First of all I'm a newbie to servers but not to stuff like programming so not totally alien to command lines etc.
Second, I want to run openvpn on my remote server and connect from my ubuntu desktop to bypass geographic restrictions on things like radio and tv.
So far I've managed to do some simple tutorial setups where I can ping my remote server but now I'm having problems using the vpn for all internet activity and to NOT forward my ip on. With my current setup I can successfully ping the server but when I try to use firefox it repeatedly tries to fetch a page without moving anywhere.
One thing I think it could be is this error in my client log
Sat Sep 19 15:45:17 2009 us=102181 WARNING: potential route subnet conflict between local LAN [10.1.1.0/255.255.255.0] and remote VPN [10.1.1.1/255.255.255.25$
I did ifconfig for the client but couldn't see 10.1.1.x anywhere so don't know why it's complaining. (excuse the japanese)
Client ifconig
eth0 Link encap:イーサネット ハードウェアアドレス 00:23:54:0d:37:61
inetアドレス:192.168.11.2 ブロードキャスト:192.168.11.255 マスク:255.255.255.0
inet6アドレス: fe80::223:54ff:fe0d:3761/64 範囲:リンク
UP BROADCAST RUNNING MULTICAST MTU:1500 メトリック:1
RXパケット:149701 エラー:0 損失:0 オーバラン:0 フレーム:0
TXパケット:132252 エラー:0 損失:0 オーバラン:0 キャリア:11
衝突(Collisions):0 TXキュー長:1000
RXバイト:168148922 (168.1 MB) TXバイト:18294134 (18.2 MB)
割り込み:251
lo Link encap:ローカルループバック
inetアドレス:127.0.0.1 マスク:255.0.0.0
inet6アドレス: ::1/128 範囲:ホスト
UP LOOPBACK RUNNING MTU:16436 メトリック:1
RXパケット:68 エラー:0 損失:0 オーバラン:0 フレーム:0
TXパケット:68 エラー:0 損失:0 オーバラン:0 キャリア:0
衝突(Collisions):0 TXキュー長:0
RXバイト:7608 (7.6 KB) TXバイト:7608 (7.6 KB)
tun0 Link encap:不明なネット ハードウェアアドレス 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inetアドレス:10.1.1.6 P-t-P:10.1.1.5 マスク:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 メトリック:1
RXパケット:4 エラー:0 損失:0 オーバラン:0 フレーム:0
TXパケット:4 エラー:0 損失:0 オーバラン:0 キャリア:0
衝突(Collisions):0 TXキュー長:100
RXバイト:336 (336.0 B) TXバイト:336 (336.0 B)
Could it be that error? And if so how do I work around it. Failing that I'm not sure what it could be so here are my config files
Client config
client
dev tun
proto tcp
remote ***.***.**.*** 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
cipher BF-CBC
comp-lzo
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 5
Server conf
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.1.1.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
iftables for serverChain INPUT (policy DROP 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
199 14380 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- lo any anywhere anywhere
333 64149 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
11 924 ACCEPT all -- tun+ any anywhere anywhere
0 0 ACCEPT udp -- venet0 any anywhere anywhere udp dpt:openvpn
6 360 ACCEPT tcp -- venet0 any anywhere anywhere tcp dpt:openvpn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27 1620 ACCEPT all -- tun0 venet0 anywhere anywhere
0 0 ACCEPT all -- venet0 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 441 packets, 50749 bytes)
pkts bytes target prot opt in out source destination
11 924 ACCEPT all -- any tun+ anywhere anywhere
finally the client logs with my server ip commented out
pkts bytes taSat Sep 19 16:12:03 2009 us=410978 Current Parameter Settings:
Sat Sep 19 16:12:03 2009 us=411095 config = 'client.conf'
Sat Sep 19 16:12:03 2009 us=411117 mode = 0
Sat Sep 19 16:12:03 2009 us=411134 persist_config = DISABLED
Sat Sep 19 16:12:03 2009 us=411151 persist_mode = 1
Sat Sep 19 16:12:03 2009 us=411168 show_ciphers = DISABLED
Sat Sep 19 16:12:03 2009 us=411185 show_digests = DISABLED
Sat Sep 19 16:12:03 2009 us=411201 show_engines = DISABLED
Sat Sep 19 16:12:03 2009 us=411217 genkey = DISABLED
Sat Sep 19 16:12:03 2009 us=411233 key_pass_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411249 show_tls_ciphers = DISABLED
Sat Sep 19 16:12:03 2009 us=411268 Connection profiles [default]:
Sat Sep 19 16:12:03 2009 us=411285 proto = tcp-client
Sat Sep 19 16:12:03 2009 us=411301 local = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411317 local_port = 0
Sat Sep 19 16:12:03 2009 us=411334 remote = '***.***.**.***'
Sat Sep 19 16:12:03 2009 us=411350 remote_port = 1194
Sat Sep 19 16:12:03 2009 us=411366 remote_float = DISABLED
Sat Sep 19 16:12:03 2009 us=411382 bind_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=411398 bind_local = DISABLED
Sat Sep 19 16:12:03 2009 us=411415 connect_retry_seconds = 5
Sat Sep 19 16:12:03 2009 us=411431 connect_timeout = 10
Sat Sep 19 16:12:03 2009 us=411447 connect_retry_max = 0
Sat Sep 19 16:12:03 2009 us=411464 socks_proxy_server = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411480 socks_proxy_port = 0
Sat Sep 19 16:12:03 2009 us=411496 socks_proxy_retry = DISABLED
Sat Sep 19 16:12:03 2009 us=411515 Connection profiles END
Sat Sep 19 16:12:03 2009 us=411531 remote_random = DISABLED
Sat Sep 19 16:12:03 2009 us=411548 ipchange = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411564 dev = 'tun'
Sat Sep 19 16:12:03 2009 us=411580 dev_type = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411596 dev_node = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411612 lladdr = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411628 topology = 1
Sat Sep 19 16:12:03 2009 us=411644 tun_ipv6 = DISABLED
Sat Sep 19 16:12:03 2009 us=411661 ifconfig_local = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411677 ifconfig_remote_netmask = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411694 ifconfig_noexec = DISABLED
Sat Sep 19 16:12:03 2009 us=411710 ifconfig_nowarn = DISABLED
Sat Sep 19 16:12:03 2009 us=411726 shaper = 0
Sat Sep 19 16:12:03 2009 us=411742 tun_mtu = 1500
Sat Sep 19 16:12:03 2009 us=411758 tun_mtu_defined = ENABLED
Sat Sep 19 16:12:03 2009 us=411774 link_mtu = 1500
Sat Sep 19 16:12:03 2009 us=411790 link_mtu_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=411807 tun_mtu_extra = 0
Sat Sep 19 16:12:03 2009 us=411823 tun_mtu_extra_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=411839 fragment = 0
Sat Sep 19 16:12:03 2009 us=411855 mtu_discover_type = -1
Sat Sep 19 16:12:03 2009 us=411876 mtu_test = 0
Sat Sep 19 16:12:03 2009 us=411894 mlock = DISABLED
Sat Sep 19 16:12:03 2009 us=411910 keepalive_ping = 0
Sat Sep 19 16:12:03 2009 us=411927 keepalive_timeout = 0
Sat Sep 19 16:12:03 2009 us=411943 inactivity_timeout = 0
Sat Sep 19 16:12:03 2009 us=411959 ping_send_timeout = 0
Sat Sep 19 16:12:03 2009 us=411975 ping_rec_timeout = 0
Sat Sep 19 16:12:03 2009 us=411994 ping_rec_timeout_action = 0
Sat Sep 19 16:12:03 2009 us=412010 ping_timer_remote = DISABLED
Sat Sep 19 16:12:03 2009 us=412026 remap_sigusr1 = 0
Sat Sep 19 16:12:03 2009 us=412042 explicit_exit_notification = 0
Sat Sep 19 16:12:03 2009 us=412058 persist_tun = ENABLED
Sat Sep 19 16:12:03 2009 us=412074 persist_local_ip = DISABLED
Sat Sep 19 16:12:03 2009 us=412090 persist_remote_ip = DISABLED
Sat Sep 19 16:12:03 2009 us=412106 persist_key = ENABLED
Sat Sep 19 16:12:03 2009 us=412123 mssfix = 1450
Sat Sep 19 16:12:03 2009 us=412138 passtos = DISABLED
Sat Sep 19 16:12:03 2009 us=412155 resolve_retry_seconds = 1000000000
Sat Sep 19 16:12:03 2009 us=412171 username = 'nobody'
Sat Sep 19 16:12:03 2009 us=412187 groupname = 'nogroup'
Sat Sep 19 16:12:03 2009 us=412203 chroot_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412219 cd_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412248 writepid = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412265 up_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412282 down_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412298 down_pre = DISABLED
Sat Sep 19 16:12:03 2009 us=412314 up_restart = DISABLED
Sat Sep 19 16:12:03 2009 us=412330 up_delay = DISABLED
Sat Sep 19 16:12:03 2009 us=412346 daemon = DISABLED
Sat Sep 19 16:12:03 2009 us=412362 inetd = 0
Sat Sep 19 16:12:03 2009 us=412378 log = ENABLED
Sat Sep 19 16:12:03 2009 us=412394 suppress_timestamps = DISABLED
Sat Sep 19 16:12:03 2009 us=412411 nice = 0
Sat Sep 19 16:12:03 2009 us=412427 verbosity = 5
Sat Sep 19 16:12:03 2009 us=412443 mute = 0
Sat Sep 19 16:12:03 2009 us=412459 gremlin = 0
Sat Sep 19 16:12:03 2009 us=412475 status_file = '/etc/openvpn/openvpn-status.log'
Sat Sep 19 16:12:03 2009 us=412491 status_file_version = 1
Sat Sep 19 16:12:03 2009 us=412507 status_file_update_freq = 60
Sat Sep 19 16:12:03 2009 us=412523 occ = ENABLED
Sat Sep 19 16:12:03 2009 us=412540 rcvbuf = 65536
Sat Sep 19 16:12:03 2009 us=412556 sndbuf = 65536
Sat Sep 19 16:12:03 2009 us=412572 sockflags = 0
Sat Sep 19 16:12:03 2009 us=412588 fast_io = DISABLED
Sat Sep 19 16:12:03 2009 us=412605 lzo = 7
Sat Sep 19 16:12:03 2009 us=412621 route_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412637 route_default_gateway = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412653 route_default_metric = 0
Sat Sep 19 16:12:03 2009 us=412669 route_noexec = DISABLED
Sat Sep 19 16:12:03 2009 us=412685 route_delay = 0
Sat Sep 19 16:12:03 2009 us=412701 route_delay_window = 30
Sat Sep 19 16:12:03 2009 us=412717 route_delay_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=412733 route_nopull = DISABLED
Sat Sep 19 16:12:03 2009 us=412750 route_gateway_via_dhcp = DISABLED
Sat Sep 19 16:12:03 2009 us=412766 allow_pull_fqdn = DISABLED
Sat Sep 19 16:12:03 2009 us=412782 management_addr = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412799 management_port = 0
Sat Sep 19 16:12:03 2009 us=412815 management_user_pass = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412832 management_log_history_cache = 250
Sat Sep 19 16:12:03 2009 us=412848 management_echo_buffer_size = 100
Sat Sep 19 16:12:03 2009 us=412864 management_write_peer_info_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412881 management_flags = 0
Sat Sep 19 16:12:03 2009 us=412897 shared_secret_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412914 key_direction = 0
Sat Sep 19 16:12:03 2009 us=412931 ciphername_defined = ENABLED
Sat Sep 19 16:12:03 2009 us=412947 ciphername = 'BF-CBC'
Sat Sep 19 16:12:03 2009 us=412964 authname_defined = ENABLED
Sat Sep 19 16:12:03 2009 us=412980 authname = 'SHA1'
Sat Sep 19 16:12:03 2009 us=412996 keysize = 0
Sat Sep 19 16:12:03 2009 us=413012 engine = DISABLED
Sat Sep 19 16:12:03 2009 us=413029 replay = ENABLED
Sat Sep 19 16:12:03 2009 us=413045 mute_replay_warnings = DISABLED
Sat Sep 19 16:12:03 2009 us=413068 replay_window = 64
Sat Sep 19 16:12:03 2009 us=413085 replay_time = 15
Sat Sep 19 16:12:03 2009 us=413102 packet_id_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413118 use_iv = ENABLED
Sat Sep 19 16:12:03 2009 us=413134 test_crypto = DISABLED
Sat Sep 19 16:12:03 2009 us=413151 tls_server = DISABLED
Sat Sep 19 16:12:03 2009 us=413167 tls_client = ENABLED
Sat Sep 19 16:12:03 2009 us=413183 key_method = 2
Sat Sep 19 16:12:03 2009 us=413200 ca_file = 'ca.crt'
Sat Sep 19 16:12:03 2009 us=413216 ca_path = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413232 dh_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413248 cert_file = 'client1.crt'
Sat Sep 19 16:12:03 2009 us=413265 priv_key_file = 'client1.key'
Sat Sep 19 16:12:03 2009 us=413281 pkcs12_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413297 cipher_list = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413313 tls_verify = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413329 tls_remote = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413346 crl_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413375 ns_cert_type = 64
Sat Sep 19 16:12:03 2009 us=413392 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413409 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413425 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413441 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413457 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413473 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413489 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413504 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413520 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413536 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413552 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413568 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413584 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413599 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413615 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413631 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413647 remote_cert_eku = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413664 tls_timeout = 2
Sat Sep 19 16:12:03 2009 us=413680 renegotiate_bytes = 0
Sat Sep 19 16:12:03 2009 us=413696 renegotiate_packets = 0
Sat Sep 19 16:12:03 2009 us=413713 renegotiate_seconds = 3600
Sat Sep 19 16:12:03 2009 us=413729 handshake_window = 60
Sat Sep 19 16:12:03 2009 us=413745 transition_window = 3600
Sat Sep 19 16:12:03 2009 us=413761 single_session = DISABLED
Sat Sep 19 16:12:03 2009 us=413777 tls_exit = DISABLED
Sat Sep 19 16:12:03 2009 us=413793 tls_auth_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413810 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413826 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413843 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413859 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413875 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413891 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413907 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413923 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413939 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413955 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413971 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413987 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414002 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414018 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414034 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414051 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414067 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414084 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414100 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414116 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414132 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414149 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414165 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414181 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414197 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414213 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414229 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414245 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414261 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414277 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414294 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414309 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414325 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414341 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414369 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414386 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414402 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414418 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414434 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414450 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414466 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414482 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414498 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414514 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414530 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414546 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414563 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414578 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414595 pkcs11_pin_cache_period = -1
Sat Sep 19 16:12:03 2009 us=414611 pkcs11_id = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414627 pkcs11_id_management = DISABLED
Sat Sep 19 16:12:03 2009 us=414655 server_network = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414674 server_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414691 server_bridge_ip = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414709 server_bridge_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414726 server_bridge_pool_start = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414743 server_bridge_pool_end = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414760 ifconfig_pool_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=414777 ifconfig_pool_start = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414795 ifconfig_pool_end = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414812 ifconfig_pool_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414828 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414849 ifconfig_pool_persist_refresh_freq = 600
Sat Sep 19 16:12:03 2009 us=414867 n_bcast_buf = 256
Sat Sep 19 16:12:03 2009 us=414883 tcp_queue_limit = 64
Sat Sep 19 16:12:03 2009 us=414899 real_hash_size = 256
Sat Sep 19 16:12:03 2009 us=414915 virtual_hash_size = 256
Sat Sep 19 16:12:03 2009 us=414932 client_connect_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414948 learn_address_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414965 client_disconnect_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414981 client_config_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414997 ccd_exclusive = DISABLED
Sat Sep 19 16:12:03 2009 us=415014 tmp_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415030 push_ifconfig_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=415047 push_ifconfig_local = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=415065 push_ifconfig_remote_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=415081 enable_c2c = DISABLED
Sat Sep 19 16:12:03 2009 us=415098 duplicate_cn = DISABLED
Sat Sep 19 16:12:03 2009 us=415114 cf_max = 0
Sat Sep 19 16:12:03 2009 us=415131 cf_per = 0
Sat Sep 19 16:12:03 2009 us=415147 max_clients = 1024
Sat Sep 19 16:12:03 2009 us=415164 max_routes_per_client = 256
Sat Sep 19 16:12:03 2009 us=415180 client_cert_not_required = DISABLED
Sat Sep 19 16:12:03 2009 us=415196 username_as_common_name = DISABLED
Sat Sep 19 16:12:03 2009 us=415213 auth_user_pass_verify_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415229 auth_user_pass_verify_script_via_file = DISABLED
Sat Sep 19 16:12:03 2009 us=415245 port_share_host = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415262 port_share_port = 0
Sat Sep 19 16:12:03 2009 us=415278 client = ENABLED
Sat Sep 19 16:12:03 2009 us=415294 pull = ENABLED
Sat Sep 19 16:12:03 2009 us=415311 auth_user_pass_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415328 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Sat Sep 19 16:12:03 2009 us=416184 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sat Sep 19 16:12:03 2009 us=542574 LZO compression initialized
Sat Sep 19 16:12:03 2009 us=542740 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 19 16:12:03 2009 us=542839 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Sep 19 16:12:03 2009 us=542877 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Sep 19 16:12:03 2009 us=542895 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Sep 19 16:12:03 2009 us=542929 Local Options hash (VER=V4): '69109d17'
Sat Sep 19 16:12:03 2009 us=542954 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sat Sep 19 16:12:03 2009 us=543531 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Sep 19 16:12:03 2009 us=543582 Attempting to establish TCP connection with ***.***.**.***:1194 [nonblock]
Sat Sep 19 16:12:04 2009 us=543727 TCP connection established with ***.***.**.***:1194
Sat Sep 19 16:12:04 2009 us=543788 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sat Sep 19 16:12:04 2009 us=543812 TCPv4_CLIENT link local: [undef]
Sat Sep 19 16:12:04 2009 us=543841 TCPv4_CLIENT link remote: ***.***.**.***:1194
WRSat Sep 19 16:12:04 2009 us=544185 TLS: Initial packet from ***.***.**.***:1194, sid=b7baae8e 3f7be9ea
WRWWRRWRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRSat Sep 19 16:12:08 2009 us=724208 VERIFY OK: depth=1, /C=UK/ST=GM/L=Manchester/O=YoFelix/CN=YoFelix_CA/emailAddress=adam@ca.com
Sat Sep 19 16:12:08 2009 us=724381 VERIFY OK: nsCertType=SERVER
Sat Sep 19 16:12:08 2009 us=724404 VERIFY OK: depth=0, /C=UK/ST=GM/L=Manchester/O=YoFelix/CN=server/emailAddress=adam@ca.com
RWWRWRWRRWWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRRWWRWRRRRWWWWRRRRRRSat Sep 19 16:12:14 2009 us=580994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Sep 19 16:12:14 2009 us=581035 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 19 16:12:14 2009 us=581123 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Sep 19 16:12:14 2009 us=581143 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWSat Sep 19 16:12:14 2009 us=581210 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Sep 19 16:12:14 2009 us=581245 [server] Peer Connection Initiated with ***.***.**.***:1194
Sat Sep 19 16:12:15 2009 us=829569 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
WRRRSat Sep 19 16:12:16 2009 us=392662 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route 10.1.1.1,ping 10,ping-restart 120,ifconfig 10.1.1.6 10.1.1.5'
Sat Sep 19 16:12:16 2009 us=392720 OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 19 16:12:16 2009 us=392738 OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 19 16:12:16 2009 us=392755 OPTIONS IMPORT: route options modified
Sat Sep 19 16:12:16 2009 us=392930 ROUTE default_gateway=192.168.11.1
Sat Sep 19 16:12:16 2009 us=393740 TUN/TAP device tun0 opened
Sat Sep 19 16:12:16 2009 us=393779 TUN/TAP TX queue length set to 100
Sat Sep 19 16:12:16 2009 us=393818 /sbin/ifconfig tun0 10.1.1.6 pointopoint 10.1.1.5 mtu 1500
Sat Sep 19 16:12:16 2009 us=397075 /sbin/route add -net ***.***.**.*** netmask 255.255.255.255 gw 192.168.11.1
Sat Sep 19 16:12:16 2009 us=398944 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sat Sep 19 16:12:16 2009 us=400546 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.1.1.5
Sat Sep 19 16:12:16 2009 us=402024 WARNING: potential route subnet conflict between local LAN [10.1.1.0/255.255.255.0] and remote VPN [10.1.1.1/255.255.255.255]
Sat Sep 19 16:12:16 2009 us=402073 /sbin/route add -net 10.1.1.1 netmask 255.255.255.255 gw 10.1.1.5
Sat Sep 19 16:12:16 2009 us=403326 GID set to nogroup
Sat Sep 19 16:12:16 2009 us=403367 UID set to nobody
Sat Sep 19 16:12:16 2009 us=403388 Initialization Sequence Completed
WWrWRwrWRwrWRwrWRwWRWRrWrWrWrWrWrWRrWRWrWRrWrWrWRrWRrWRWRWrWRWRrWRWRWrWrWrWrWrWrWRrWrWRWrWRWrWRrWrWRrWRrWrWRWRrWRWRWrWRrWrWRWrWRrWRWRWrWrWRrWrWRWRrWrWRWRrWrWRWRWrWRrWrget
I added the nat rule to my iptables like pqd suggested and i could access web pages but very slow. I dont know if thats teh norm but i have a sneaky suspision this subnet conflict i mentioned above is causing some problems. I since tried changing my vpn network adddress to 10.2.2.0 to see if it would change anyting but the message is the same. What is this local network its talking about??? the one between my router and desktop pc?? if i do ifconfig on the local desktop i dont see any 10.2.2.?
Here is route -r
10.2.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.2.2.0 10.2.2.2 255.255.255.128 UG 0 0 0 tun0
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
******************** YAY!!!!!!!!! *********************
Yes I got it to work and the speed has improved.
Best Answer
do few things
1 ensure you have pkt forwarding enabled on vpn server:
it should be 1, if it's not run:
2 for a good measure add [ not really needed since you allow traffic from/to tun0.. ]
3 and finally - nat the traffic coming from vpn - that is: replace the source ip address of your connection with address of the server
i think the last point is the missing one...