1304553712 Q * dowdle_ Remote host closed the connection 1304555772 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1304557945 J * ViRUS_ ~mp@p54867167.dip.t-dialin.net 1304558373 Q * ViRUS Ping timeout: 480 seconds 1304558780 Q * hparker Quit: Quit 1304559289 J * ichavero_ ~ichavero@189.231.71.88 1304565749 Q * ichavero_ Quit: This computer has gone to sleep 1304567591 J * ichavero_ ~ichavero@189.231.71.88 1304567896 Q * FireEgl Read error: Connection reset by peer 1304568435 Q * ichavero_ Quit: This computer has gone to sleep 1304568739 J * FireEgl FireEgl@2001:470:e056:1:f4ec:aad8:c450:745c 1304568771 Q * sigue Ping timeout: 480 seconds 1304569137 J * sigue contempt@stole.ur.cc-number.info 1304569753 Q * sigue Ping timeout: 480 seconds 1304570474 J * sigue contempt@stole.ur.cc-number.info 1304571407 Q * FireEgl Remote host closed the connection 1304571478 Q * sigue Ping timeout: 480 seconds 1304571489 J * sigue contempt@stole.ur.cc-number.info 1304572146 M * Bertl off to bed now ... have a good one everyone! 1304572151 N * Bertl Bertl_zZ 1304572362 J * FireEgl ~FireEgl@173-16-9-3.client.mchsi.com 1304574559 J * bsingh ~balbir@122.248.163.3 1304575320 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1304576957 J * ghislain ~AQUEOS@adsl2.aqueos.com 1304577357 N * MrTV_gone MrTV 1304577376 M * MrTV morning everyone 1304577513 J * C14r ~C14r@mail.cipworx.de 1304577633 Q * C14r_ Ping timeout: 480 seconds 1304577803 Q * derjohn_foo Ping timeout: 480 seconds 1304579051 J * derjohn_foo ~aj@213.238.45.2 1304579462 J * petzsch ~markus@dslb-088-075-167-173.pools.arcor-ip.net 1304579812 J * radix_ ~radix@sslvpn.idsoftware.com 1304579888 Q * bsingh Ping timeout: 480 seconds 1304580209 Q * radix Read error: Operation timed out 1304580490 J * Piet_ ~Piet__@28IAABH3B.tor-irc.dnsbl.oftc.net 1304580602 Q * Piet_ Remote host closed the connection 1304580632 J * Piet_ ~Piet__@28IAABH3G.tor-irc.dnsbl.oftc.net 1304580859 M * hijacker morning 1304580883 Q * Piet Ping timeout: 480 seconds 1304581174 N * Piet_ Piet 1304583505 Q * petzsch Quit: Leaving. 1304584004 J * bsingh ~balbir@122.248.161.59 1304586312 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1304586629 J * DreamerC_ ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1304586735 Q * DreamerC Ping timeout: 480 seconds 1304587284 J * kir ~kir@swsoft-msk-nat.sw.ru 1304588841 Q * BenG Quit: I Leave 1304588961 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1304589882 J * bzed_ ~bzed@devel.recluse.de 1304590189 Q * bzed Ping timeout: 480 seconds 1304590192 N * bzed_ bzed 1304590912 Q * quasisane Server closed connection 1304590921 J * quasisane ~sanep@c-76-24-80-97.hsd1.nh.comcast.net 1304592227 M * MrTV if i build a vserver with debootstrap and compare the contents of the dev dir to a separate independant deboostrap, i can see much more device nodes then in the vservers dev dir. 1304592249 M * MrTV is there a cleanup script somewhere in vserver build ... ? 1304592319 M * MrTV i've rgrepped through /usr/lib/util-vserver for "device " but that doesn't reveal something 1304592406 M * MrTV maybe it is somewhere else or i didn't search for the right keyword 1304592538 M * hijacker MrTV, what device nodes are you interested in specific inside the guest? 1304592557 M * hijacker I n ever cared about devices inside the guest /dev 1304592570 M * MrTV i am not interested in any special. 1304592592 M * hijacker good, then ignore it 1304592596 M * MrTV its just that i have upgraded one guest from lenny to squeeze 1304592613 M * MrTV and after the upgrade, there were a lot more devices 1304592639 M * MrTV so i was wondering how that comes 1304592658 M * MrTV the makedev package sets them up i think 1304592682 M * MrTV because it is installed before the upgrade to squeeze 1304592790 M * MrTV then i did a normal debootstrap and compared to the guest 1304592812 M * MrTV there are way less device nodes 1304592840 M * MrTV my idea is to find the part where the device nodes are being minimized 1304592848 M * MrTV and call that again 1304592873 M * MrTV so i have the same set of device nodes in my upgraded guest 1304592883 M * daniel_hozac /usr/lib*/util-vserver/distributions/debian/initpost /etc/vservers/ /usr/lib*/util-vserver/util-vserver-vars 1304592941 M * hijacker MrTV, I wonder why you want that greater set of nodes again if you will not be using them anyways? 1304592970 M * MrTV no you didn't get what i mean, i am sorry. 1304592978 M * hijacker yes, i guess so 1304593005 M * MrTV daniel_hozac, thanks i will look into those files/dirs 1304593020 M * MrTV i will try to explain more 1304593022 M * daniel_hozac that's a command. 1304593061 M * MrTV oh, ok :) 1304593141 M * MrTV hijacker, i had a lenny guest. which i upgraded to squeeze. before the upgrade there were only 12 entries in the /dev dir 1304593182 M * MrTV hijacker, after the upgrade I had 18 entries 1304593268 M * daniel_hozac what were the new six? 1304593453 Q * bsingh Read error: Operation timed out 1304593558 Q * LuckyLuke Ping timeout: 480 seconds 1304593586 M * MrTV here is a pastebin of this 1304593590 M * MrTV http://pastebin.com/m2QDANd5 1304593693 M * MrTV you see that symlinks core, stdin, stdout, stderr ? they were not there before for example 1304593703 J * LuckyLuke ~luca@host65-83-static.228-95-b.business.telecomitalia.it 1304593723 M * MrTV and initctl also wasn't 1304593801 M * MrTV the fd was a relative symlink ../proc/self/fd and now absolute /proc/self/fd 1304593901 M * MrTV i don't know enough to tell, if this is critical in any way ... security of the host would be the most bad thing 1304593921 M * MrTV i mean those fd symlinks seem uncritical to me but initctl ? 1304593950 M * MrTV and the absolute symlink could maybe break some functionality? 1304594047 M * MrTV is this paranoia of mine? 1304594134 M * hijacker :-) 1304594144 M * hijacker you worry too much 1304594150 M * hijacker which sometimes might be a good thing 1304595296 Q * BenG Quit: I Leave 1304595428 N * DreamerC_ DreamerC 1304595780 M * MrTV hmm , can't i just remove them? i will try daniels command 1304596422 Q * nkukard Quit: Leaving 1304597141 M * daniel_hozac looks completely harmless... 1304597148 M * daniel_hozac probably even better than what you had before. 1304597452 N * Bertl_zZ Bertl 1304597457 M * Bertl morning folks! 1304597667 M * MrTV hi! 1304598107 M * MrTV daniel_hozac, the initpost script didn't remove the devices, so it is done somewhere else 1304598442 M * MrTV why does it look even better than before? 1304598565 M * daniel_hozac you're supposed to have stdin,stdout,stderr. 1304598580 M * daniel_hozac initctl wasn't there because you're probably not using the plain initstyle 1304598582 M * daniel_hozac so expected 1304599893 M * MrTV i am aware of the basics of stdin, stdout and stderr. so thats ok. 1304599915 M * MrTV what about the relative compared to absolute path? 1304600054 M * daniel_hozac really doesn't matter. 1304600063 M * MrTV ok 1304600844 M * MrTV as of what the the initstyle is concerned: i know that debian changed it with squeeze. i am not sure how it works in detail (must read about it) but i am worried about /dev/initctl. 1304600872 M * MrTV while upgrading a guest, i got "init: timeout opening/writing control channel /dev/initctl" 1304600935 M * MrTV i can start and stop the guest fine after the upgrade, but why would i need /dev/initctl then ? 1304600956 M * MrTV runlevel changes are manages "out of band" i thought 1304600972 M * MrTV s/manages/managed/ 1304601371 M * Bertl well, it depends on whether you have a real init running inside the guest or not 1304601773 J * petzsch ~markus@dslb-088-075-167-173.pools.arcor-ip.net 1304602605 M * MrTV i have init running inside every guest. 1304602677 M * Bertl sure about that? 1304602689 M * MrTV yes 1304602738 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net 1304602741 M * Bertl because most folks 'think' they have init running just because they see an init process 1304602751 M * MrTV oh, ok *g* 1304602759 M * MrTV then i am not sure :) 1304602767 M * Bertl what init style do you use? 1304602825 M * Bertl cat /etc/vservers/*/apps/init/style 1304602847 M * MrTV i didn't gave the option with build, so it's the default i think. 1304602863 M * Bertl then you are using sysv 1304602874 M * MrTV ls -l /etc/vservers/blackjack/apps/init/ 1304602874 M * MrTV total 0 1304602876 M * Bertl which in turn means, that there is no init inisde a guest 1304602879 M * MrTV empty 1304602886 M * MrTV ok 1304602912 M * Bertl what you see inside the guest is a blend through version of the hosts init 1304602932 M * MrTV i see 1304602932 M * Bertl therefore you cannot contact init inside a guest 1304602982 M * Bertl i.e. initctl is not connected and messages to init via this way will just timeout 1304603033 M * Bertl if you want, for whatever reason, a separate init inside the guest, you need to switch to a different init style, e.g. 'plain' 1304603048 M * Bertl but usually there is no need for an init ... 1304603065 M * MrTV ok. so i just don't need to care about it, i could even delete the file? 1304603094 M * Bertl I guess so 1304603102 M * MrTV ok 1304603622 M * MrTV there is one thing left: /dev/core which symlinks to /proc/kcore, why would one need that? debugging inside the guest? 1304603760 M * Bertl nobody needs that, you won't have access to /proc/kcore anyways 1304604240 M * MrTV but i am seeing the file when i am inside the guest. 1304604259 M * MrTV root@arena [~] vserver blackjack enter 1304604260 M * MrTV root@blackjack [/] ls -l /proc/kcore 1304604260 M * MrTV -r-------- 1 root root 140737486262272 May 5 16:03 /proc/kcore 1304604286 M * MrTV i wonder why that size is so big 1304604328 M * MrTV this is on a squeeze kernel 1304604451 M * MrTV ok, i cannot read from it, but i can see the file. 1304604460 M * MrTV head -20 /proc/kcore 1304604460 M * MrTV head: cannot open `/proc/kcore' for reading: Operation not permitted 1304604524 M * MrTV can i delete this then, too? :) 1304604549 M * Bertl no, you can't :) 1304605165 M * MrTV i meant /dev/core 1304605198 M * MrTV the /proc dir belongs magically to kernel 1304605340 M * Bertl correct 1304605354 M * Bertl it is a virtual filesystem 1304605482 M * MrTV I still have a another question :) 1304605499 M * Bertl no problem :) 1304605597 M * MrTV daniel already tried to answer it, but i think i couldn't describe it good enough. 1304605652 M * MrTV i build my guests with the debootstrap method. 1304605718 M * MrTV if i do a independent debootstrap somewhere else and compare the content of the dev subdir, there are way less device nodes in the dev dir of the vserver. 1304605747 M * MrTV so there must be some script in util-vserver which strips down the dev dir after the debootstrap. 1304605761 M * Bertl correct 1304605791 M * MrTV daniel told me this: /usr/lib*/util-vserver/distributions/debian/initpost /etc/vservers/ /usr/lib*/util-vserver/util-vserver-vars 1304605822 M * Bertl that looks like the script which does that, yes 1304605924 M * MrTV i tried it on that upgraded guest, shouldn't it then delete /dev/core and /dev/initctl ? 1304605940 M * MrTV it didn't 1304606038 M * daniel_hozac initpost cleans up other cruft 1304606043 M * daniel_hozac device nodes are done in the build script. 1304606149 M * Bertl there you go ... 1304606439 M * MrTV is this /usr/lib/util-vserver/vserver-build on debian? 1304606503 M * daniel_hozac .debootstrap 1304606561 M * MrTV ok, i will have a look into that. thank you! 1304606627 M * MrTV thx to all of you! :) 1304606697 M * Bertl np 1304606846 M * MrTV have to go soon, closing time. but i will very probably be back with more questions tomorrow or later. :) 1304606990 M * Bertl feel free to ... 1304607258 M * MrTV bye 1304607263 N * MrTV MrTV_gone 1304607318 J * dowdle ~dowdle@scott.coe.montana.edu 1304607710 P * kir Leaving. 1304608524 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1304610244 Q * BenG Quit: I Leave 1304610284 Q * ncopa Quit: Leaving 1304612016 J * bonbons ~bonbons@2001:960:7ab:0:8c21:2942:6cdb:d077 1304612494 Q * harobed Ping timeout: 480 seconds 1304614753 Q * derjohn_foo Ping timeout: 480 seconds 1304615481 J * BenG ~bengreen@212.183.128.3 1304615793 J * manana ~mayday090@84.17.25.149 1304615859 Q * BenG Quit: I Leave 1304616143 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1304619030 M * daniel_hozac Bertl: which urpm commands would you say are required? 1304619035 M * daniel_hozac urpmi, urpme? 1304619154 J * ichavero_ ~ichavero@189.244.25.14 1304619279 M * Bertl urpmi is essential, urpme good to have, urpmf for searches but not neccessarily required 1304619306 M * Bertl urpmi.update might be somewhat important too 1304619804 M * daniel_hozac okay 1304619856 M * Bertl if it simplifies things, it would be fine to have a vurpm with some kind of option -m which selects the subfunction 1304620277 Q * bonbons Quit: Leaving 1304620519 J * bonbons ~bonbons@2001:960:7ab:0:6c31:465e:f201:2d2f 1304620882 J * derjohn_foo ~aj@d003042.adsl.hansenet.de 1304620931 M * daniel_hozac yeah... 1304620934 M * daniel_hozac that's what i was thinking. 1304621750 N * ensc Guest280 1304621760 J * ensc ~irc-ensc@p5DF2BC9B.dip.t-dialin.net 1304622168 Q * Guest280 Ping timeout: 480 seconds 1304622305 Q * hijacker_ Quit: Leaving 1304624030 J * Roelke ~Roelke@95-36-36-169.dsl.alice.nl 1304624044 M * Roelke evening all :) 1304624085 M * Roelke is there somebody who can help me with the openvpn config 1304624098 M * Roelke i have some routing problems, and i can't find the solution 1304624154 M * Bertl probably the openvpn folks, but you can try to explain your setup 1304624209 M * Roelke setup : i have Tun793-29 from my hoster with the following config : 1304624209 M * Roelke tun793-29 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 1304624209 M * Roelke inet addr:10.0.0.109 P-t-P:10.0.0.110 Mask:255.255.255.255 1304624245 M * Roelke and my openVPN config is the really basic setup based on the wiki 1304624250 M * Bertl okay, we are talking about a Linux-VServer guest, yes? 1304624254 M * Roelke yes 1304624267 M * Roelke but with 10.0.0.0 as IP range 1304624272 M * Roelke and i can start my server and connect to it 1304624304 M * Roelke but when I run openVPN i don't have any internetconnection anymore 1304624373 M * Bertl internet connection means, it uses a different interface or what? 1304624389 M * Roelke how do you mean ? 1304624400 M * Roelke i get connection time-outs on my client 1304624404 M * Roelke and i can't ping 1304624411 M * Bertl well, I don't see the connection between starting openvpn and your internetconnection 1304624429 M * Roelke i'm tunneling all my traffic trough the VPN tunnel 1304624465 M * Roelke but when i start the VPN client my internet traffic on the client stops 1304624481 M * Bertl okay, still in the dark about your setup ... 1304624495 M * Roelke what do you want to know ? 1304624497 M * Bertl i.e. what machines are involved, where is the Linux-VServer guest involved? 1304624512 M * Roelke my linux-vserver guest is my openVPN server 1304624530 M * Roelke my home laptop is my VPN client 1304624551 M * Roelke and the main goal is tunneling all internet traffic to the internet trough my VSever guest 1304624557 M * Bertl okay, and the Linux-VServer guest is running at a hosters machine, yes? 1304624570 M * Roelke correct 1304624587 M * Bertl and you don't have access to the Linux-VServer host there, yes? 1304624597 M * Roelke correct 1304624615 M * Bertl and the hosting provider arrange for the tun entry, correct? 1304624631 M * Roelke correct 1304624656 M * Bertl okay, the openvpn server is configured to use that interface and the involved IPs? 1304624672 M * Roelke i think that the problem is there 1304624706 M * Roelke it's not working and it's looking like a config problem 1304624727 M * Bertl okay, so then let's upload the config for a start (to some pastebin service) 1304624791 M * Roelke http://pastebin.com/4hnXP2Pn 1304624871 M * Bertl well, I presume that will give you a bunch of errors on startup 1304624882 M * Roelke not really 1304624889 J * aj__ ~aj@d063057.adsl.hansenet.de 1304624916 M * Bertl I'd expect the first error when it tries to create the tun device 1304624921 M * Roelke Thu May 5 21:48:16 2011 us=521023 Note: Cannot set tx queue length on tun793-29: Operation not permitted (errno=1) 1304624921 M * Roelke Thu May 5 21:48:16 2011 us=521136 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2 1304624921 M * Roelke RTNETLINK answers: Operation not permitted 1304624946 M * Roelke that are the errors 1304624969 M * Bertl you need to adjust the local and remote end of the tunnel 1304624975 M * Roelke ok 1304624982 M * Roelke and how i'm doing that ? 1304625033 M * Bertl I'm still unclear how you connect or plan to connect 1304625067 M * Roelke i'm connecting trough eth0 1304625076 M * Roelke wich has an external IP 1304625089 M * Bertl so you need to tell openvpn what that external ip is 1304625103 M * Bertl as it has to open a port there 1304625121 M * Roelke with remote : *my ip* 1304625121 M * Roelke ? 1304625134 M * Bertl actually with 'local' 1304625145 M * Bertl because it is the local port for the server 1304625149 M * Roelke ok 1304625156 M * Bertl you did setup openvpn before? 1304625178 M * Roelke not really 1304625183 M * Roelke i've did some things with acces server 1304625200 M * Roelke but that's a really easy config :) 1304625203 M * Bertl well, then I'll suggest you do some reading first, to figure out the config/setup details 1304625220 M * Roelke i've read the example script 1304625230 M * Bertl you definitely want persist-tun 1304625242 M * Bertl as the tun has to be created on the host for you 1304625256 M * Roelke the tun device is created for me 1304625278 M * Bertl you also do not want any route or interface changes done by openvpn 1304625293 M * Roelke i know 1304625306 M * Roelke that's pointed out in the wiki 1304625313 M * Bertl which in turn means, that you need to handle the local IPs and optional masquerading on the host as well 1304625327 Q * derjohn_foo Ping timeout: 480 seconds 1304625346 M * Roelke ok 1304625386 M * Bertl enable openvpn logging and set a debug log level 1304625424 M * Roelke ok 1304625554 M * Roelke how do i disable interface changes ? 1304625658 M * Bertl first, you can't use 'server' mode (i.e. the multi client version) because you only have one tun device and one IP for that 1304625701 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1304625709 M * Bertl so 'mode server' is fine, but server with network range is not 1304625723 M * Roelke ok 1304625851 M * Roelke http://pastebin.com/LjWfZMGM 1304625854 M * Roelke it's now that 1304625904 M * Bertl k, what says the log on startup? 1304625915 M * Roelke i'm goint to test it now 1304625947 M * Roelke Options error: --mode server requires --tls-server 1304625947 M * Roelke Use --help for more information. 1304625951 M * Roelke only thing it says 1304625959 M * daniel_hozac so... set tls-server? 1304625960 M * Bertl so use tsl-server 1304625973 M * Roelke uhu 1304625975 M * Bertl *tls 1304626025 M * Roelke just add tls-server to the config ? 1304626069 M * Bertl yep, and whatever it requires 1304626142 M * Roelke it keeps saying : Thu May 5 22:08:13 2011 us=830652 Note: Cannot set tx queue length on tun793-29: Operation not permitted (errno=1) 1304626150 M * Roelke but it's running 1304626157 M * Bertl okay, you can disable that too 1304626161 M * Roelke how ? 1304626206 M * Bertl hmm ... I thought there was an option, for that too 1304626343 M * Roelke my client says : ERROR --dev tun also requires --ifconfig 1304626389 M * Bertl well, on the client side you are free to do tun setups and ifconfig 1304626407 M * Bertl i.e. no need there to keep openvpn from doing that 1304626420 M * Bertl your IP should be configured to match the server though 1304626436 M * Roelke it's a windows client 1304626447 M * Bertl my condolences 1304626644 M * Roelke but what's the problem with my client config ? 1304626673 M * Bertl you need to adjust it to the 'new' server config 1304626975 M * Bertl tls-client, local, remote 1304627641 Q * ichavero_ Ping timeout: 480 seconds 1304627720 J * ichavero_ ~ichavero@189.244.78.5 1304627860 Q * jrdnyquist Server closed connection 1304627872 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1304627899 M * Roelke yes i'm reading :) 1304627918 M * Bertl take your time, openvpn config can be tricky 1304628043 M * Roelke i know ;) 1304628053 M * Roelke what do i have to fill in by local ? 1304628077 M * Bertl the 10.x address 1304628089 M * Roelke from what ? 1304628102 M * Bertl from the tunnel, i.e. the other end to the server 1304628108 M * Roelke ok 1304628113 M * Roelke so the IP of TUN ? 1304628126 M * Bertl the client ip, yes, not the server ip 1304628145 Q * bonbons Quit: Leaving 1304628192 M * Roelke hmm 1304628252 M * Roelke that was the IP in the "old" situation i got from the server right ? 1304628264 M * Bertl yep 1304628276 M * Bertl you can still 'get' it from the server via push 1304628298 M * Bertl but it's simpler to set it for a start 1304628331 M * Roelke ok 1304628349 M * Roelke i used the ip i got in the old situation, 10.0.0.6 1304628374 M * Roelke he's saying TLS error 1304628388 M * Bertl so, is your tls cipher in sync? 1304628395 M * Roelke key negotation failed 1304628508 M * Roelke how can i check my TLS cipher ? 1304628534 M * Bertl well, you defined it, I hope? 1304628596 M * Roelke no i didn't 1304628602 M * Roelke i have made it now 1304628697 Q * FireEgl Read error: Connection reset by peer 1304628951 M * Roelke same problem 1304628973 M * Bertl what about the certificate? 1304629002 M * Roelke i've created it and added to both server and client 1304629082 M * Bertl what does the openvpn log on server and client say? 1304629189 M * Roelke Thu May 5 22:57:28 2011 us=483109 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 1304629315 Q * ichavero_ Quit: This computer has gone to sleep 1304629661 J * FireEgl FireEgl@2001:470:e056:1:e035:592e:3de1:a82e 1304629668 M * Bertl that's all you get on both sides? 1304629681 M * Roelke from thing with tls yes 1304629702 M * Bertl so that doesn't look like the client is even connecting 1304629718 Q * harobed Quit: Ex-Chat 1304629719 M * Roelke i see both server and client load the ta.key 1304629723 M * Roelke and my client connects 1304629729 M * Bertl to the server 1304629735 M * Roelke yes 1304629739 M * Bertl i.e. you get a log of that on the server? 1304629755 M * Roelke no 1304629777 M * Roelke i can see my client wants to connect 1304629785 M * Roelke but fails at the TLS auth 1304629791 M * Roelke after 60 seconds 1304629834 M * Bertl so, the server doesn't log anything about the connect? 1304629856 M * Roelke nothing 1304629869 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1304629896 M * Bertl so I wonder, does the client even connect to 'your' server? 1304629904 M * Roelke key negoniaton failed in 60 seconds and TLS handshake failed 1304629922 M * Bertl i.e. double check the IPs, check with tcpdump (or similar) on the client side 1304630310 M * Roelke i can see that he is connecting to my server ip 1304630329 M * Bertl okay, so why doesn't the server see it? 1304630338 M * Roelke no idea 1304630344 M * Bertl i.e. you should at least get a connect message there 1304630347 M * Bertl check the ports 1304630367 M * Bertl maybe your client uses a different port than the server, i.e. assign a fixed port on both to make sure 1304630397 M * Roelke i'm going to post my client config 1304630460 M * Roelke http://pastebin.com/uBV6XxeM 1304630463 M * Roelke that's my client config 1304630470 M * Bertl is the server config still valid? 