Discuss August 2006

discuss@lists.centos.org

269 participants
332 discussions

RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>pctech(a)mybellybutton.com wrote: >> THAT is why I posted to the list. Because I *THOUGHT* that it was >> usually helpful and good mannered. Apparently there's some secret >> handshake involved in getting a HELPFUL and GOOD MANNERED response >> that I am unaware of. Because I got neither until after I'd been >> flamed. > >Stop telling lies. The *second* answer to your mail was an offer to host >it on wiki.centos.org. The *first* answer to your mail wasn't a flame. > Believe as you will. The FIRST reply to my first e-mail to the list was NOT a location to post my document. >You might like to prove otherwise. > >Ralph >-- >Ralph Angenendt......ra(a)br-online.de | .."Text processing has made it >possible >Bayerischer Rundfunk...80300 München | ....to right-justify any idea, even >one >Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any >other >Multimedia.........Tl:089.5900.16023 | ..........grounds." -- J. Finnegan, >USC > >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

2 1

RE: RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>On Fri, 4 Aug 2006, pctech(a)mybellybutton.com wrote: > >> >On Fri, 4 Aug 2006, Frank Tanner III wrote: >> > >> >> On Fri, 2006-08-04 at 13:15 +0200, Dag Wieers wrote: >> >> > On Thu, 3 Aug 2006, Frank Tanner III wrote: >> >> > >> >> > > It's no wonder that computer novices want nothing to do with Linux. >> >> > >> >> > Maybe Linux wants nothing to do with obnoxious people ? >> >> > >> >> > PS How you communicate influences how you are being perceived, and how >you >> > >> >> > are being perceived incluences how people respond. But if you want to >> >> > believe everybody who uses CentOS dislikes you, go ahead, nobody is >> >> > stopping you. >> >> > >> >> > Unless you want to believe they are. That's fine too. :) >> >> >> >> It's a well known "fact" amongst the general public that the Linux >> >> "evangelists" are a rude flaming bunch. There are hundreds of news >> >> articles stating such. An THIS is what the public in general bases >> >> their attitudes with regards to the community as a whole on. >> >> >> >> I communicated clearly and concisely. I didn't say ONE negative thing >> >> until I got jumped on; or didn't you actually read the thread. >> > >> >I agree your initial mail did not say ONE negative thing. But it was not >> >exactly clear and concise. It failed to reveal any information except >> >that you wrote a firewall document. >> >> Incorrect. It said, "For those of you that have my firewall document." >> So its target audience was very clear and concice. In fact, that was >> the first statement. > >Ok. So because of that line nobody else could ask a question ? Or get >flamed by _you_ otherwise. Why are you being so tense ? Your reaction >caused this whole thread. (Not the initial mail, not Karanbir's answer) > It has nothing to do with nobody else asking a question. It has to do with the WAY it was asked and WHAT was asked. His question came across like, "You and your document don't f*cking matter because we have no idea who you are. You're not welcome here." Right or wrong, that's the way he came across. In fact, more than one person came across that way. > >> >What's more you send it to a list where the majority did not know you, nor > >> >your document. That's ok though, nobody is blaming you for that either. IF > >> >you think that was a worthwhile thing to do, that's your choice. >> > >> >But as soon as people ask you what the document is abouwhich is the >> >logical next step if you send a mail to a list that is uninformed), or >> >a location where you could put it, you started flaming people as if they >> >wanted to correct you. As if you had to defend yourself. >> >> No. They DIDN'T ask me what my document was about. That asked me who >> I was and why they should care. There is a HUGE difference. They >> treated me like I didn't have the RIGHT to speak on the list. > >That was one person, apparently you have succeeded to annoy many more >people (including me). I was not involved in that. > >What's more, you seem to blame the whole community for what this one >person has done to you ! How awfull ! I guess they should make it up to >you now, right ? > No. I blame the people specifically. And since the vast majority of the people that have responded, both here and in the threads, respinded with overt hostitility, it sets the tone for the way the community appears. Right or wrong. That's what it does. If you walked into a crowd of strangers and several of them reacted to you with overt hostility, you'd think, "Jeeze. What a bunch of d*cks." > >> I know you by reputation. You are a fantastic package maintainer. How >> would YOU ahve felt when you first started maintaining packages for the >> various Linux flavors if every time you tried to introduce what you'd >> been doing you got flamed down? Because that's EXACTLY what has >> happened to me. You'd have said, "Piss on it. These guys are nothing >> but jerks that don't seem to be interested in what I say or what I have >> to offer. They just want the opportunity to insult people who invade >> their little 'clique'." > >Karanbir is respected for his work in the CentOS community even more than >I am. He's part of the CentOS team and similar to me, he has a huge >repository of add-on packages. > >Nobody is a jerk. Nobody has flamed you. Nobody insulted you. And even if >they did, there's no reason to insult back or cry fault or exagerate about >things. > I haven't exaggerated about a thing. I stated the way the community made me feel when I offered something up. Nothing more, nothing less. I was left with the perception that everyone was a bunch of rude jerks. Right or wrong, that's the perception that came across. > >> Granted, I haven't been using Linux since before kernel 1.0, like, >> apparently, everyone else on the list has, but that doesn't mean that I >> don't have any useful input. > >You're making things up. Nobody is proclaiming that let alone that >_everyone_ is proclaiming it. Remember that the people that answered your >mail are just a tiny fraction of the complete mailinglist users. Even if >one is flaming you, why should you care ? Give an intelligent answer back, >or spare your breath. > >Afaics you have been the aggressor and you've been insulting since (ven >in the replies to me). There's no point in insulting people unless you >want to be flamed in return. > >But as I said before, you do not have to believe me. You don't have to be >subscribed. The moment you stop answering people in this thread, people >will leave this thread as well. > >Now, let's try to respond to people in this thread without insulting >anyone or bringing this issue up again. Maybe post an index of the topics >from your document. Or convert it to HTML so people can offer feedback or >criticism. Try to divert the subject to something useful. > > >Kind regards, >-- dag wieers, dag(a)wieers.com, http://dag.wieers.com/ -- >[all I want is a warm bed and a kind word and unlimited power] >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

3 2

RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>On Fri, 2006-08-04 at 06:09 -0700, Frank Tanner III wrote: >> There goes YOUR attitude again. I *SPECIFICALLY* stated in my initial >> e-mail "or those of you that either have an older revision of my >> firewall document, or are otherwise keeping track of it, there is a new >> version available.". > >That doesn't work in open communities. If you don't provide a link to >the document, such message is useless for the hundreds of active and >passive subscribers to this list. It is important to keep to keep that >in mind when sending a message to such a large list. > >Besides that it often seems better to me to kindly accept critique, than >to attack others (who have contributed an immense amount of work for the >community) on their attitudes. It only creates anger. > >-- Daniel > He didn't ask for a link. He asked who I was and why should he care. >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

4 3

RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>pctech(a)mybellybutton.com wrote: >> >> Etiquette? What etiquette? The FIRST comment out of anyone's "mouth" >> was "piss off". Where's the etequitte in that? > >That's really astonishing. I must have missed that mail, though I don't >really filter mails. Who said that and where? > Piss off was in quotes because it was a paraphrase of the way the first response anyone made from the list came across. >> Well then prove me wrong? Because that's all I've gotten at every >> turn was nothing but flames. I tried to be helpful and offer >> something to the community that I, obviously mistakenly, though muight >> be useful and got a hearty "f*ck you" for my efforts. Where's the >> "community spirit" in that? > >Oh right. Nobody offered you to host that document on wiki.centos.org. I >must have dreamt that then. That e-mail came FAR after people had already started flaming me. > >The first offensive mail came from you: > >| On Thu, 2006-08-03 at 15:18 -0600, Stephen John Smoogen wrote: >| > On 8/3/06, pctech at mybellybutton.com <pctech at mybellybutton.com> >| > wrote: >| >> For those of you that either have an older revision of my firewall >| >> document, or are otherwise keeping track of it, there is a new >| >> version available. The current version of the document is version >| >> 3.1. It's changed rather significantly in some areas. >| > >| > For those of us who have neither? >| >| Then there's no reason for you to fricken reply, is there? > >The second mail was an offer to you to host the document on >wiki.centos.org by Jim Perrin. Which you responded to somewhat >strangely. > >The third Mail was Karanbir Singh asking you: > >| and who are you ? >| and what / where is your firewall doc ? > >Which is *short* and maybe misunderstandable, but not offensive at all. >It was a question towards you because that was your first mail on the >list (AFAICS) and noone on this list knew this document. > >Your answer to that was: > >| So far, two of the three replies, yours being one of them, have left me >| with the impression that everyone in the CentOS community is the same as >| the jerks in the forum were. > >So: Second offensive mail also came from you. > >You really *do* seem to have a perception problem. > >Ralph >-- >Ralph Angenendt......ra(a)br-online.de | .."Text processing has made it >possible >Bayerischer Rundfunk...80300 München | ....to right-justify any idea, even >one >Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any >other >Multimedia.........Tl:089.5900.16023 | ..........grounds." -- J. Finnegan, >USC > >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

4 3

RE: Re: Re: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>On 8/4/06, pctech(a)mybellybutton.com <pctech(a)mybellybutton.com> wrote: >> >On 8/4/06, pctech(a)mybellybutton.com <pctech(a)mybellybutton.com> wrote: >> >> He didn't ask for a link. He asked who I was and why should he care. >> > >> >No he didn't, he said: >> > >> >"and who are you ? >> >and what / where is your firewall doc ?" >> > >> >and this was after you said: >> > >> >"Then there's no reason for you to fricken reply, is there?" >> > >> >First angry words were yours. Please development some people skills, >> >or at least reflect before posting. Actually don't bother, this is >> >really entertaining and has made my Friday. >> > >> >> Wrong...His FIRST e-mail said, "Who are you and why should we care?" and >THAT is when I responded the way I did. >> > >Really, could you show where this was? Because looking at the archives >(http://lists.centos.org/pipermail/centos/2006-August/067802.html) and >through my mail >what I see is: > >1. your original post >2. request for more information This is EXACTLY where he says, "Who are you and why should we care. Those were his exact words." What he SHOULD have said was, "Who are you and what document." *IF* he felt the need to reply at all. >3. your response of "Then there's no reason for you to fricken reply, is >there?" >4. request for you to post your doc to the wiki >5. you say you had it on forums but stopped monitoring because >(shock!) people upset you. >6. a further request to put it on the wiki >7. Karnabir saying: > and who are you ? > and what / where is your firewall doc ? >8. you start whining > >Cian >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

3 2

RE: RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

> > >uklinux.net - >The ISP of choice for the discerning Linux user. > >On Fri, 4 Aug 2006, pctech(a)mybellybutton.com wrote: > >>> Frank Tanner III wrote: >>> >>>> There goes YOUR attitude again. I *SPECIFICALLY* stated in my initial >>>> e-mail "or those of you that either have an older revision of my >>>> firewall document, or are otherwise keeping track of it, there is a new >>>> version available.". >>> >>> if you want your own private mailing list, go start one. bye bye! If you >>> are going to post something here, making it meaningful to people who >>> read the list - is a good thing, and expected from all posters. >>> >> >> It *WAS* meaningful. For the people that it was applicable to. Then >> people decided that because it wasn't applicable to them that they >> should flame me. > >It was not relevant to the majority of the people on this list. I read it >and thought 'huh - weird , has it been misposted ??, have I missed part >of it ??, is it a strange new kind of spam ??, but I didnt find it >important enough to comment. > >It certainly wasnt applicable to me , but more to the point I didnt know >why it had been posted to this list and to what it referred. > >Were the people who it was relevant to then meant to ask you for a fresh >copy to be sent to them ??? > >This really is not the way that opensource documents are usually distributed - So, seeing as how I am not some rich corporation that can afford stupid amounts of bandwidth exactly HOW am I supposed to distribute it any other way? Nobody gave ANY information in this regard until I had been properly flamed first. This is not the first document that I have distributed in this manner. I've distributed a couple on the DNS and BIND list in this manner. I have distributed a couple on the old Red Hat lists in this manner. This is the FIRST time anyone has taken offense at my manner of transport for my document. > >opensource works by peole being able to take what they need, not request a >copy ... > >Or if there was some hidden place that the knowing could download it from >- again - neither the spirit nor method of open source. > >> It's attitudes such as this as to why people say, "You can never get good >support with Open Source software." > >They are more likely to say that if they cant get hold of it in the first >place ... > >> I came onto the list trying to be HJELPFUL, and got burnt to the ground >instead. JUST like in the forums. I guess they'er right. No good deed goes >unpunished. >> >> Now I understand why nobody has offered a document like this to the >> community before. It certainly makes me want to keep all of my future >> documents to myself. They're OBVIOUSLY only a bother to everyone and >> nobody wants them. >> > >You really do seem to have an atiitude problem, and have already taken up >far too much of the bandwidth on this - usually helpful and good mannered >- list. THAT is why I posted to the list. Because I *THOUGHT* that it was usually helpful and good mannered. Apparently there's some secret handshake involved in getting a HELPFUL and GOOD MANNERED response that I am unaware of. Because I got neither until after I'd been flamed. > >You are likely to put peoples backs up by such comments - people dnt know >how great your work is unless they can access it .... > >Why dont you start again - I suggest with something like :- > >' >For those that know about it, I have released a new version of my firewall >document - for those that dont - I have written a document which I would like >to commend to the >open source community as I feel that it is well writen and informative. > >I would like somewhere to host it if anyone has any suggestions, as I cant >provide unlimited bandwidth. > >If anyone would like a copy to check out then please mail me offlist' > >Or some such ... > >There are numerous places where such a document could be hosted with >provided bandwidth , sourceforge and google being two of them , CentOS >also being a possiblity ... > >But having not seen it we dont know if it is relevant or useful .... > >If you wish us to take a look at it then please either email a copy to me >or place it somwehere that it can be accessed. > >Regards > > >Lance Davis >CentOS Project Leader > > > > > > > >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

