|
|
Ouyang, Okay, if I understand you correctly you are saying that you can ping _through_ 192.168.201.2 to another machine but you cannot ping it directly. And the "RRRRR" received on 192.168.201.2 when you try to ping it directly indicates that OpenVPN is receiving the ping packets via the tunnel, but they are not getting echoed back. Are you sure you have "iptables -A INPUT" rules as well as "iptables -A FORWARD" rules for the tap dev? You might also try "tcpdump -i tap[n]" on 192.168.201.2 to see how far the ping packets are getting before they are dropped. Also, since you are not bridging, make sure on the linux side that the tap subnet is totally distinct from the local ethernet subnet. James oyk <oyk@xxxxxxxxxxx> said: > Hi£¬James Yonan > Thank your help. > Today, I am in the lab, so I test the openvpn between two subnetworks. > The client side is a WindowsXP box, and the server side is a linux box, which is another subnetwork's gateway. > 192.168.201.2(linux boxB) -- 192.1.68.201.1 && 10.1.0.232 (linux boxA)------- 10.1.0.176(windows xp) > On the xp box, > remote 10.1.0.232 > dev tap > dev-node my-tap > secret key.txt > ping 10 > verb 5 > > myroute.bat > route add 192.168.201.0 mask 255.255.255.0 192.168.1.2 > > On the linux boxA, > remote 10.1.1.176 > dev tap > up ./tap.up > secret key.txt > verb 5 > > and the tap.up: > #!/bin/bash > ifconfig $1 192.168.1.1 netmask 255.255.255.0 mtu $2 > > About the iptables: > I write the firewall rules based on sample-config-files/firewall.sh. I can ping from 192.168.201.2 to the > network 10.1.0.0/23. From my xp box, I can ping 192.168.201.1, but I can not ping the 192.168.201.2 box. > When I ping 192.168.1.1 or 192.168.201.1 from 10.1.0.176, both sides show RWRW..... > When I ping 192.168.201.2 from 10.1.0.176, the client side shows WWWW...., and the server side shows RRRRR.... > What's problem about my configuration? If it is the filewall rule problem, why can I ping 192.168.201.1? > > Thank you! > Best Regards > Ouyang Kai > >Ouyang, > > > >You have some errors in your configuration. You should try to follow one of > >the Windows <-> Linux examples in the Windows README as closely as possible, > >as these examples are known to work. > > > >First of all you, you have --dev tap on one end and --dev tun on the other. > >This alone will kill the tunnel. If Windows is involved in the link, you need > >to have --dev tap on each side of the connection, at least until a tun device > >is implemented for Windows (which hasn't happened yet). > > > >On windows you set the TAP-Win32 adapter IP address using either the network > >control panel or the netssh command. This is discussed in the OpenVPN Windows > >README: > > > >http://openvpn.sourceforge.net/install32.html > > > >On FreeBSD you need to have an --up script as well to configure the tap device > >(The --ifconfig option on OpenVPN is just a helper for the ifconfig command -- > >but it does not do TAP devices yet). You need to adapt the --up script used > >in the README from Linux to FreeBSD. The conversion is really just making > >sure the format of the ifconfig command is correct for FreeBSD (annoyingly, > >ifconfig tends to have to have small incompatibilities across different OSes). > > > >Once you get this worked out, run with --verb 5 on each side and you will get > >'R' and 'W' chars output for each packet read and written. If you get 'R' > >chars on each end of the connection, it means that both sides are actually > >talking to each other. > > > >James > > > > > > -- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |