|
|
Ouyang, You have some errors in your configuration. You should try to follow one of the Windows <-> Linux examples in the Windows README as closely as possible, as these examples are known to work. First of all you, you have --dev tap on one end and --dev tun on the other. This alone will kill the tunnel. If Windows is involved in the link, you need to have --dev tap on each side of the connection, at least until a tun device is implemented for Windows (which hasn't happened yet). On windows you set the TAP-Win32 adapter IP address using either the network control panel or the netssh command. This is discussed in the OpenVPN Windows README: http://openvpn.sourceforge.net/install32.html On FreeBSD you need to have an --up script as well to configure the tap device (The --ifconfig option on OpenVPN is just a helper for the ifconfig command -- but it does not do TAP devices yet). You need to adapt the --up script used in the README from Linux to FreeBSD. The conversion is really just making sure the format of the ifconfig command is correct for FreeBSD (annoyingly, ifconfig tends to have to have small incompatibilities across different OSes). Once you get this worked out, run with --verb 5 on each side and you will get 'R' and 'W' chars output for each packet read and written. If you get 'R' chars on each end of the connection, it means that both sides are actually talking to each other. James oyk <oyk@xxxxxxxxxxx> said: > Hi£¬James Yonan > I want to setup a vpn between my home box(Windows xp + sp1) and my lab(the gateway and firewall box is FreeBSD4.8), but I failed. > I have setup a vpn successfully between two linux boxes(linux-2.4.21). > Both my home box and my lab gateway are public IPs. > Assume: > my home box ip is(1.2.3.4) and the lab gateway is (1.2.5.6), both boxes installed openvpn-1.5beta5. The tunnel IPs both my lab gateway > and my home box are 192.168.1.1 and 192.168.1.2. > Configuration: > The home box(static_home.ovpn): > remote 1.2.5.6 > dev tap > dev-node my-tap > secret key.txt > ping 10 > verb 3 > I have modified the connection name to "my-tap", and set IP 192.168.1.2. > myroute.bat: "route add 10.1.0.0 mask 255.255.254.0 192.168.1.2" (10.1.0.0/23 is my lab subnetwork) > > The lab gateway: > remote 1.2.3.4 #I think it is not necessary, right? > ifconfig 192.168.1.1 192.168.1.2 > dev tun > secret key.txt > verb 3 > > The two key.txt files are the same. > > Now, I run the openvpn on both box, it print normal information, but I can not ping 192.168.1.1/2. So I can not do anything. > From winxp connection states, it displays the connection is ok. > > Another test based on SSL/TLS, > My lab config: > remote 1.2.3.4 > dev tun > ifconfig 192.168.1.1 192.168.1.2 > tls-server > dh dh1024.pem > ca my-ca.crt > cert office.crt > key office.key > proto tcp-server > port 3000 > verb 3 > > My home config: > remote 1.2.5.6 > dev tap > dev-node my-tap > tls-server > dh dh1024.pem > ca my-ca.crt > cert home.crt > key home.key > proto tcp-client > port 3000 > verb 3 > > The result is the same as the static method. > > Best Regards > Ouyang Kai > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |