› Forums › Network Management › VPN › Host to Lan problem
- This topic is empty.
-
AuthorPosts
-
November 21, 2012 at 3:01 pm #43502
rpottersr
MemberGood Day!
I’m hoping to get some help on a problem of connecting to my internal network using the Host to Lan feature of ZS.
Below is my connection status:
Wed Nov 21 09:32:49 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Enter Auth Password:
Wed Nov 21 09:32:56 2012 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Nov 21 09:32:56 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Nov 21 09:32:56 2012 LZO compression initialized
Wed Nov 21 09:32:56 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Nov 21 09:32:56 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Nov 21 09:32:56 2012 Local Options hash (VER=V4): ’31fdf004′
Wed Nov 21 09:32:56 2012 Expected Remote Options hash (VER=V4): ‘3e6d1056’
Wed Nov 21 09:32:56 2012 Attempting to establish TCP connection with 74.236.71.100:1194
Wed Nov 21 09:32:56 2012 TCP connection established with 74.236.71.100:1194
Wed Nov 21 09:32:56 2012 TCPv4_CLIENT link local: [undef]
Wed Nov 21 09:32:56 2012 TCPv4_CLIENT link remote: 74.236.71.100:1194
Wed Nov 21 09:32:56 2012 TLS: Initial packet from 74.236.71.100:1194, sid=ff2e6cc4 3441183c
Wed Nov 21 09:32:57 2012 VERIFY OK: depth=1, /C=IT/O=Zeroshell.net/OU=Example/CN=Zer … oshell.net
Wed Nov 21 09:32:57 2012 VERIFY OK: depth=0, /OU=Hosts/CN=zeroshell.cpifl.com
Wed Nov 21 09:32:58 2012 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Wed Nov 21 09:32:58 2012 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Wed Nov 21 09:32:58 2012 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
Wed Nov 21 09:32:58 2012 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Wed Nov 21 09:32:58 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov 21 09:32:58 2012 [zeroshell.cpifl.com] Peer Connection Initiated with 74.236.71.100:1194
Wed Nov 21 09:32:59 2012 SENT CONTROL [zeroshell.cpifl.com]: ‘PUSH_REQUEST’ (status=1)
Wed Nov 21 09:33:00 2012 PUSH: Received control message: ‘PUSH_REPLY,route-gateway 192.168.250.254,,dhcp-option DNS 192.168.250.254,route remote_host 255.255.255.255 net_gateway 1,route 192.168.250.0 255.255.255.0,ping 5,ping-restart 60,ifconfig 192.168.250.1 255.255.255.0’
Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: –ifconfig/up options modified
Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: route options modified
Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: –ip-win32 and/or –dhcp-option options modified
Wed Nov 21 09:33:00 2012 TAP-WIN32 device [Local Area Connection 6] opened: \.Global{10F0F396-4E36-4E24-96DF-267420E00BF7}.tap
Wed Nov 21 09:33:00 2012 TAP-Win32 Driver Version 8.4
Wed Nov 21 09:33:00 2012 TAP-Win32 MTU=1500
Wed Nov 21 09:33:00 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.250.1/255.255.255.0 on interface {10F0F396-4E36-4E24-96DF-267420E00BF7} [DHCP-serv: 192.168.250.0, lease-time: 31536000]
Wed Nov 21 09:33:00 2012 NOTE: FlushIpNetTable failed on interface [19] {10F0F396-4E36-4E24-96DF-267420E00BF7} (status=5) : Access is denied.
Wed Nov 21 09:33:00 2012 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Wed Nov 21 09:33:00 2012 route ADD 74.236.71.100 MASK 255.255.255.255 192.168.2.1 METRIC 1
Wed Nov 21 09:33:00 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=11]
Wed Nov 21 09:33:00 2012 Route addition via IPAPI failed
Wed Nov 21 09:33:00 2012 route ADD 192.168.250.0 MASK 255.255.255.0 192.168.250.254
Wed Nov 21 09:33:00 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=19]
Wed Nov 21 09:33:00 2012 Route addition via IPAPI failed
Wed Nov 21 09:33:00 2012 Initialization Sequence CompletedHopefully someone can tell me what I’m doing wrong…have read everything about setting this up, but apparently being a noob to ZS is not helping.
Thanks in advance for any help on this…
November 21, 2012 at 8:20 pm #52529redfive
ParticipantAre you using win Vista/7 ? Try right click on OpenVpn gui , run as administrator.
cheersP.S.
aboutWed Nov 21 09:32:56 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
try to add this line in your client config
remote-cert-eku 'TLS Web Server Authentication'
November 22, 2012 at 12:01 pm #52530redfive
ParticipantWed Nov 21 09:32:49 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Consider also to try with a newer openvpn version , I haven’t any kind of problem with the 2.3_rc1 , on both win7x64 and xp Sp3.
cheersOctober 21, 2014 at 11:03 am #52531bakcsa
MemberHi,
I would like to migrate my openvpn server to zeroshell. I’m using zeroshell for a while, but wasn’t able to setup openvpn.
The connection establishes every time, but the trafic cannot go through the tunnel. I cannot even ping the gateway.
About the setup:
I’m using the default values, except the port, which I modified from 1194 to 1195. It’s needed, bevouse there is a virtual server entry in zeroshel for 1194 which points to my old vpn server.
Also, I have added the net in the “Client IP Address Assignment” section.
My lan’s details are:
ip:192.168.10.0
subnet:255.255.255.0
zeroshell ip: 192.168.10.1the net, which i added to the vpn is 192.168.10.0/255.255.255.0
Source NAT is checked
I didn’t modify anything on VPN99 adapter.
I have a Bridge which consist of the LAN side NIC and the wireles adapter.
Firewall: All chain default policy is ACCEPT, there is no special rule to DROP any packet.Do you have any idea, what could be behind of this? I really want to get rid of a separate vpn server since zeroshell supports vpn.
Also, could you please tell me where can I found the server configuration file for openvpn? (i mean on the zeroshell file system) If I cannot make it work through the gui, I would try by hand.
Thanks!
-
AuthorPosts
- You must be logged in to reply to this topic.