Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 2011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site2Site Tunnel with OpenVpn on Ubuntu

JasmineMaier

I try to set up a Site to Site tunnel between Ubuntu and UTM9.

I got quite far using (outdated) infos from https://www.foxplex.com/sites/sophos-utm-site-to-site-vpn-mit-openvpn/ and https://klenzel.de/2654 .
The tunnel is up but there's still no traffic on the tunnel possible.

The problem seems to be related to UTM pushing the route to Ubuntu.
See
Aug 23 13:58:33 jm ovpn-server[5801]: /sbin/ip addr add dev tun0 10.242.2.6/24 broadcast 10.242.2.255
Aug 23 13:58:37 jm ovpn-server[5801]: /sbin/ip route add 109.192.xxx.yyy/32 via 192.168.10.254      (109.192.xxx.yyy is external IP of UTM, 192.168.10.254 is internal IP of WiFi Router at remote /  Ubuntu location.)
Aug 23 13:58:37 jm ovpn-server[5801]: ERROR: Linux route add command failed: external program exited with error status: 2
at the end of the logs.

(Remote SSL VPN works from my laptop here at Cyprus. Don't know whether I have DSL Lite here or so....)

 

Local  LAN of UTM is 192.168.40.0, Remote LAN is 192.168.10.0

My Ubuntu / Raspi is a client at 192.168.10.0 with ip 192.168.10.28

Tunnel Config: /etc/openvpn/server.conf
client
dev tun
proto tcp-client
hand-window 30
port 443
remote someserver.dyndns.info
verify-x509-name "C=de, L=jm, O=jm, CN=someserver.dyndns.info, emailAddress=jm@somewhere.de" subject
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/client.crt
key /etc/openvpn/certs/client.key
cipher AES-256-CBC
auth SHA512
comp-lzo no
route-delay 4
verb 4
reneg-sec 0
tun-mtu 1500

 

ifconfig on ubuntu
enp0s3    Link encap:Ethernet  Hardware Adresse 08:00:27:6f:0a:75
          inet Adresse:192.168.10.28  Bcast:192.168.10.255  Maske:255.255.255.0
          inet6-Adresse: fe80::a00:27ff:fe6f:a75/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
          RX-Pakete:31909 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
          TX-Pakete:21320 Fehler:0 Verloren:0 Überläufe:0 Träger:0
          Kollisionen:0 Sendewarteschlangenlänge:1000
          RX-Bytes:5297550 (5.2 MB)  TX-Bytes:8490941 (8.4 MB)

lo        Link encap:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:65536  Metrik:1
          RX-Pakete:160 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
          TX-Pakete:160 Fehler:0 Verloren:0 Überläufe:0 Träger:0
          Kollisionen:0 Sendewarteschlangenlänge:1
          RX-Bytes:11840 (11.8 KB)  TX-Bytes:11840 (11.8 KB)

tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet Adresse:10.242.2.6  P-z-P:10.242.2.6  Maske:255.255.255.0
          UP PUNKTZUPUNKT RUNNING NOARP MULTICAST  MTU:1500  Metrik:1
          RX-Pakete:0 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
          TX-Pakete:0 Fehler:0 Verloren:0 Überläufe:0 Träger:0
          Kollisionen:0 Sendewarteschlangenlänge:100
          RX-Bytes:0 (0.0 B)  TX-Bytes:0 (0.0 B)

          UP LOOPBACK RUNNING  MTU:65536  Metrik:1
          RX-Pakete:160 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
          TX-Pakete:160 Fehler:0 Verloren:0 Überläufe:0 Träger:0
          Kollisionen:0 Sendewarteschlangenlänge:1
          RX-Bytes:11840 (11.8 KB)  TX-Bytes:11840 (11.8 KB)

ip route
default via 192.168.10.254 dev enp0s3
10.242.2.0/24 dev tun0  proto kernel  scope link  src 10.242.2.6
109.192.110.242 via 192.168.10.254 dev enp0s3
192.168.10.0/24 dev enp0s3  proto kernel  scope link  src 192.168.10.28
192.168.40.0/24 via 10.242.2.1 dev tun0

 

output of service openvpn restart
==> /var/log/syslog <==
Aug 23 13:58:27 jm ovpn-server[5738]: event_wait : Interrupted system call (code=4)
Aug 23 13:58:27 jm ovpn-server[5738]: TCP/UDP: Closing socket
Aug 23 13:58:27 jm ovpn-server[5738]: /sbin/ip route del 192.168.40.0/24
Aug 23 13:58:27 jm ovpn-server[5738]: Closing TUN/TAP interface
Aug 23 13:58:27 jm ovpn-server[5738]: /sbin/ip addr del dev tun0 10.242.2.6/24
Aug 23 13:58:27 jm systemd[1]: Stopping OpenVPN connection to server...
Aug 23 13:58:27 jm systemd[1]: Stopped OpenVPN service.
Aug 23 13:58:27 jm systemd[1]: Stopping OpenVPN service...
Aug 23 13:58:27 jm systemd[1]: Starting OpenVPN service...
Aug 23 13:58:27 jm systemd[1]: Started OpenVPN service.
Aug 23 13:58:27 jm ovpn-server[5738]: SIGTERM[hard,] received, process exiting
Aug 23 13:58:27 jm systemd[1]: Stopped OpenVPN connection to server.
Aug 23 13:58:27 jm systemd[1]: Starting OpenVPN connection to server...
Aug 23 13:58:27 jm ovpn-server[5795]: Current Parameter Settings:
Aug 23 13:58:27 jm ovpn-server[5795]:   config = '/etc/openvpn/server.conf'
Aug 23 13:58:27 jm ovpn-server[5795]:   mode = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   persist_config = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   persist_mode = 1
Aug 23 13:58:27 jm ovpn-server[5795]:   show_ciphers = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   show_digests = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   show_engines = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   genkey = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   key_pass_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   show_tls_ciphers = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]: Connection profiles [default]:
Aug 23 13:58:27 jm ovpn-server[5795]:   proto = tcp-client
Aug 23 13:58:27 jm ovpn-server[5795]:   local = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   local_port = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   remote = 'someserver.dyndns.info'
Aug 23 13:58:27 jm ovpn-server[5795]:   remote_port = 443
Aug 23 13:58:27 jm ovpn-server[5795]:   remote_float = DISABLED
Aug 23 13:58:27 jm systemd[1]: openvpn@server.service: PID file /run/openvpn/server.pid not readable (yet?) after start: No such file or directory
Aug 23 13:58:27 jm ovpn-server[5795]:   bind_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   bind_local = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   connect_retry_seconds = 5
Aug 23 13:58:27 jm ovpn-server[5795]:   connect_timeout = 10
Aug 23 13:58:27 jm ovpn-server[5795]:   connect_retry_max = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   socks_proxy_server = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   socks_proxy_port = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   socks_proxy_retry = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tun_mtu = 1500
Aug 23 13:58:27 jm ovpn-server[5795]:   tun_mtu_defined = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   link_mtu = 1500
Aug 23 13:58:27 jm ovpn-server[5795]:   link_mtu_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tun_mtu_extra = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   tun_mtu_extra_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   mtu_discover_type = -1
Aug 23 13:58:27 jm ovpn-server[5795]:   fragment = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   mssfix = 1450
Aug 23 13:58:27 jm ovpn-server[5795]:   explicit_exit_notification = 0
Aug 23 13:58:27 jm ovpn-server[5795]: Connection profiles END
Aug 23 13:58:27 jm ovpn-server[5795]:   remote_random = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ipchange = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   dev = 'tun'
Aug 23 13:58:27 jm ovpn-server[5795]:   dev_type = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   dev_node = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   lladdr = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   topology = 1
Aug 23 13:58:27 jm ovpn-server[5795]:   tun_ipv6 = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_local = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_remote_netmask = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_noexec = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_nowarn = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_ipv6_local = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_ipv6_netbits = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_ipv6_remote = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   shaper = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   mtu_test = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   mlock = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   keepalive_ping = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   keepalive_timeout = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   inactivity_timeout = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   ping_send_timeout = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   ping_rec_timeout = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   ping_rec_timeout_action = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   ping_timer_remote = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   remap_sigusr1 = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   persist_tun = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   persist_local_ip = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   persist_remote_ip = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   persist_key = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   passtos = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   resolve_retry_seconds = 1000000000
Aug 23 13:58:27 jm ovpn-server[5795]:   username = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   groupname = '[UNDEF]'
Aug 23 13:58:27 jm systemd[1]: Started OpenVPN connection to server.
Aug 23 13:58:27 jm ovpn-server[5795]:   chroot_dir = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   cd_dir = '/etc/openvpn'
Aug 23 13:58:27 jm ovpn-server[5795]:   writepid = '/run/openvpn/server.pid'
Aug 23 13:58:27 jm ovpn-server[5795]:   up_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   down_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   down_pre = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   up_restart = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   up_delay = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   daemon = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   inetd = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   log = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   suppress_timestamps = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   nice = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   verbosity = 4
Aug 23 13:58:27 jm ovpn-server[5795]:   mute = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   gremlin = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   status_file = '/run/openvpn/server.status'
Aug 23 13:58:27 jm ovpn-server[5795]:   status_file_version = 1
Aug 23 13:58:27 jm ovpn-server[5795]:   status_file_update_freq = 10
Aug 23 13:58:27 jm ovpn-server[5795]:   occ = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   rcvbuf = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   sndbuf = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   mark = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   sockflags = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   fast_io = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   lzo = 1
Aug 23 13:58:27 jm ovpn-server[5795]:   route_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   route_default_gateway = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   route_default_metric = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   route_noexec = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   route_delay = 4
Aug 23 13:58:27 jm ovpn-server[5795]:   route_delay_window = 30
Aug 23 13:58:27 jm ovpn-server[5795]:   route_delay_defined = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   route_nopull = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   route_gateway_via_dhcp = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   max_routes = 100
Aug 23 13:58:27 jm ovpn-server[5795]:   allow_pull_fqdn = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   route remote_host/255.255.255.255/net_gateway/nil
Aug 23 13:58:27 jm ovpn-server[5795]:   management_addr = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   management_port = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   management_user_pass = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   management_log_history_cache = 250
Aug 23 13:58:27 jm ovpn-server[5795]:   management_echo_buffer_size = 100
Aug 23 13:58:27 jm ovpn-server[5795]:   management_write_peer_info_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   management_client_user = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   management_client_group = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   management_flags = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   shared_secret_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   key_direction = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   ciphername_defined = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ciphername = 'AES-256-CBC'
Aug 23 13:58:27 jm ovpn-server[5795]:   authname_defined = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   authname = 'SHA512'
Aug 23 13:58:27 jm ovpn-server[5795]:   prng_hash = 'SHA1'
Aug 23 13:58:27 jm ovpn-server[5795]:   prng_nonce_secret_len = 16
Aug 23 13:58:27 jm ovpn-server[5795]:   keysize = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   engine = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   replay = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   mute_replay_warnings = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   replay_window = 64
Aug 23 13:58:27 jm ovpn-server[5795]:   replay_time = 15
Aug 23 13:58:27 jm ovpn-server[5795]:   packet_id_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   use_iv = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   test_crypto = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_server = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_client = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   key_method = 2
Aug 23 13:58:27 jm ovpn-server[5795]:   ca_file = '/etc/openvpn/certs/ca.crt'
Aug 23 13:58:27 jm ovpn-server[5795]:   ca_path = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   dh_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   cert_file = '/etc/openvpn/certs/client.crt'
Aug 23 13:58:27 jm ovpn-server[5795]:   extra_certs_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   priv_key_file = '/etc/openvpn/certs/client.key'
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs12_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   cipher_list = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_verify = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_export_cert = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   verify_x509_type = 1
Aug 23 13:58:27 jm ovpn-server[5795]:   verify_x509_name = 'C=de, L=jm, O=jm, CN=someserver.dyndns.info, emailAddress=jm@somewhere.de'
Aug 23 13:58:27 jm ovpn-server[5795]:   crl_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ns_cert_type = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   remote_cert_ku[i] = 0
Aug 23 13:58:27 jm ovpn-server[5795]: message repeated 15 times: [   remote_cert_ku[i] = 0]
Aug 23 13:58:27 jm ovpn-server[5795]:   remote_cert_eku = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ssl_flags = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_timeout = 2
Aug 23 13:58:27 jm ovpn-server[5795]:   renegotiate_bytes = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   renegotiate_packets = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   renegotiate_seconds = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   handshake_window = 30
Aug 23 13:58:27 jm ovpn-server[5795]:   transition_window = 3600
Aug 23 13:58:27 jm ovpn-server[5795]:   single_session = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   push_peer_info = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_exit = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tls_auth_file = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs11_protected_authentication = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]: message repeated 15 times: [   pkcs11_protected_authentication = DISABLED]
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs11_private_mode = 00000000
Aug 23 13:58:27 jm ovpn-server[5795]: message repeated 15 times: [   pkcs11_private_mode = 00000000]
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs11_cert_private = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]: message repeated 15 times: [   pkcs11_cert_private = DISABLED]
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs11_pin_cache_period = -1
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs11_id = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   pkcs11_id_management = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   server_network = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   server_netmask = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   server_network_ipv6 = ::
