VPN bridging error message

[rbmattis]

So, I had VPN functioning correctly using HDAConnect 3.2 on my windows 7 machine.
Then I followed these instructions:
http://wiki.amahi.org/index.php/VPN_Bridging
to the letter.


Thu Mar 24 10:30:52 2011 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Thu Mar 24 10:30:52 2011 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Thu Mar 24 10:30:52 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Mar 24 10:30:52 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 24 10:30:53 2011 LZO compression initialized
Thu Mar 24 10:30:53 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 24 10:30:53 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Mar 24 10:30:53 2011 Local Options hash (VER=V4): 'd79ca330'
Thu Mar 24 10:30:53 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu Mar 24 10:30:53 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Mar 24 10:30:53 2011 UDPv4 link local: [undef]
Thu Mar 24 10:30:53 2011 UDPv4 link remote: <my home ip address>:1194
Thu Mar 24 10:31:53 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 24 10:31:53 2011 TLS Error: TLS handshake failed
Thu Mar 24 10:31:53 2011 TCP/UDP: Closing socket
Thu Mar 24 10:31:53 2011 SIGUSR1[soft,tls-error] received, process restarting

I did make one change, but I tried it both ways. in my config file of HDAConnect I changed 192.168.0.1 to 192.168.1.1 (as 192.168.1 is my home network prefix)

ideas?

[rbmattis]

Wow. Something in that procedure royally messed up my HDA.

OpenVPN now breaks the internet connectivity of all the other machines on the LAN.

all websites have "DNS cannot be resolved" errors.

when I try to connect from a remote machine with HDAConnect I get the following error:

Options error: ifconfig parms '192.168.1.x' and '255.255.255.0' must be valid addresses
Use --help for more information.

Until I resolve this I've got openVPN disabled.

This is a complex bummer.

[rbmattis]

okay, so absent some way to fix the issues, is there a way to uninstall/cleanup/reinstall openvpn such that it goes back to how it was before i tried the VPN bridging nonsense?

currently I can't access my HDA outside my house, which is unfortunate.

[cpg]

Hard to tell what was done (yes, I can see the VPN bridging page ... the easy answer would be "undo what you did based in that page!").

This, *may* work, but not too many people use it these days, since the VPN has been stable, and it could cause more trouble (and it will only reset the configuration, not anything else you did):

Code: Select all

hda-install -v YOUR_INSTALL_CODE

maybe just ask some in the IRC for a sample clean vpn config and reconfigure yours (you can in for a too short a time in the IRC earlier and some of us we afk).

also, "not accessing from outside" is just nowhere near enough information to discern anything that may have been done.

[rbmattis]

So, with bigfoot65's help, I managed to undo the stuff before... now I'm able to establish an OpenVPN connection using the HDAConnect. Here is the log:

"Sat Mar 26 14:16:06 2011 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Sat Mar 26 14:16:06 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Mar 26 14:16:06 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Mar 26 14:16:06 2011 LZO compression initialized
Sat Mar 26 14:16:06 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 26 14:16:06 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Mar 26 14:16:06 2011 Local Options hash (VER=V4): '41690919'
Sat Mar 26 14:16:06 2011 Expected Remote Options hash (VER=V4): '530fdded'
Sat Mar 26 14:16:06 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Mar 26 14:16:06 2011 UDPv4 link local: [undef]
Sat Mar 26 14:16:06 2011 UDPv4 link remote: x.x.x.x:1194
Sat Mar 26 14:16:07 2011 TLS: Initial packet from x.x.x.x:1194, sid=e9aedc0a 38c2f9a0
Sat Mar 26 14:16:07 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Mar 26 14:16:07 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=yourhda.com/emailAddress=info@homehda.com
Sat Mar 26 14:16:07 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=server/emailAddress=info@homehda.com
Sat Mar 26 14:16:08 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 26 14:16:08 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 26 14:16:08 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 26 14:16:08 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 26 14:16:08 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 26 14:16:08 2011 [server] Peer Connection Initiated with 66.65.190.111:1194
Sat Mar 26 14:16:09 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Mar 26 14:16:09 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.0.2.0 255.255.255.0,dhcp-option DNS 10.0.2.56,dhcp-option DOMAIN sprawl.net,route 10.8.0.1,topology net30,ping 10,ping-restart 220,ifconfig 10.8.0.6 10.8.0.5'
Sat Mar 26 14:16:09 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sat Mar 26 14:16:09 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sat Mar 26 14:16:09 2011 OPTIONS IMPORT: route options modified
Sat Mar 26 14:16:09 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Mar 26 14:16:09 2011 ROUTE default_gateway=192.168.2.254
Sat Mar 26 14:16:09 2011 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{8FE27C6E-6D0C-46C8-B2DD-06E1062BDD70}.tap
Sat Mar 26 14:16:09 2011 TAP-Win32 Driver Version 9.4
Sat Mar 26 14:16:09 2011 TAP-Win32 MTU=1500
Sat Mar 26 14:16:09 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {8FE27C6E-6D0C-46C8-B2DD-06E1062BDD70} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sat Mar 26 14:16:09 2011 Successful ARP Flush on interface [21] {8FE27C6E-6D0C-46C8-B2DD-06E1062BDD70}
Sat Mar 26 14:16:12 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sat Mar 26 14:16:12 2011 C:\WINDOWS\system32\route.exe ADD 10.0.2.0 MASK 255.255.255.0 10.8.0.5
Sat Mar 26 14:16:12 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sat Mar 26 14:16:12 2011 Initialization Sequence Completed"

Unfortunately, when I connect, I can't access http:\\hda \\HDA or VNC into HDA:1 (all three of which worked before the bridging fiasco.)

[gabbogabbogabbo]

Hi,

i had the same issue after having switched over to bridged vpn.

possible solution: when vpn is in bridged mode eth0 gets deactivated, so any traffic via eth0 is now routed to br0 and br0 has no access to other subnets than your own. dns works, any other icmp packets dont.

i run my new amahi headless, so i had no gui and needed some time to check what was going on: in Gnome / Administration / Network Manager the whole interface gets ifdown. by re-enabling it the traffic works well again.

i found out that this only happens after restarting the openvpn service via service openvpn restart and the amahi webinterface when you use bridged vpn.

so after switching to bridged mode restart the vpn service, then disable it, restart amahi voila, it works. if you dont want to restart (which i presume..) vnc in your amahi and re-enable the interface.
somehow the nic wont be activated after manual configs.

hope it helps.

- gabbo