100.0.1 255.255.255.0 
ifconfig-pool 10.100.0.2 10.100.0.11 255.255.255.0 
push "dhcp-option DNS 176.58.XX.XX" 
push "redirect-gateway"
push "route-gateway 10.100.0.1"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 10.100.0.0 255.255.255.0 10.100.0.1"
comp-lzo
status openvpn-status.log
verb 4
I know this might not be the prettiest config ever but those are my first steps with OpenVPN.

Firewall for forwarding OpenVPN clients to the outside world:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT

Now client (/etc/openvpn/XXX/local.conf):

Code: Select all

proto tcp-client
port 443 
dev tap0
remote 176.58.XX.XX
tls-client
cd /etc/openvpn/XXX
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb 4
It works when I connect my laptop with phone [Android AccessPoint] or go to a restaurant. VPN connects, client gets IP 10.100.0.2 and transfers everything via server. But in that damn hotel I get "Destination Host Unreachable" for ping 10.100.0.1 and every connections times out. Is there something wrong with my config? How can I get this working?

Client's dmesg log when connecting through hotel's WiFi:

Code: Select all

May 23 18:00:47 openvpn[12605]: Current Parameter Settings:
May 23 18:00:47 openvpn[12605]:   config = '/etc/openvpn/XXX.conf'
May 23 18:00:47 openvpn[12605]:   mode = 0
May 23 18:00:47 openvpn[12605]:   persist_config = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_mode = 1
May 23 18:00:47 openvpn[12605]:   show_ciphers = DISABLED
May 23 18:00:47 openvpn[12605]:   show_digests = DISABLED
May 23 18:00:47 openvpn[12605]:   show_engines = DISABLED
May 23 18:00:47 openvpn[12605]:   genkey = DISABLED
May 23 18:00:47 openvpn[12605]:   key_pass_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   show_tls_ciphers = DISABLED
May 23 18:00:47 openvpn[12605]: Connection profiles [default]:
May 23 18:00:47 openvpn[12605]:   proto = tcp-client
May 23 18:00:47 openvpn[12605]:   local = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   local_port = 0
May 23 18:00:47 openvpn[12605]:   remote = '176.58.XX.XX'
May 23 18:00:47 openvpn[12605]:   remote_port = 443
May 23 18:00:47 openvpn[12605]:   remote_float = DISABLED
May 23 18:00:47 openvpn[12605]:   bind_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   bind_local = DISABLED
May 23 18:00:47 openvpn[12605]:   connect_retry_seconds = 5
May 23 18:00:47 openvpn[12605]:   connect_timeout = 10
May 23 18:00:47 openvpn[12605]:   connect_retry_max = 0
May 23 18:00:47 openvpn[12605]:   socks_proxy_server = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   socks_proxy_port = 0
May 23 18:00:47 openvpn[12605]:   socks_proxy_retry = DISABLED
May 23 18:00:47 openvpn[12605]:   tun_mtu = 1500
May 23 18:00:47 openvpn[12605]:   tun_mtu_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   link_mtu = 1500
May 23 18:00:47 openvpn[12605]:   link_mtu_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   tun_mtu_extra = 32
May 23 18:00:47 openvpn[12605]:   tun_mtu_extra_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   mtu_discover_type = -1
May 23 18:00:47 openvpn[12605]:   fragment = 0
May 23 18:00:47 openvpn[12605]:   mssfix = 1450
May 23 18:00:47 openvpn[12605]:   explicit_exit_notification = 0
May 23 18:00:47 openvpn[12605]: Connection profiles END
May 23 18:00:47 openvpn[12605]:   remote_random = DISABLED
May 23 18:00:47 openvpn[12605]:   ipchange = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   dev = 'tap0'
May 23 18:00:47 openvpn[12605]:   dev_type = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   dev_node = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   lladdr = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   topology = 1
May 23 18:00:47 openvpn[12605]:   tun_ipv6 = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_local = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_remote_netmask = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_noexec = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_nowarn = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_local = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_netbits = 0
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_remote = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   shaper = 0
May 23 18:00:47 openvpn[12605]:   mtu_test = 0
May 23 18:00:47 openvpn[12605]:   mlock = DISABLED
May 23 18:00:47 openvpn[12605]:   keepalive_ping = 0