Aug 23 13:58:27 jm ovpn-server[5795]:   server_netbits_ipv6 = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   server_bridge_ip = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   server_bridge_netmask = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   server_bridge_pool_start = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   server_bridge_pool_end = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_pool_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_pool_start = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_pool_end = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_pool_netmask = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_pool_persist_filename = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_pool_persist_refresh_freq = 600
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_ipv6_pool_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_ipv6_pool_base = ::
Aug 23 13:58:27 jm ovpn-server[5795]:   ifconfig_ipv6_pool_netbits = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   n_bcast_buf = 256
Aug 23 13:58:27 jm ovpn-server[5795]:   tcp_queue_limit = 64
Aug 23 13:58:27 jm ovpn-server[5795]:   real_hash_size = 256
Aug 23 13:58:27 jm ovpn-server[5795]:   virtual_hash_size = 256
Aug 23 13:58:27 jm ovpn-server[5795]:   client_connect_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   learn_address_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   client_disconnect_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   client_config_dir = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   ccd_exclusive = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   tmp_dir = '/tmp'
Aug 23 13:58:27 jm ovpn-server[5795]:   push_ifconfig_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   push_ifconfig_local = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   push_ifconfig_remote_netmask = 0.0.0.0
Aug 23 13:58:27 jm ovpn-server[5795]:   push_ifconfig_ipv6_defined = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   push_ifconfig_ipv6_local = ::/0
Aug 23 13:58:27 jm ovpn-server[5795]:   push_ifconfig_ipv6_remote = ::
Aug 23 13:58:27 jm ovpn-server[5795]:   enable_c2c = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   duplicate_cn = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   cf_max = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   cf_per = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   max_clients = 1024
Aug 23 13:58:27 jm ovpn-server[5795]:   max_routes_per_client = 256
Aug 23 13:58:27 jm ovpn-server[5795]:   auth_user_pass_verify_script = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   auth_user_pass_verify_script_via_file = DISABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   port_share_host = '[UNDEF]'
Aug 23 13:58:27 jm ovpn-server[5795]:   port_share_port = 0
Aug 23 13:58:27 jm ovpn-server[5795]:   client = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   pull = ENABLED
Aug 23 13:58:27 jm ovpn-server[5795]:   auth_user_pass_file = '/etc/openvpn/certs/user.creds.back'
Aug 23 13:58:27 jm ovpn-server[5795]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
Aug 23 13:58:27 jm ovpn-server[5795]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Aug 23 13:58:27 jm ovpn-server[5801]: LZO compression initialized
Aug 23 13:58:27 jm ovpn-server[5801]: Control Channel MTU parms [ L:1604 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Aug 23 13:58:27 jm ovpn-server[5801]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Aug 23 13:58:27 jm ovpn-server[5801]: Data Channel MTU parms [ L:1604 D:1450 EF:104 EB:143 ET:0 EL:3 AF:3/1 ]
Aug 23 13:58:27 jm ovpn-server[5801]: Local Options String: 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Aug 23 13:58:27 jm ovpn-server[5801]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Aug 23 13:58:27 jm ovpn-server[5801]: Local Options hash (VER=V4): 'b236a734'
Aug 23 13:58:27 jm ovpn-server[5801]: Expected Remote Options hash (VER=V4): 'cada2daa'
Aug 23 13:58:27 jm ovpn-server[5801]: Attempting to establish TCP connection with [AF_INET]109.192.110.242:443 [nonblock]
Aug 23 13:58:28 jm ovpn-server[5801]: TCP connection established with [AF_INET]109.192.110.242:443
Aug 23 13:58:28 jm ovpn-server[5801]: TCPv4_CLIENT link local: [undef]
Aug 23 13:58:28 jm ovpn-server[5801]: TCPv4_CLIENT link remote: [AF_INET]109.192.110.242:443
Aug 23 13:58:29 jm ovpn-server[5801]: TLS: Initial packet from [AF_INET]109.192.110.242:443, sid=920dd8f0 9ad43edf
Aug 23 13:58:29 jm ovpn-server[5801]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 23 13:58:29 jm ovpn-server[5801]: VERIFY OK: depth=1, C=de, L=jm, O=jm, CN=jm VPN CA, emailAddress=jm@somewhere.de
Aug 23 13:58:29 jm ovpn-server[5801]: VERIFY X509NAME OK: C=de, L=jm, O=jm, CN=someserver.dyndns.info, emailAddress=jm@somewhere.de
Aug 23 13:58:29 jm ovpn-server[5801]: VERIFY OK: depth=0, C=de, L=jm, O=jm, CN=someserver.dyndns.info, emailAddress=jm@somewhere.de
Aug 23 13:58:30 jm ovpn-server[5801]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 23 13:58:30 jm ovpn-server[5801]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Aug 23 13:58:30 jm ovpn-server[5801]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 23 13:58:30 jm ovpn-server[5801]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Aug 23 13:58:30 jm ovpn-server[5801]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Aug 23 13:58:30 jm ovpn-server[5801]: [someserverstr34.dyndns.info] Peer Connection Initiated with [AF_INET]109.192.110.242:443
Aug 23 13:58:32 jm ovpn-server[5801]: SENT CONTROL [someserverstr34.dyndns.info]: 'PUSH_REQUEST' (status=1)
Aug 23 13:58:33 jm ovpn-server[5801]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.242.2.1,route 192.168.40.0 255.255.255.0,setenv-safe remote_network_1 192.168.40.0/24,setenv-safe local_network_1 192.168.10.0/24,ifconfig 10.242.2.6 255.255.255.0'
Aug 23 13:58:33 jm ovpn-server[5801]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 23 13:58:33 jm ovpn-server[5801]: OPTIONS IMPORT: route options modified
Aug 23 13:58:33 jm ovpn-server[5801]: OPTIONS IMPORT: route-related options modified
Aug 23 13:58:33 jm ovpn-server[5801]: OPTIONS IMPORT: environment modified
Aug 23 13:58:33 jm ovpn-server[5801]: ROUTE_GATEWAY 192.168.10.254/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:6f:0a:75
Aug 23 13:58:33 jm ovpn-server[5801]: TUN/TAP device tun0 opened
Aug 23 13:58:33 jm ovpn-server[5801]: TUN/TAP TX queue length set to 100
Aug 23 13:58:33 jm ovpn-server[5801]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 23 13:58:33 jm ovpn-server[5801]: /sbin/ip link set dev tun0 up mtu 1500
Aug 23 13:58:33 jm ovpn-server[5801]: /sbin/ip addr add dev tun0 10.242.2.6/24 broadcast 10.242.2.255
Aug 23 13:58:37 jm ovpn-server[5801]: /sbin/ip route add 109.192.xxx.yyy/32 via 192.168.10.254      (109.192.xxx.yyy is external IP of UTM, 192.168.10.254 is internal IP of WiFi Router at remote /  Ubuntu location.)
Aug 23 13:58:37 jm ovpn-server[5801]: ERROR: Linux route add command failed: external program exited with error status: 2
Aug 23 13:58:37 jm ovpn-server[5801]: /sbin/ip route add 192.168.40.0/24 via 10.242.2.1
Aug 23 13:58:37 jm ovpn-server[5801]: Initialization Sequence Completed