1304630476 M * Roelke yes it is 1304630479 M * Roelke my server is running 1304630600 M * Bertl port 1194 1304630604 M * Bertl add that to the client 1304630685 M * Bertl also, local on the client should be your IP for connections from the server 1304630697 M * Roelke my home IP ? 1304630705 M * Bertl the one the client machine uses 1304630722 M * Roelke so the DHCP from my home network ? 1304630740 M * Bertl yes, and you need your firewall to map the port, if you are using udp 1304630751 M * Roelke hmm ok 1304630758 M * Roelke maybe i should use TCP then 1304630762 M * Bertl not required for tcp, yes 1304630896 M * Roelke ok i'm little bit further now 1304630912 M * Roelke there is a connection 1304630917 M * Roelke i can see in the server log 1304630922 M * Bertl good 1304630946 M * Roelke but now the client says again : error --dev tun also requiers ifconfig 1304630974 M * Bertl so add a proper ifconfig 1304630981 M * Roelke how ? 1304631024 M * Bertl ifconfig 10.0.0.6 10.0.0.7 1304631131 M * Roelke Thu May 05 23:31:03 2011 us=607000 There is a problem in your selection of --ifconfig endpoints [local=10.0.0.6, remote=10.0.0.7]. The local and remote VPN endpoints cannot use the first or last address within a given 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info. 1304631155 M * Bertl where does the .252 network come from? 1304631184 M * Roelke no idea 1304631198 M * Bertl well, looks like a windows problem to me 1304631203 M * Roelke There are some caveats to be aware of when using "tun" style devices on Windows: the --ifconfig endpoints chosen must be the two "middle" addresses in a 255.255.255.252 subnet 1304631206 M * Roelke it is 1304631255 M * Bertl so, ignoring the fact that this isn't Linux-VServer related, we are out of our expertise here :) 1304631274 M * Roelke i've used 10.0.0.1 and 10.0.02 1304631275 M * Bertl i.e. check with the openvpn folks or some windows admin how to resolve that 1304631315 M * Roelke i've 10.0.0.1 as IP 1304631327 M * Roelke but now i don't have internet anymore :( 1304631351 M * Roelke MULTI: bad source address from client [10.0.0.1], packet dropped 1304631353 M * Roelke MULTI: bad source address from client [10.0.0.1], packet dropped 1304631354 M * Bertl well, you push a default route from the server 1304631367 M * Roelke in the server log : MULTI: bad source address from client [10.0.0.1], packet dropped 1304631368 M * daniel_hozac you probably wanted .5 and .6 1304631371 M * daniel_hozac not .6 and .7. 1304631381 M * Roelke in the server log : MULTI: bad source address from client [10.0.0.1], packet dropped 1304631397 M * Bertl ah, right 1304631435 M * Roelke .5 and .6 ar also woring 1304631446 M * Roelke but still no internet 1304631463 M * Roelke but log is full with packet dropped 1304631472 M * Bertl well, as I said, you are redirecting everything through the tunnel 1304631480 M * Bertl at least that's what the server config says 1304631492 M * Roelke uhu 1304631518 M * Bertl so comment out the push there for now 1304631536 M * daniel_hozac you know ifconfig should be switched on client and server, right? 1304631581 M * Roelke i've commented it out 1304631586 M * Roelke and my internet is back off course 1304631617 M * Roelke the server doesn't have a ifconfig 1304631620 M * Roelke do i have to add that ? 1304631668 M * Bertl no, the server already has a config for that tun 1304631681 M * Bertl (which is set on guest startup) 1304631766 M * Roelke uhu ok 1304631774 M * Roelke but the TUN interface has higher IP's 1304631783 M * Roelke 10.0.0.109 and 110 1304631801 M * Bertl you can use those in reverse order on the client, that's what daniel_hozac was saying 1304631814 M * Bertl but at least on unix, that's not required 1304631842 A * MooingLemur has never done tun tunnels, only tap. 1304631866 M * MooingLemur otherwise I might have had something to offer :P 1304631946 M * Roelke still not working 1304631966 M * Bertl try to ping the other end of the tunnel from both sides 1304631985 M * Bertl check what happens (in the logs and on the client) 1304631996 M * daniel_hozac Bertl: urpmi support should be there now in 2966 1304632006 M * Bertl wow, great news! 1304632033 M * Bertl can I update the test machine? 