OpenVPN and Mac clients fix

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
slothrop
DD-WRT Novice


Joined: 07 Aug 2006
Posts: 10

PostPosted: Thu Sep 28, 2006 3:51    Post subject: OpenVPN and Mac clients fix Reply with quote
I just solved a problem I'd been having trying to get Mac clients to connect over OpenVPN to a WRT54GL running v23 SP2 (9/15) vpn. I could get the initial connection to work, but no data would flow over it. Connection logs on the client said "write to TUN/TAP : Input/output error (code=5)" and the tap0 interface never got an IP address.

The solution is to tell tap0 to use DHCP explicitly after bringing it up. Add the following line to your client.conf (I put this after my ca/cert/key lines) to call a quick little script to do this:

up "./vpn-up.sh"

The vpn-up.sh script should be placed in the same directory with the client.conf file. Its contents:

#!/bin/bash
ipconfig set tap0 DHCP

That's it. Just remember to make the vpn-up.sh script executable (chmod 755 vpn-up.sh). There might be a more elegant way to do all this, but it works for me as is.

Hope that helps someone. I found this info in a forum somewhere else, so I can't take credit for it.
Sponsor
khk
DD-WRT Novice


Joined: 09 Jul 2006
Posts: 3

PostPosted: Sun Oct 22, 2006 20:30    Post subject: Slightly more elegant solution :) Reply with quote
Thank you for this tip, it helped to get my setup working. I can however offer a small modification to your script: OpenVPN provides command line options to the up script. One of these parameters (the first one actually) is the device that is being processed. If you use the following, you don't have to hardcode the device in your script:

#!/bin/bash
ipconfig set $1 DHCP
slothrop
DD-WRT Novice


Joined: 07 Aug 2006
Posts: 10

PostPosted: Sun Oct 22, 2006 20:53    Post subject: Reply with quote
Cool - thanks!
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Mon Oct 23, 2006 3:56    Post subject: Reply with quote
This is good to know. I had assumed that the TUN and TAP drivers were broken and given up trying to get OpenVPN to work on my system. Thanks for posting this, slothrop and khk.
iduff
DD-WRT Novice


Joined: 23 Jan 2007
Posts: 7

PostPosted: Mon Feb 26, 2007 15:01    Post subject: Reply with quote
I think this script is failing for me. I ran the second line in each suggestion in OS X Terminal; both failed, although for different reasons:

ianduffmacbookpro:~ ian$ ipconfig set tap0 DHCP
ipconfig_set tap0 DHCP failed: permission denied

ianduffmacbookpro:~ ian$ ipconfig set $1 DHCP
usage: set <interface name> < BOOTP | MANUAL | DHCP | INFORM | NONE > <method args>

I played around with setting tap0 using methods other than DHCP, all got the "permission denied" error, so it looks like I do not have sufficient permission to set tap0. I have admin rights on my Mac, what more must I do to get permission?
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Mon Feb 26, 2007 17:39    Post subject: Reply with quote
You need to run the command as an admin:
Code:
sudo ipconfig set tap0 dhcp
iduff
DD-WRT Novice


Joined: 23 Jan 2007
Posts: 7

PostPosted: Mon Feb 26, 2007 20:54    Post subject: Reply with quote
Got it, thanks. Did so, in OS X Terminal, with "dhcp" in caps, it ran fine. Still getting the TUN/TAP error code=5 scrolling. Must the script also run as admin, and if so, how and why?
DgtHorse
DD-WRT Novice


Joined: 15 Aug 2007
Posts: 10

PostPosted: Wed Aug 15, 2007 1:03    Post subject: Reply with quote
I am getting the same error code=5 and scrolling.
Anyone have a fix for this? runs fine on my windows box but my OSX box is giving me problems with the error.
DgtHorse
DD-WRT Novice


Joined: 15 Aug 2007
Posts: 10

PostPosted: Sun Aug 19, 2007 8:04    Post subject: Reply with quote
ok it seems to work, but once i get the code=5 error i must do
Code:
sudo ipconfig set tap0 DHCP

and then the errors go away and everything works normally.
Ozmotear
DD-WRT Novice


Joined: 18 Nov 2007
Posts: 4

PostPosted: Sun Nov 18, 2007 3:35    Post subject: This solution isn't working for me Reply with quote
This solution doesn't work for me.

I've added the script to the .conf file and set permissions, but I still get the scrolling error=5.

Manually entering " sudo ipconfigg set tap0 DHCP" into a Term window doesn't work either. When I try that the machine locks up and I get the OSX "BSOD" which forces me to hold down the power button and restart.

Anyone have any additional ideas how to get this working?