May 23 18:00:47 openvpn[12605]:   keepalive_timeout = 0
May 23 18:00:47 openvpn[12605]:   inactivity_timeout = 0
May 23 18:00:47 openvpn[12605]:   ping_send_timeout = 0
May 23 18:00:47 openvpn[12605]:   ping_rec_timeout = 0
May 23 18:00:47 openvpn[12605]:   ping_rec_timeout_action = 0
May 23 18:00:47 openvpn[12605]:   ping_timer_remote = DISABLED
May 23 18:00:47 openvpn[12605]:   remap_sigusr1 = 0
May 23 18:00:47 openvpn[12605]:   persist_tun = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_local_ip = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_remote_ip = DISABLED
May 23 18:00:47 openvpn[12605]:   persist_key = DISABLED
May 23 18:00:47 openvpn[12605]:   passtos = DISABLED
May 23 18:00:47 openvpn[12605]:   resolve_retry_seconds = 1000000000
May 23 18:00:47 openvpn[12605]:   username = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   groupname = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   chroot_dir = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   cd_dir = '/etc/openvpn/XXX'
May 23 18:00:47 openvpn[12605]:   writepid = '/var/run/openvpn.XXX.pid'
May 23 18:00:47 openvpn[12605]:   up_script = '/etc/openvpn/up.sh'
May 23 18:00:47 openvpn[12605]:   down_script = '/etc/openvpn/down.sh'
May 23 18:00:47 openvpn[12605]:   down_pre = ENABLED
May 23 18:00:47 openvpn[12605]:   up_restart = ENABLED
May 23 18:00:47 openvpn[12605]:   up_delay = ENABLED
May 23 18:00:47 openvpn[12605]:   daemon = ENABLED
May 23 18:00:47 openvpn[12605]:   inetd = 0
May 23 18:00:47 openvpn[12605]:   log = DISABLED
May 23 18:00:47 openvpn[12605]:   suppress_timestamps = DISABLED
May 23 18:00:47 openvpn[12605]:   nice = 0
May 23 18:00:47 openvpn[12605]:   verbosity = 4
May 23 18:00:47 openvpn[12605]:   mute = 0
May 23 18:00:47 openvpn[12605]:   gremlin = 0
May 23 18:00:47 openvpn[12605]:   status_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   status_file_version = 1
May 23 18:00:47 openvpn[12605]:   status_file_update_freq = 60
May 23 18:00:47 openvpn[12605]:   occ = ENABLED
May 23 18:00:47 openvpn[12605]:   rcvbuf = 65536
May 23 18:00:47 openvpn[12605]:   sndbuf = 65536
May 23 18:00:47 openvpn[12605]:   mark = 0
May 23 18:00:47 openvpn[12605]:   sockflags = 0
May 23 18:00:47 openvpn[12605]:   fast_io = DISABLED
May 23 18:00:47 openvpn[12605]:   lzo = 7
May 23 18:00:47 openvpn[12605]:   route_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   route_default_gateway = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   route_default_metric = 0
May 23 18:00:47 openvpn[12605]:   route_noexec = DISABLED
May 23 18:00:47 openvpn[12605]:   route_delay = 0
May 23 18:00:47 openvpn[12605]:   route_delay_window = 30
May 23 18:00:47 openvpn[12605]:   route_delay_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   route_nopull = DISABLED
May 23 18:00:47 openvpn[12605]:   route_gateway_via_dhcp = DISABLED
May 23 18:00:47 openvpn[12605]:   max_routes = 100
May 23 18:00:47 openvpn[12605]:   allow_pull_fqdn = DISABLED
May 23 18:00:47 openvpn[12605]:   management_addr = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_port = 0
May 23 18:00:47 openvpn[12605]:   management_user_pass = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_log_history_cache = 250
May 23 18:00:47 openvpn[12605]:   management_echo_buffer_size = 100
May 23 18:00:47 openvpn[12605]:   management_write_peer_info_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_client_user = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_client_group = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   management_flags = 0
May 23 18:00:47 openvpn[12605]:   shared_secret_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   key_direction = 2
May 23 18:00:47 openvpn[12605]:   ciphername_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   ciphername = 'BF-CBC'
May 23 18:00:47 openvpn[12605]:   authname_defined = ENABLED
May 23 18:00:47 openvpn[12605]:   authname = 'SHA1'
May 23 18:00:47 openvpn[12605]:   prng_hash = 'SHA1'
May 23 18:00:47 openvpn[12605]:   prng_nonce_secret_len = 16
May 23 18:00:47 openvpn[12605]:   keysize = 0
May 23 18:00:47 openvpn[12605]:   engine = DISABLED
May 23 18:00:47 openvpn[12605]:   replay = ENABLED
May 23 18:00:47 openvpn[12605]:   mute_replay_warnings = DISABLED
May 23 18:00:47 openvpn[12605]:   replay_window = 64
May 23 18:00:47 openvpn[12605]:   replay_time = 15
May 23 18:00:47 openvpn[12605]:   packet_id_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   use_iv = ENABLED
May 23 18:00:47 openvpn[12605]:   test_crypto = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_server = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_client = ENABLED
May 23 18:00:47 openvpn[12605]:   key_method = 2
May 23 18:00:47 openvpn[12605]:   ca_file = 'ca.crt'
May 23 18:00:47 openvpn[12605]:   ca_path = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   dh_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   cert_file = 'client.crt'
May 23 18:00:47 openvpn[12605]:   priv_key_file = 'client.key'
May 23 18:00:47 openvpn[12605]:   pkcs12_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   cipher_list = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   tls_verify = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   tls_export_cert = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   verify_x509_type = 0
May 23 18:00:47 openvpn[12605]:   verify_x509_name = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   crl_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ns_cert_type = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0
May 23 18:00:47 openvpn[12605]:   remote_cert_eku = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ssl_flags = 0
May 23 18:00:47 openvpn[12605]:   tls_timeout = 2
May 23 18:00:47 openvpn[12605]:   renegotiate_bytes = 0
May 23 18:00:47 openvpn[12605]:   renegotiate_packets = 0
May 23 18:00:47 openvpn[12605]:   renegotiate_seconds = 3600
May 23 18:00:47 openvpn[12605]:   handshake_window = 60
May 23 18:00:47 openvpn[12605]:   transition_window = 3600
May 23 18:00:47 openvpn[12605]:   single_session = DISABLED
May 23 18:00:47 openvpn[12605]:   push_peer_info = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_exit = DISABLED
May 23 18:00:47 openvpn[12605]:   tls_auth_file = 'ta.key'
May 23 18:00:47 openvpn[12605]:   server_network = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_network_ipv6 = ::
May 23 18:00:47 openvpn[12605]:   server_netbits_ipv6 = 0
May 23 18:00:47 openvpn[12605]:   server_bridge_ip = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_bridge_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_bridge_pool_start = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   server_bridge_pool_end = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_start = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_end = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_persist_filename = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ifconfig_pool_persist_refresh_freq = 600
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_base = ::
May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_netbits = 0
May 23 18:00:47 openvpn[12605]:   n_bcast_buf = 256
May 23 18:00:47 openvpn[12605]:   tcp_queue_limit = 64
May 23 18:00:47 openvpn[12605]:   real_hash_size = 256
May 23 18:00:47 openvpn[12605]:   virtual_hash_size = 256
May 23 18:00:47 openvpn[12605]:   client_connect_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   learn_address_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   client_disconnect_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   client_config_dir = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   ccd_exclusive = DISABLED
May 23 18:00:47 openvpn[12605]:   tmp_dir = '/tmp'
May 23 18:00:47 openvpn[12605]:   push_ifconfig_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   push_ifconfig_local = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   push_ifconfig_remote_netmask = 0.0.0.0
May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_defined = DISABLED
May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_local = ::/0
May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_remote = ::
May 23 18:00:47 openvpn[12605]:   enable_c2c = DISABLED
May 23 18:00:47 openvpn[12605]:   duplicate_cn = DISABLED
May 23 18:00:47 openvpn[12605]:   cf_max = 0
May 23 18:00:47 openvpn[12605]:   cf_per = 0
May 23 18:00:47 openvpn[12605]:   max_clients = 1024
May 23 18:00:47 openvpn[12605]:   max_routes_per_client = 256
May 23 18:00:47 openvpn[12605]:   auth_user_pass_verify_script = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   auth_user_pass_verify_script_via_file = DISABLED
May 23 18:00:47 openvpn[12605]:   port_share_host = '[UNDEF]'
May 23 18:00:47 openvpn[12605]:   port_share_port = 0
May 23 18:00:47 openvpn[12605]:   client = DISABLED
May 23 18:00:47 openvpn[12605]:   pull = ENABLED
May 23 18:00:47 openvpn[12605]:   auth_user_pass_file = '[UNDEF]'
May 23 18:00:47 openvpn[12605]: OpenVPN 2.3.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 21 2013
May 23 18:00:47 openvpn[12605]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
May 23 18:00:47 openvpn[12605]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 23 18:00:47 openvpn[12605]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
May 23 18:00:47 openvpn[12605]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:47 openvpn[12605]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:47 openvpn[12605]: LZO compression initialized
May 23 18:00:47 openvpn[12605]: Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
May 23 18:00:47 openvpn[12605]: Socket Buffers: R=[87380->131072] S=[16384->131072]
May 23 18:00:47 openvpn[12605]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
May 23 18:00:47 openvpn[12605]: Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
May 23 18:00:47 openvpn[12605]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
May 23 18:00:47 openvpn[12605]: Local Options hash (VER=V4): 'e39a3273'
May 23 18:00:47 openvpn[12605]: Expected Remote Options hash (VER=V4): '3c14feac'
May 23 18:00:47 openvpn[12608]: Attempting to establish TCP connection with [AF_INET]176.58.XX.XX:443 [nonblock]
May 23 18:00:48 openvpn[12608]: TCP connection established with [AF_INET]176.58.XX.XX:443
May 23 18:00:48 openvpn[12608]: TCPv4_CLIENT link local: [undef]
May 23 18:00:48 openvpn[12608]: TCPv4_CLIENT link remote: [AF_INET]176.58.XX.XX:443
May 23 18:00:48 openvpn[12608]: TLS: Initial packet from [AF_INET]176.58.XX.XX:443, sid=362165fa 197ba310
May 23 18:00:49 openvpn[12608]: VERIFY OK: depth=1, C=PL, ST=malopolska, L=Krakow, O=manwe.pl, OU=XXX.manwe.pl, CN=XXX.manwe.pl, name=XXX.manwe.pl, emailAddress=@manwe.pl
May 23 18:00:49 openvpn[12608]: VERIFY OK: depth=0, C=PL, ST=malopolska, L=Krakow, O=manwe.pl, OU=XXX.manwe.pl, CN=server, name=XXX.manwe.pl, emailAddress=@manwe.pl
May 23 18:00:51 openvpn[12608]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 23 18:00:51 openvpn[12608]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:51 openvpn[12608]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 23 18:00:51 openvpn[12608]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 18:00:51 openvpn[12608]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
May 23 18:00:51 openvpn[12608]: [server] Peer Connection Initiated with [AF_INET]176.58.XX.XX:443
May 23 18:00:53 openvpn[12608]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 23 18:00:54 openvpn[12608]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 176.58.XX.XX,redirect-gateway,route-gateway 10.100.0.1,ping 10,ping-restart 60,route 10.100.0.0 255.255.255.0 10.100.0.1,ifconfig 10.100.0.2 255.255.255.0'
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: timers and/or timeouts modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: --ifconfig/up options modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: route options modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: route-related options modified
May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 23 18:00:54 openvpn[12608]: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=48:5d:60:83:1e:14
May 23 18:00:54 openvpn[12608]: TUN/TAP device tap0 opened
May 23 18:00:54 openvpn[12608]: TUN/TAP TX queue length set to 100
May 23 18:00:54 openvpn[12608]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 23 18:00:54 openvpn[12608]: /bin/ip link set dev tap0 up mtu 1500
May 23 18:00:54 openvpn[12608]: /bin/ip addr add dev tap0 10.100.0.2/24 broadcast 10.100.0.255
May 23 18:00:54 openvpn[12608]: /etc/openvpn/up.sh tap0 1500 1576 10.100.0.2 255.255.255.0 init
May 23 18:00:54 openvpn[12608]: /bin/ip route add 176.58.XX.XX/32 via 192.168.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route del 0.0.0.0/0
May 23 18:00:54 openvpn[12608]: /bin/ip route add 0.0.0.0/0 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route add 10.100.0.0/24 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: ERROR: Linux route add command failed: external program exited with error status: 2
May 23 18:00:54 openvpn[12608]: Initialization Sequence Completed
Top
AngelKnight
Tux's lil' helper
Tux's lil' helper
Posts: 127
Joined: Tue Jan 14, 2003 3:21 am

