Host to Lan problem

Home Page Forums Network Management VPN Host to Lan problem

This topic contains 2 replies, has 0 voices, and was last updated by  rpottersr 4 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #43502

    rpottersr
    Member

    Good Day!

    I’m hoping to get some help on a problem of connecting to my internal network using the Host to Lan feature of ZS.

    Below is my connection status:

    Wed Nov 21 09:32:49 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
    Enter Auth Password:
    Wed Nov 21 09:32:56 2012 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Nov 21 09:32:56 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Wed Nov 21 09:32:56 2012 LZO compression initialized
    Wed Nov 21 09:32:56 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Wed Nov 21 09:32:56 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Nov 21 09:32:56 2012 Local Options hash (VER=V4): ’31fdf004′
    Wed Nov 21 09:32:56 2012 Expected Remote Options hash (VER=V4): ‘3e6d1056’
    Wed Nov 21 09:32:56 2012 Attempting to establish TCP connection with 74.236.71.100:1194
    Wed Nov 21 09:32:56 2012 TCP connection established with 74.236.71.100:1194
    Wed Nov 21 09:32:56 2012 TCPv4_CLIENT link local: [undef]
    Wed Nov 21 09:32:56 2012 TCPv4_CLIENT link remote: 74.236.71.100:1194
    Wed Nov 21 09:32:56 2012 TLS: Initial packet from 74.236.71.100:1194, sid=ff2e6cc4 3441183c
    Wed Nov 21 09:32:57 2012 VERIFY OK: depth=1, /C=IT/O=Zeroshell.net/OU=Example/CN=Zer … oshell.net
    Wed Nov 21 09:32:57 2012 VERIFY OK: depth=0, /OU=Hosts/CN=zeroshell.cpifl.com
    Wed Nov 21 09:32:58 2012 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Wed Nov 21 09:32:58 2012 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
    Wed Nov 21 09:32:58 2012 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Wed Nov 21 09:32:58 2012 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication
    Wed Nov 21 09:32:58 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Wed Nov 21 09:32:58 2012 [zeroshell.cpifl.com] Peer Connection Initiated with 74.236.71.100:1194
    Wed Nov 21 09:32:59 2012 SENT CONTROL [zeroshell.cpifl.com]: ‘PUSH_REQUEST’ (status=1)
    Wed Nov 21 09:33:00 2012 PUSH: Received control message: ‘PUSH_REPLY,route-gateway 192.168.250.254,,dhcp-option DNS 192.168.250.254,route remote_host 255.255.255.255 net_gateway 1,route 192.168.250.0 255.255.255.0,ping 5,ping-restart 60,ifconfig 192.168.250.1 255.255.255.0’
    Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: timers and/or timeouts modified
    Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: –ifconfig/up options modified
    Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: route options modified
    Wed Nov 21 09:33:00 2012 OPTIONS IMPORT: –ip-win32 and/or –dhcp-option options modified
    Wed Nov 21 09:33:00 2012 TAP-WIN32 device [Local Area Connection 6] opened: \.Global{10F0F396-4E36-4E24-96DF-267420E00BF7}.tap
    Wed Nov 21 09:33:00 2012 TAP-Win32 Driver Version 8.4
    Wed Nov 21 09:33:00 2012 TAP-Win32 MTU=1500
    Wed Nov 21 09:33:00 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.250.1/255.255.255.0 on interface {10F0F396-4E36-4E24-96DF-267420E00BF7} [DHCP-serv: 192.168.250.0, lease-time: 31536000]
    Wed Nov 21 09:33:00 2012 NOTE: FlushIpNetTable failed on interface [19] {10F0F396-4E36-4E24-96DF-267420E00BF7} (status=5) : Access is denied.
    Wed Nov 21 09:33:00 2012 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
    Wed Nov 21 09:33:00 2012 route ADD 74.236.71.100 MASK 255.255.255.255 192.168.2.1 METRIC 1
    Wed Nov 21 09:33:00 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=11]
    Wed Nov 21 09:33:00 2012 Route addition via IPAPI failed
    Wed Nov 21 09:33:00 2012 route ADD 192.168.250.0 MASK 255.255.255.0 192.168.250.254
    Wed Nov 21 09:33:00 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=19]
    Wed Nov 21 09:33:00 2012 Route addition via IPAPI failed
    Wed Nov 21 09:33:00 2012 Initialization Sequence Completed

    Hopefully someone can tell me what I’m doing wrong…have read everything about setting this up, but apparently being a noob to ZS is not helping.

    Thanks in advance for any help on this…

    #52529

    redfive
    Participant

    Are you using win Vista/7 ? Try right click on OpenVpn gui , run as administrator.
    cheers

    P.S.
    about

    Wed Nov 21 09:32:56 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

    try to add this line in your client config

    remote-cert-eku 'TLS Web Server Authentication'
    #52530

    redfive
    Participant

    Wed Nov 21 09:32:49 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

    Consider also to try with a newer openvpn version , I haven’t any kind of problem with the 2.3_rc1 , on both win7x64 and xp Sp3.
    cheers

    #52531

    bakcsa
    Member

    Hi,

    I would like to migrate my openvpn server to zeroshell. I’m using zeroshell for a while, but wasn’t able to setup openvpn.

    The connection establishes every time, but the trafic cannot go through the tunnel. I cannot even ping the gateway.

    About the setup:
    I’m using the default values, except the port, which I modified from 1194 to 1195. It’s needed, bevouse there is a virtual server entry in zeroshel for 1194 which points to my old vpn server.
    Also, I have added the net in the “Client IP Address Assignment” section.
    My lan’s details are:
    ip:192.168.10.0
    subnet:255.255.255.0
    zeroshell ip: 192.168.10.1

    the net, which i added to the vpn is 192.168.10.0/255.255.255.0
    Source NAT is checked
    I didn’t modify anything on VPN99 adapter.
    I have a Bridge which consist of the LAN side NIC and the wireles adapter.
    Firewall: All chain default policy is ACCEPT, there is no special rule to DROP any packet.

    Do you have any idea, what could be behind of this? I really want to get rid of a separate vpn server since zeroshell supports vpn.

    Also, could you please tell me where can I found the server configuration file for openvpn? (i mean on the zeroshell file system) If I cannot make it work through the gui, I would try by hand.

    Thanks!

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.