3 2

RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>On Fri, 4 Aug 2006, Frank Tanner III wrote: > >> On Fri, 2006-08-04 at 13:15 +0200, Dag Wieers wrote: >> > On Thu, 3 Aug 2006, Frank Tanner III wrote: >> > >> > > It's no wonder that computer novices want nothing to do with Linux. >> > >> > Maybe Linux wants nothing to do with obnoxious people ? >> > >> > PS How you communicate influences how you are being perceived, and how you > >> > are being perceived incluences how people respond. But if you want to >> > believe everybody who uses CentOS dislikes you, go ahead, nobody is >> > stopping you. >> > >> > Unless you want to believe they are. That's fine too. :) >> >> It's a well known "fact" amongst the general public that the Linux >> "evangelists" are a rude flaming bunch. There are hundreds of news >> articles stating such. An THIS is what the public in general bases >> their attitudes with regards to the community as a whole on. >> >> I communicated clearly and concisely. I didn't say ONE negative thing >> until I got jumped on; or didn't you actually read the thread. > >I agree your initial mail did not say ONE negative thing. But it was not >exactly clear and concise. It failed to reveal any information except >that you wrote a firewall document. > Incorrect. It said, "For those of you that have my firewall document." So its target audience was very clear and concice. In fact, that was the first statement. >What's more you send it to a list where the majority did not know you, nor >your document. That's ok though, nobody is blaming you for that either. IF >you think that was a worthwhile thing to do, that's your choice. > >But as soon as people ask you what the document is abouwhich is the >logical next step if you send a mail to a list that is uninformed), or >a location where you could put it, you started flaming people as if they >wanted to correct you. As if you had to defend yourself. > No. They DIDN'T ask me what my document was about. That asked me who I was and why they should care. There is a HUGE difference. They treated me like I didn't have the RIGHT to speak on the list. I know you by reputation. You are a fantastic package maintainer. How would YOU ahve felt when you first started maintaining packages for the various Linux flavors if every time you tried to introduce what you'd been doing you got flamed down? Because that's EXACTLY what has happened to me. You'd have said, "Piss on it. These guys are nothing but jerks that don't seem to be interested in what I say or what I have to offer. They just want the opportunity to insult people who invade their little 'clique'." Granted, I haven't been using Linux since before kernel 1.0, like, apparently, everyone else on the list has, but that doesn't mean that I don't have any useful input. >And I think that is exactly what enflamed the whole situation. > >Now that is of course my description of what happened, but I guess I'm not >objective as I have been jumping on you as all these other "evangelists" >on this list. In fact, I really think they are out to get you. Run, >Forest, Run ! > >Kind regards, >-- dag wieers, dag(a)wieers.com, http://dag.wieers.com/ -- >[all I want is a warm bed and a kind word and unlimited power] >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

3 2

RE: Re: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>On 8/4/06, pctech(a)mybellybutton.com <pctech(a)mybellybutton.com> wrote: >> He didn't ask for a link. He asked who I was and why should he care. > >No he didn't, he said: > >"and who are you ? >and what / where is your firewall doc ?" > >and this was after you said: > >"Then there's no reason for you to fricken reply, is there?" > >First angry words were yours. Please development some people skills, >or at least reflect before posting. Actually don't bother, this is >really entertaining and has made my Friday. > Wrong...His FIRST e-mail said, "Who are you and why should we care?" and THAT is when I responded the way I did. >Cian > > >> >_______________________________________________ >> >CentOS mailing list >> >CentOS(a)centos.org >> >http://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS(a)centos.org >> http://lists.centos.org/mailman/listinfo/centos >> >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

3 2

RE: Re: [CentOS] CentOS Based Fierwall Document
by pctech＠mybellybutton.com 04 Aug '06

04 Aug '06

>On Fri, 2006-08-04 at 06:12 -0700, Frank Tanner III wrote: >> It's a well known "fact" amongst the general public that the Linux >> "evangelists" are a rude flaming bunch. There are hundreds of news >> articles stating such. An THIS is what the public in general bases >> their attitudes with regards to the community as a whole on. > >You have to keep in mind that support from lists like this one are >voluntary in nature. So, it only seems decent to try to get the >etiquette of the list, and (although it does not apply here) research a >problem before posting questions to the list. > Etiquette? What etiquette? The FIRST comment out of anyone's "mouth" was "piss off". Where's the etequitte in that? >IMHO calling Linux community members a "rude flaming bunch" is highly >inappropriate. The community built a free operating system, and provides >free support. If people need hand holding or extensive support they can >get a support contract from a prominent North-American Linux vendor, or >one of the other venues that provides Linux support. > Well then prove me wrong? Because that's all I've gotten at every turn was nothing but flames. I tried to be helpful and offer something to the community that I, obviously mistakenly, though muight be useful and got a hearty "f*ck you" for my efforts. Where's the "community spirit" in that? >-- Daniel > >_______________________________________________ >CentOS mailing list >CentOS(a)centos.org >http://lists.centos.org/mailman/listinfo/centos

2 1

Openvpn problem not able to access the other machines on remote subnet
by ankush grover 04 Aug '06