This thread was automatically locked due to age.
Parents
  • 0

    I don't recall anyone posting here about a successful site-to-site connection between the UTM's SSL VPN capability and an OpenVPN server.  I think you'll have more luck with IPsec.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Well.... Smile

    If even you don't know....

    The two guys at https://www.foxplex.com/sites/sophos-utm-site-to-site-vpn-mit-openvpn/ and https://klenzel.de/2654 seem to have done it, but no me....
    (Might be, because I might only have DSL Lite here at Cyprus holidays.... Not shure, can't test here.)

    The reason for trying Site2Site was, that I activated OTP for normal VPN users and i want to start the connection automatically when booting my Raspberry.
    OK I figured out how to define "special users" who do not need OTP's but that's not nice.

     

    Anyway:

    @Sophos seems to get very reluctant on UTM, only pushing GX for whatever reason.
    Dumping a super product for a really bad one, wasting money and programmer's and client's time......
    (I've been testing GX at home and watched progress for the last two years. Still far away from what I expect at home or at the companies i work with.)

    They don't even care for Linux users for the last years by providing config downloads that work with up to date linux machines.....
    Not to mention some other stuff that's only available at GX.

     

    RIP my beloved UTM

Reply
  • 0 in reply to BAlfson

    Well.... Smile

    If even you don't know....

    The two guys at https://www.foxplex.com/sites/sophos-utm-site-to-site-vpn-mit-openvpn/ and https://klenzel.de/2654 seem to have done it, but no me....
    (Might be, because I might only have DSL Lite here at Cyprus holidays.... Not shure, can't test here.)

    The reason for trying Site2Site was, that I activated OTP for normal VPN users and i want to start the connection automatically when booting my Raspberry.
    OK I figured out how to define "special users" who do not need OTP's but that's not nice.

     

    Anyway:

    @Sophos seems to get very reluctant on UTM, only pushing GX for whatever reason.
    Dumping a super product for a really bad one, wasting money and programmer's and client's time......
    (I've been testing GX at home and watched progress for the last two years. Still far away from what I expect at home or at the companies i work with.)

    They don't even care for Linux users for the last years by providing config downloads that work with up to date linux machines.....
    Not to mention some other stuff that's only available at GX.

     

    RIP my beloved UTM

Children
Unfiltered HTML