1304632048 M * Roelke when i'm pinging 10.0.0.109 from client i'm getting time outs 1304632072 M * Roelke when i'm pinging 10.0.0.110 on the server my ping is <0,1ms 1304632085 M * daniel_hozac sure 1304632104 M * Roelke no wait 1304632113 M * Roelke when i'm ping 10.0.0.110 on server it's timing out 1304632131 M * Roelke and when pinging 109 on server it's <0,1ms 1304632147 M * Bertl that's expected (the local ping) 1304632153 M * Roelke uhu 1304632158 M * Bertl what about pinging 109 from the client 1304632176 M * Bertl and what packets are logged on the client? 1304632178 M * Roelke time out 1304632243 M * Roelke my packet tracer on the client shows packages from and to openvpn 1304632266 M * Roelke but om my server i keep getting the packet dropped message multiple times per second 1304632273 M * daniel_hozac Bertl: let me know if you encounter any problems... note that you need to do the vurpm urpmi -- urpmi; vserver pkgmgmt internalize to get internal package management 1304632302 M * Bertl Roelke: packets on the 'public' interface? 1304632309 M * Roelke yes 1304632318 M * Bertl daniel_hozac: what about creating internalized guests directly? 1304632364 M * Bertl Roelke: so you see a packet exchange going to and from the server, yes? 1304632371 M * Roelke yes 1304632383 M * daniel_hozac not supported. same as for the other rpm build methods. 1304632394 M * Bertl Roelke: and what does client and server log? 1304632399 M * Bertl daniel_hozac: ah, okay, np 1304632435 M * Roelke server log keeps saying : 1304632435 M * Roelke hu May 5 23:53:21 2011 us=442891 client1/95.36.36.169:1194 TCPv4_SERVER WRITE [53] to 95.36.36.169:1194: P_DATA_V1 kid=0 DATA len=52 1304632435 M * Roelke Thu May 5 23:53:27 2011 us=803526 client1/95.36.36.169:1194 TCPv4_SERVER READ [53] from 95.36.36.169:1194: P_DATA_V1 kid=0 DATA len=52 1304632435 M * Roelke Thu May 5 23:53:31 2011 us=420465 client1/95.36.36.169:1194 TCPv4_SERVER WRITE [53] to 95.36.36.169:1194: P_DATA_V1 kid=0 DATA len=52 1304632435 M * Roelke Thu May 5 23:53:37 2011 us=528679 client1/95.36.36.169:1194 TCPv4_SERVER READ [53] from 95.36.36.169:1194: P_DATA_V1 kid=0 DATA len=52 1304632436 M * Roelke Thu May 5 23:53:41 2011 us=442434 client1/95.36.36.169:1194 TCPv4_SERVER WRITE [53] to 95.36.36.169:1194: P_DATA_V1 kid=0 DATA len=52 1304632440 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1304632467 M * Bertl but that looks fine, i.e. like the ping goes through 1304632506 M * Roelke that's true 1304632768 M * Bertl check with 'ip a l' (or equivalent) on both sides for the interface setup and with 'ip r l' for the routes 1304632846 M * daniel_hozac Bertl: immediately internalized is something i've had on my TODO for a long time. maybe i'll actually get to it some time soon... 1304632873 M * Roelke going to do that tomorrow :) 1304632879 M * Roelke it's time to get some sleep now 1304632889 M * Roelke really thanks for all your time and help :) 1304632999 Q * Roelke 1304633970 M * Bertl daniel_hozac: no problem, when you get to it, let me know ... 1304634018 Q * hparker Quit: Quit 1304634022 M * Bertl the 'sure' more than an hour ago was the answer to my question? 1304634043 Q * petzsch Quit: Leaving. 1304634104 M * Bertl hmm, not more than an hour actually 1304635059 Q * ghislain Quit: Leaving. 1304635552 Q * Piet Remote host closed the connection 1304635598 J * Piet ~Piet__@28IAABIWD.tor-irc.dnsbl.oftc.net 1304636621 Q * radix_ Quit: Leaving 1304637400 Q * PowerKe Ping timeout: 480 seconds 1304637698 J * ichavero_ ~ichavero@189.244.78.5