04 Aug '06

hey friends, I have installed OpenVPN 2.0.7 (i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006) on Centos4.0 through rpm (diag repository). The network scenario of my office is below Remote Client ----> Internet <-------> Cisco Pix Firewall (Gateway) <----> VPN Server & LAN Clients (192.168.5.0/24) Cisco Pix Firewall: Having a static public ip address and a LAN Address of 192.168.5.5 and it is also acting as gateway for the LAN VPN Server: 192.168.5.20 and this is also a server on LAN running few more services for the clients in LAN. LAN Clients: 192.168.5.0/24 VPN Server port that is 1194 is open on Firewall. This is a test scenario and I was able to connect to the VPN Server from my home machine but I was not able to browse the clients or servers in the network range of 192.168.5.0/24. Routing table on the client machine. The client machine is having static ipaddress of 172.19.112.154( dsl connection) 10.1.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.5.0 10.1.1.5 255.255.255.0 UG 0 0 0 tun0 10.1.1.0 10.1.1.5 255.255.255.0 UG 0 0 0 tun0 172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 172.19.0.1 0.0.0.0 UG 0 0 0 eth0 Tue Aug 1 23:10:55 2006 SIGUSR1[soft,tls-error] received, process restarting Tue Aug 1 23:10:55 2006 Restart pause, 2 second(s) Tue Aug 1 23:10:57 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Aug 1 23:10:57 2006 Re-using SSL/TLS context Tue Aug 1 23:10:57 2006 LZO compression initialized Tue Aug 1 23:10:57 2006 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Tue Aug 1 23:10:57 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 1 23:10:57 2006 Local Options hash (VER=V4): '504e774e' Tue Aug 1 23:10:57 2006 Expected Remote Options hash (VER=V4): '14168603' Tue Aug 1 23:10:57 2006 UDPv4 link local: [undef] Tue Aug 1 23:10:57 2006 UDPv4 link remote: xx.xx.xx.xx:1194 --->> public ip address on pix firewall Tue Aug 1 23:11:21 2006 TLS: Initial packet from xx.xx.xx.xx:1194, ---->> public ip address on pix firewall sid=7c6f6585 62ec6b5f Tue Aug 1 23:11:21 2006 VERIFY OK: depth=1, /C=IN/ST=DE/L=ND/O=OpenVPN-TEST/OU=VPN_Server/CN= server1.test.net/emailAddress=postmater@localhost.localdomain Tue Aug 1 23:11:21 2006 VERIFY OK: nsCertType=SERVER Tue Aug 1 23:11:21 2006 VERIFY OK: depth=0, /C=IN/ST=DE/O=OpenVPN-TEST/OU=VPN_Server/CN=server1.test.net/emailAddress=postmater(a)localhost.localdomain Tue Aug 1 23:11:23 2006 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 1 23:11:23 2006 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 1 23:11:23 2006 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 1 23:11:23 2006 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 1 23:11:23 2006 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Aug 1 23:11:23 2006 [server1.test.net] Peer Connection Initiated with xx.xx.xx.xx:1194 Tue Aug 1 23:11:25 2006 SENT CONTROL [server1.test.net ]: 'PUSH_REQUEST' (status=1) Tue Aug 1 23:11:25 2006 PUSH: Received control message: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,dhcp-option DNS 192.168.5.10,route 10.1.1.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.1.1.6 10.1.1.5' Tue Aug 1 23:11:25 2006 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 1 23:11:25 2006 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 1 23:11:25 2006 OPTIONS IMPORT: route options modified Tue Aug 1 23:11:25 2006 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Aug 1 23:11:25 2006 TUN/TAP device tun0 opened Tue Aug 1 23:11:25 2006 /sbin/ip link set dev tun0 up mtu 1500 Tue Aug 1 23:11:25 2006 /sbin/ip addr add dev tun0 local 10.1.1.6 peer 10.1.1.5 Tue Aug 1 23:11:25 2006 /sbin/ip route add 192.168.5.0/24 via 10.1.1.5 Tue Aug 1 23:11:25 2006 /sbin/ip route add 10.1.1.0/24 via 10.1.1.5 Tue Aug 1 23:11:25 2006 Initialization Sequence Completed ifconfig on server tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.1.1.1 P-t-P:10.1.1.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:173 errors:0 dropped:0 overruns:0 frame:0 TX packets:145 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:14052 (13.7 KiB) TX bytes:12192 ( 11.9 KiB) ifconfig on client tun0 Link encap:Point-to-Point Protocol inet addr:10.1.1.6 P-t-P:10.1.1.5 Mask: 255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:143 errors:0 dropped:0 overruns:0 frame:0 TX packets:174 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:12024 (11.7 Kb) TX bytes:14112 (13.7 Kb) Tue Aug 1 23:01:10 2006 202.149.50.30:1030 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 1 23:01:10 2006 202.149.50.30:1030 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 1 23:01:10 2006 202.149.50.30:1030 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Aug 1 23:01:10 2006 202.149.50.30:1030 [clien1.test.net ] Peer Connection Initiated with 202.149.50.30:1030 Tue Aug 1 23:01:10 2006 clien1.test.net/202.149.50.30:1030 MULTI: Learn: 10.1.1.6 -> clien1.test.net/202.149.50.30:1030 Tue Aug 1 23:01:10 2006 clien1.test.net/202.149.50.30:1030 MULTI: primary virtual IP for clien1.test.net/202.149.50.30:1030: 10.1.1.6 Tue Aug 1 23:01:11 2006 clien1.test.net/202.149.50.30:1030 PUSH: Received control message: 'PUSH_REQUEST' Tue Aug 1 23:01:11 2006 clien1.test.net/202.149.50.30:1030 SENT CONTROL [ clien1.test.net]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,dhcp-option DNS 192.168.5.10,route 10.1.1.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.1.1.6 10.1.1.5' (status=1) Tue Aug 1 23:34:41 2006 clien1.test.net/202.149.50.30:1030 [clien1.test.net] Inactivity timeout (--ping-restart), restarting Tue Aug 1 23:34:41 2006 clien1.test.net/202.149.50.30:1030 SIGUSR1[soft,ping-restart] received, client-instance restarting iptables -L on VPN Server Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.1.1.0/24 192.168.5.0/24 One setting is missing in client.conf that is "route 192.168.5.0 255.255.255.0" These entries are also added to iptables on VPN Server # Allow TUN interface connections to OpenVPN server iptables -A INPUT -i tun+ -j ACCEPT # Allow TUN interface connections to be forwarded through other interfaces iptables -A FORWARD -i tun+ -j ACCEPT # Allow TAP interface connections to OpenVPN server iptables -A INPUT -i tap+ -j ACCEPT # Allow TAP interface connections to be forwarded through other interfaces iptables -A FORWARD -i tap+ -j ACCEPT IP Forwarding is enable on the VPN Server. But still I am not able to access the machines/clients in subnet 192.168.5.0/24. I am attaching the server.conf(openvpnserver.conf) file with this emai. What more iptables entries needs to be added ? Please let me know if you need any further inputs. Thanks & Regards Ankush Grover

2 4

← Newer
1
...
27
28
29
30
31
32
33
34
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss August 2006