I'm running the most recent version of Tunnelblick on OSX 10.5
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Sun Nov 18, 2007 5:31    Post subject: Reply with quote
You might try installing the updated tun and tap kernel extensions.

http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
DgtHorse
DD-WRT Novice


Joined: 15 Aug 2007
Posts: 10

PostPosted: Sun Nov 18, 2007 19:11    Post subject: Reply with quote
placebo wrote:
You might try installing the updated tun and tap kernel extensions.

http://www-user.rhrk.uni-kl.de/~nissler/tuntap/


Same issue here with the latest tun/tap kernel extension Sad
Always getting "write to TUN/TAP : Input/output error (code=5)"

i must go to the terminal and manually run "sudo ipconfig set tap0 DHCP" in order for it to work.
Ozmotear
DD-WRT Novice


Joined: 18 Nov 2007
Posts: 4

PostPosted: Wed Nov 21, 2007 21:24    Post subject: Reply with quote
placebo wrote:
You might try installing the updated tun and tap kernel extensions.

http://www-user.rhrk.uni-kl.de/~nissler/tuntap/


That was a step in the right direction.

My results are the same as DgtHorse in that I have to manually set tap0 to use DHCP, but after about 5 seconds the connection resets and tunnelblick goes through the process of connecting again. Only to arrive back at error=5.
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Thu Nov 22, 2007 12:01    Post subject: Reply with quote
Instead of using Tunnelblick, you can compile, install, and run openvpn by hand. It's pretty straightforward. That way you'll know you're using the latest versions of everything. I do this and it works perfectly in both Leopard and Tiger.
GeorgieP
DD-WRT Novice


Joined: 24 Dec 2007
Posts: 7

PostPosted: Mon Dec 24, 2007 23:08    Post subject: Reply with quote
I have also plagued by the dreaded reoccuring " Input/output error (code=5)" error code. I have tried all the above suggestions (including compiling openvpn from src) and the result is still the same... I get the following rows. i.e. connection but no data flowing..

on Dec 24 23:46:29 2007 OpenVPN 2.0.9 i686-apple-darwin9.1.0 [SSL] [LZO] built on Dec 24 2007
Mon Dec 24 23:46:29 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Dec 24 23:46:29 2007 LZO compression initialized
Mon Dec 24 23:46:29 2007 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 24 23:46:29 2007 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 24 23:46:29 2007 Local Options hash (VER=V4): 'd79ca330'
Mon Dec 24 23:46:29 2007 Expected Remote Options hash (VER=V4): 'f7df56b8'
Mon Dec 24 23:46:29 2007 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Dec 24 23:46:29 2007 UDPv4 link local: [undef]
Mon Dec 24 23:46:29 2007 UDPv4 link remote: 83.xxx.99.yy:1194
Mon Dec 24 23:46:29 2007 TLS: Initial packet from 83.xxx.99.yy:1194, sid=2e0e3da3 2bceb2f7
Mon Dec 24 23:46:30 2007 VERIFY OK: depth=1,
Mon Dec 24 23:46:30 2007 VERIFY OK: nsCertType=SERVER
Mon Dec 24 23:46:30 2007 VERIFY OK: depth=0,
Mon Dec 24 23:46:30 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 24 23:46:30 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 24 23:46:30 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 24 23:46:30 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 24 23:46:30 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 24 23:46:30 2007 [server] Peer Connection Initiated with 83.xxx.99.yy:1194
Mon Dec 24 23:46:31 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 24 23:46:31 2007 PUSH: Received control message: 'PUSH_REPLY,ping 15,ping-restart 60'
Mon Dec 24 23:46:31 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 24 23:46:31 2007 TUN/TAP device /dev/tap0 opened
Mon Dec 24 23:46:31 2007 ./vpn-up.sh tap0 1500 1574 init
Mon Dec 24 23:46:31 2007 GID set to nobody
Mon Dec 24 23:46:31 2007 UID set to nobody
Mon Dec 24 23:46:31 2007 Initialization Sequence Completed
Mon Dec 24 23:46:33 2007 write to TUN/TAP : Input/output error (code=5)
Mon Dec 24 23:46:35 2007 write to TUN/TAP : Input/output error (code=5)
Mon Dec 24 23:46:37 2007 write to TUN/TAP : Input/output error (code=5)
Mon Dec 24 23:46:39 2007 write to TUN/TAP : Input/output error (code=5)


I have noticed that by logging in as su and typing the line ipconfig_set tap0 DHCP the connection is reset and the goes through the initiation sequence, only to result in the same neverending Input/output errors.. Note the above log is taken from my home compiled openvpn, but i am getting the same problem with tunnelblick.

Does anyone have any suggestions? things i could test or look at to come further forward on this?

/DD-WRT R24.RC3, OSX 10.5.1


-
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum