beakmyn Posted May 29, 2009 Share Posted May 29, 2009 Ok first shoot me for having to do this from Vista, but this laptop has Sis chipsets so Ubuntu doesn't play well with it. Vista however runs quite well. But anyway. The set up is as follows: Fon WAN goes to switch Fon LAN goes to laptop2 Fon Wifi goes to laptop1 Laptop1 is running Openvpn server.conf Laptop2 is happily surfing the internet I use laptop1 to ssh into the fon and start the interceptor. root@OpenWrt:/interceptor/openvpn/client# /interceptor/bin/startup.sh Fri May 29 07:56:31 2009 OpenVPN 2.0.9 mips-linux [SSL] [LZO] built on Feb 2 2009 Fri May 29 07:56:31 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Fri May 29 07:56:31 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Fri May 29 07:56:31 2009 WARNING: file '/interceptor/openvpn/client/client1.key' is group or others accessible Fri May 29 07:56:31 2009 WARNING: file '/interceptor/openvpn/client/ta.key' is group or others accessible Fri May 29 07:56:31 2009 Control Channel Authentication: using '/interceptor/openvpn/client/ta.key' as a OpenVPN static key file Fri May 29 07:56:31 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 29 07:56:31 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 29 07:56:31 2009 LZO compression initialized Fri May 29 07:56:31 2009 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Fri May 29 07:56:31 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Fri May 29 07:56:31 2009 Local Options hash (VER=V4): '13a273ba' Fri May 29 07:56:31 2009 Expected Remote Options hash (VER=V4): '360696c5' Fri May 29 07:56:31 2009 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Fri May 29 07:56:31 2009 UDPv4 link local: [undef] Fri May 29 07:56:31 2009 UDPv4 link remote: 10.255.255.253:1194 Fri May 29 07:56:31 2009 TLS: Initial packet from 10.255.255.253:1194, sid=61f74ddc 4279f886 Fri May 29 07:56:31 2009 VERIFY OK: depth=1, /C=US/ST=XX/L=MonkeyIsland/O=interceptor/CN=server/emailAddress=monkey@interceptor.nul Fri May 29 07:56:31 2009 VERIFY OK: depth=0, /C=US/ST=XX/O=interceptor/CN=server/emailAddress=monkey@interceptor.nul Fri May 29 07:56:32 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri May 29 07:56:32 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 29 07:56:32 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri May 29 07:56:32 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 29 07:56:32 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Fri May 29 07:56:32 2009 [server] Peer Connection Initiated with 10.255.255.253:1194 Fri May 29 07:56:33 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Fri May 29 07:56:33 2009 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' Fri May 29 07:56:33 2009 OPTIONS IMPORT: timers and/or timeouts modified Fri May 29 07:56:33 2009 OPTIONS IMPORT: --ifconfig/up options modified Fri May 29 07:56:33 2009 OPTIONS IMPORT: route options modified [-] Daemon mode set [-] Interface set to br-lan [-] Log filename set to "daemonlogger.pcap" [-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid" [-] Pidpath configured to "/var/run" [-] Rollover size set to 2147483648 bytes [-] Rollover time configured for 0 seconds [-] Pruning behavior set to oldest IN DIRECTORY -*> DaemonLogger <*- Version 1.2.1 By Martin Roesch (C) Copyright 2006-2007 Sourcefire Inc., All rights reserved root@OpenWrt:/interceptor/openvpn/client# On Laptop1 -openvpn log Fri May 29 07:56:34 2009 10.255.255.254:60775 [client1] Peer Connection Initiated with 10.255.255.254:60775 Fri May 29 07:56:36 2009 client1/10.255.255.254:60775 PUSH: Received control message: 'PUSH_REQUEST' Now, I was under the impression that I could fire up Wireshark on Laptop1 and set the interface to tap0 and I'd see the traffic being sniffed and I should see laptop2's traffic. The goggles, they do nothing. Oh where have I gone astray? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 31, 2009 Share Posted May 31, 2009 You ran the wrong startup script. You need to run the one on laptop 1. That will start the openvpn server on the laptop then do an ssh to the Fon and run the startup script you just ran by hand. Try this and you should get the interface created. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted May 31, 2009 Author Share Posted May 31, 2009 You ran the wrong startup script. You need to run the one on laptop 1. That will start the openvpn server on the laptop then do an ssh to the Fon and run the startup script you just ran by hand. Try this and you should get the interface created. No I didn't, it doesn't appear to be an issue with the interface being created. Because I'm running from Windows there is no bash command line. So, I'm running Openvpn with the gui and server.conf. Then I use PuTTY to ssh into the fon via the wifi and I then set the date/time and manually run the startup.sh on the interceptor. Which it appears is running and connecting to my the server on laptop1. However, I don't see any traffic on the TAP connection, which I find odd. The output from the fon in my last post shows the client connecting. At this point I think it may be a Windows issue and I may not be able to see other traffic on the Tap connection. I've disabled the windows firewall also just to take it out of the equation. ...doing research, problem may be wireshark.... Quote Link to comment Share on other sites More sharing options...
digininja Posted May 31, 2009 Share Posted May 31, 2009 In which case, good luck. How about using cygwin and running openvpn in that? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.