Re: OpenVPN - "Destination Host Unreachable" via o

  • Quote

Post by AngelKnight » Sun May 26, 2013 7:14 am

manwe_ wrote:I need some help with OpenVPN. I'm in a hotel with Wi-Fi and almost everything except http ports locked. Luckily I have one server with ssh on 443 so I was able to socks-proxy for last 2 days. Nevertheless I decided to set up OpenVPN (also on 443) on another server to be covered for situations like this.

Config on the server (/etc/openvpn/XXX/local.conf):

Code: Select all

ifconfig 10.100.0.1 255.255.255.0 
ifconfig-pool 10.100.0.2 10.100.0.11 255.255.255.0 
push "route 10.100.0.0 255.255.255.0 10.100.0.1"
The server is already dealing out 10.100.0.0/24 as a reachable scope, why push another route for 10.100.0.0/24?
manwe_ wrote:Client's dmesg log when connecting through hotel's WiFi:

Code: Select all

May 23 18:00:54 openvpn[12608]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 176.58.XX.XX,redirect-gateway,route-gateway 10.100.0.1,ping 10,ping-restart 60,route 10.100.0.0 255.255.255.0 10.100.0.1,ifconfig 10.100.0.2 255.255.255.0'
May 23 18:00:54 openvpn[12608]: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=48:5d:60:83:1e:14
May 23 18:00:54 openvpn[12608]: TUN/TAP device tap0 opened
May 23 18:00:54 openvpn[12608]: TUN/TAP TX queue length set to 100
May 23 18:00:54 openvpn[12608]: /bin/ip link set dev tap0 up mtu 1500
May 23 18:00:54 openvpn[12608]: /bin/ip addr add dev tap0 10.100.0.2/24 broadcast 10.100.0.255
May 23 18:00:54 openvpn[12608]: /etc/openvpn/up.sh tap0 1500 1576 10.100.0.2 255.255.255.0 init
May 23 18:00:54 openvpn[12608]: /bin/ip route add 176.58.XX.XX/32 via 192.168.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route del 0.0.0.0/0
May 23 18:00:54 openvpn[12608]: /bin/ip route add 0.0.0.0/0 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: /bin/ip route add 10.100.0.0/24 via 10.100.0.1
May 23 18:00:54 openvpn[12608]: ERROR: Linux route add command failed: external program exited with error status: 2
May 23 18:00:54 openvpn[12608]: Initialization Sequence Completed
The error line is the kernel complaining that you're installing a nonsensical route indicating that a network is reached via a nexthop inside that same network.
Top
Post Reply
2 posts • Page 1 of 1

Return to “Networking & Security”

Jump to
  • Assistance
  • ↳   News & Announcements
  • ↳   Frequently Asked Questions
  • ↳   Installing Gentoo
  • ↳   Multimedia
  • ↳   Desktop Environments
  • ↳   Networking & Security
  • ↳   Kernel & Hardware
  • ↳   Portage & Programming
  • ↳   Gamers & Players
  • ↳   Other Things Gentoo
  • ↳   Unsupported Software
  • Discussion & Documentation
  • ↳   Documentation, Tips & Tricks
  • ↳   Gentoo Chat
  • ↳   Gentoo Forums Feedback
  • ↳   Duplicate Threads
  • International Gentoo Users
  • ↳   中文 (Chinese)
  • ↳   Dutch
  • ↳   Finnish
  • ↳   French
  • ↳   Deutsches Forum (German)
  • ↳   Diskussionsforum
  • ↳   Deutsche Dokumentation
  • ↳   Greek
  • ↳   Forum italiano (Italian)
  • ↳   Forum di discussione italiano
  • ↳   Risorse italiane (documentazione e tools)
  • ↳   Polskie forum (Polish)
  • ↳   Instalacja i sprzęt
  • ↳   Polish OTW
  • ↳   Portuguese
  • ↳   Documentação, Ferramentas e Dicas
  • ↳   Russian
  • ↳   Scandinavian
  • ↳   Spanish
  • ↳   Other Languages
  • Architectures & Platforms
  • ↳   Gentoo on ARM
  • ↳   Gentoo on PPC
  • ↳   Gentoo on Sparc
  • ↳   Gentoo on Alternative Architectures
  • ↳   Gentoo on AMD64
  • ↳   Gentoo for Mac OS X (Portage for Mac OS X)
  • Board index
  • All times are UTC
  • Delete cookies

© 2001–2026 Gentoo Foundation, Inc.

Powered by phpBB® Forum Software © phpBB Limited

Privacy Policy

 

 

magic