|
Hi slimspy57,
I can confirm that this problem exists.
Below, the logs in /var/log/openvpn/* :
==> /var/log/openvpn/openvpn.log <==
Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4)
Nov 18 15:58:17 efw-test04 openvpn[8725]: OpenVPN CLIENT LIST
Nov 18 15:58:17 efw-test04 openvpn[8725]: Updated,Thu Nov 18 15:58:17 2010
Nov 18 15:58:17 efw-test04 openvpn[8725]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Nov 18 15:58:17 efw-test04 openvpn[8725]: ROUTING TABLE
Nov 18 15:58:17 efw-test04 openvpn[8725]: Virtual Address,Common Name,Real Address,Last Ref
Nov 18 15:58:17 efw-test04 openvpn[8725]: GLOBAL STATS
Nov 18 15:58:17 efw-test04 openvpn[8725]: Max bcast/mcast queue length,0
Nov 18 15:58:17 efw-test04 openvpn[8725]: END
Nov 18 15:58:17 efw-test04 openvpn[8725]: event_wait : Interrupted system call (code=4)
Nov 18 15:58:17 efw-test04 openvpn[8725]: SIGTERM[hard,] received, process exiting
Nov 18 15:58:18 efw-test04 openvpn[8844]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 18 15:58:18 efw-test04 openvpn[8844]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible
Nov 18 15:58:18 efw-test04 openvpn[8844]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Nov 18 15:58:18 efw-test04 openvpn[8844]: TUN/TAP device tap0 opened
Nov 18 15:58:18 efw-test04 openvpn[8846]: GID set to openvpn
Nov 18 15:58:18 efw-test04 openvpn[8846]: UID set to openvpn
Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link local (bound): [undef]:1194
Nov 18 15:58:18 efw-test04 openvpn[8846]: UDPv4 link remote: [undef]
Nov 18 15:58:18 efw-test04 openvpn[8846]: Initialization Sequence Completed
==> /var/log/openvpn/openvpn-status.log <==
OpenVPN CLIENT LIST
Updated,Thu Nov 18 15:58:19 2010
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
Thanks for the info provided!
Lo |
|
(0005761)
|
tilman
|
2011-02-28 09:24
|
|
Release: Endian Firewall Community release 2.4.1
- Portforwarding is not an option while we're using TCP (443).
I've checked a littlebit arround and found this:
/var/efw/openvpn/settings:
..
PORT=1194
PROTOCOL=udp
/var/efw/openvpn/default/settings:
..
OPENVPN_PROTOCOL=udp
OPENVPN_PORT=1194
/home/httpd/cgi-bin/openvpn_advanced.cgi:
...
$port = $conf->{OPENVPN_PORT};
$protocol = $conf->{OPENVPN_PROTOCOL};
could it be, that there's a variable mismatch between PORT/PROTOCOL and OPENVPN_PORT/PROTOCOL ?
I have configured the variables within the files to TCP and Port 443
(/var/efw/openvpn/settings, /var/efw/openvpn/default/settings).
After this configuration the openvpn server runs well:
root@XXX:/var/efw/openvpn # netstat -a | grep *:https
tcp 0 0 *:https *:* LISTEN
OpenVPN.log:
Feb 28 09:47:13 XXX openvpn[1469]: OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 28 09:47:13 XXX openvpn[1469]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Feb 28 09:47:13 XXX openvpn[1469]: WARNING: file '/var/efw/openvpn/pkcs12.p12' is group or others accessible
Feb 28 09:47:13 XXX openvpn[1469]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Feb 28 09:47:13 XXX openvpn[1469]: TUN/TAP device tap0 opened
Feb 28 09:47:13 XXX openvpn[1471]: GID set to openvpn
Feb 28 09:47:13 XXX openvpn[1471]: UID set to openvpn
Feb 28 09:47:13 XXX openvpn[1471]: Listening for incoming TCP connection on [undef]:443
Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link local (bound): [undef]:443
Feb 28 09:47:13 XXX openvpn[1471]: TCPv4_SERVER link remote: [undef]
Feb 28 09:47:13 XXX openvpn[1471]: Initialization Sequence Completed |
|