Hi,
I'm having a few connectivity issues running openvpn on GP3 Dm800 as a client, occassionally it work ok but most of the time fails at the route add command before the tun device is opened. I think its an issue opening the tun device rather than route add but I've not found a fix. I've tried various vpn provides and had the configfs working under Windows, Linux and openwrt devices.
Failed Example
Code
Sun Jan 6 15:40:19 2013 OpenVPN 2.2.2 mipsel-oe-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Mar 7 2012
Sun Jan 6 15:40:19 2013 WARNING: file '/etc/openvpn/authpass' is group or others accessible
Sun Jan 6 15:40:19 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan 6 15:40:19 2013 WARNING: file 'ivacy-client.key' is group or others accessible
Sun Jan 6 15:40:19 2013 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Jan 6 15:40:19 2013 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Jan 6 15:40:19 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 15:40:19 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 15:40:19 2013 LZO compression initialized
Sun Jan 6 15:40:19 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Jan 6 15:40:19 2013 Socket Buffers: R=[103424->131072] S=[103424->131072]
Sun Jan 6 15:40:19 2013 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses
Sun Jan 6 15:40:19 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan 6 15:40:19 2013 Local Options hash (VER=V4): '504e774e'
Sun Jan 6 15:40:19 2013 Expected Remote Options hash (VER=V4): '14168603'
Sun Jan 6 15:40:19 2013 UDPv4 link local: [undef]
Sun Jan 6 15:40:19 2013 UDPv4 link remote: 213.232.200.170:1194
Sun Jan 6 15:40:19 2013 TLS: Initial packet from 213.232.200.170:1194, sid=0ba3f877 9ae59387
Sun Jan 6 15:40:19 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 6 15:40:20 2013 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Jan 6 15:40:20 2013 VERIFY OK: nsCertType=SERVER
Sun Jan 6 15:40:20 2013 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Jan 6 15:40:22 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 6 15:40:22 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 15:40:22 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 6 15:40:22 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 15:40:22 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jan 6 15:40:22 2013 [openvpn.ivacy.com] Peer Connection Initiated with 213.232.200.170:1194
Sun Jan 6 15:40:24 2013 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Jan 6 15:40:24 2013 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.124.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.124.110 255.255.255.0'
Sun Jan 6 15:40:24 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 6 15:40:24 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Jan 6 15:40:24 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 6 15:40:24 2013 OPTIONS IMPORT: route options modified
Sun Jan 6 15:40:24 2013 OPTIONS IMPORT: route-related options modified
Sun Jan 6 15:40:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 6 15:40:24 2013 ROUTE default_gateway=192.168.33.2
Display More
Successful Example
Code
Sun Jan 6 16:23:32 2013 OpenVPN 2.2.2 mipsel-oe-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Mar 7 2012
Sun Jan 6 16:23:32 2013 WARNING: file '/etc/openvpn/authpass' is group or others accessible
Sun Jan 6 16:23:32 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan 6 16:23:32 2013 WARNING: file 'ivacy-client.key' is group or others accessible
Sun Jan 6 16:23:32 2013 WARNING: file 'ivacy-tls.key' is group or others accessible
Sun Jan 6 16:23:32 2013 Control Channel Authentication: using 'ivacy-tls.key' as a OpenVPN static key file
Sun Jan 6 16:23:32 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 16:23:32 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 16:23:32 2013 LZO compression initialized
Sun Jan 6 16:23:32 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Jan 6 16:23:32 2013 Socket Buffers: R=[103424->131072] S=[103424->131072]
Sun Jan 6 16:23:32 2013 RESOLVE: NOTE: openvpn.ivacy.com resolves to 3 addresses
Sun Jan 6 16:23:32 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan 6 16:23:32 2013 Local Options hash (VER=V4): '504e774e'
Sun Jan 6 16:23:32 2013 Expected Remote Options hash (VER=V4): '14168603'
Sun Jan 6 16:23:32 2013 UDPv4 link local: [undef]
Sun Jan 6 16:23:32 2013 UDPv4 link remote: 213.232.200.172:1194
Sun Jan 6 16:23:32 2013 TLS: Initial packet from 213.232.200.172:1194, sid=695cef27 21c0c54d
Sun Jan 6 16:23:32 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 6 16:23:33 2013 VERIFY OK: depth=1, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=ivacy.com_CA/emailAddress=admin@ivacy.com
Sun Jan 6 16:23:33 2013 VERIFY OK: nsCertType=SERVER
Sun Jan 6 16:23:33 2013 VERIFY OK: depth=0, /C=RU/ST=MR/L=Moscow/O=ivacy.com/CN=openvpn.ivacy.com/emailAddress=admin@ivacy.com
Sun Jan 6 16:23:35 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 6 16:23:35 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 16:23:35 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 6 16:23:35 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 6 16:23:35 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jan 6 16:23:35 2013 [openvpn.ivacy.com] Peer Connection Initiated with 213.232.200.172:1194
Sun Jan 6 16:23:37 2013 SENT CONTROL [openvpn.ivacy.com]: 'PUSH_REQUEST' (status=1)
Sun Jan 6 16:23:37 2013 PUSH: Received control message: 'PUSH_REPLY,route 1.0.0.0 255.0.0.0,dhcp-option DNS 1.254.2.2,dhcp-option DNS 1.254.2.3,dhcp-option DOMAIN vpn,explicit-exit-notify 2,route-gateway 1.2.112.1,topology subnet,ping 10,ping-restart 60,ifconfig 1.2.112.101 255.255.252.0'
Sun Jan 6 16:23:37 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 6 16:23:37 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Jan 6 16:23:37 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 6 16:23:37 2013 OPTIONS IMPORT: route options modified
Sun Jan 6 16:23:37 2013 OPTIONS IMPORT: route-related options modified
Sun Jan 6 16:23:37 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 6 16:23:37 2013 ROUTE default_gateway=192.168.33.2
Sun Jan 6 16:23:37 2013 TUN/TAP device tun0 opened
Sun Jan 6 16:23:37 2013 TUN/TAP TX queue length set to 100
Sun Jan 6 16:23:37 2013 /sbin/ifconfig tun0 1.2.112.101 netmask 255.255.252.0 mtu 1500 broadcast 1.2.115.255
Sun Jan 6 16:23:37 2013 /sbin/route add -net 213.232.200.172 netmask 255.255.255.255 gw 192.168.33.2
Sun Jan 6 16:23:37 2013 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sun Jan 6 16:23:37 2013 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 1.2.112.1
Sun Jan 6 16:23:37 2013 WARNING: potential route subnet conflict between local LAN [1.2.112.0/255.255.255.0] and remote VPN [1.0.0.0/255.0.0.0]
Sun Jan 6 16:23:37 2013 /sbin/route add -net 1.0.0.0 netmask 255.0.0.0 gw 1.2.112.1
Sun Jan 6 16:23:37 2013 Initialization Sequence Completed
Display More
I've hit a bit of a brick wall with this one, just wondering if anyone can help or if anyone know of any images they have successfully had openvpn working regularly on a dm800 non se sim2.01
Thanks