|
|
Try adding "client-to-client" flag in server config :) This flag allows
client-to-client communication which is disabled by default for security reasons.
James
±è±âÅ <superp4@xxxxxxxxxxx> said:
> Hi..
>
> I using openvpn-2.0 with server mode on linux box and connect to single UDP
port from one or more client.
> But I can't ping between each client. Follow is the diagram for my VPN network.
>
> __________________________
> | Client A |
> | |
> | ( Win XP , 211.109.xx.xx, |
> | 192.168.1.5 on TAP-Win32 ) |----------------------
> |_________________________ | |
________________________________________
> | | |
> |_______________| VPN server |
> | |
> | ( Linux, 61.80.xx.xx, |
> | 192.168.1.1 on TAP0) |
> __________________________ _________________| |
> | Client B | |
|______________________________________|
> | | |
> | ( Win XP , 217.186.xx.xx, | |
> | 192.168.1.6 on TAP-Win32)|------------
> |_________________________|
>
>
> And follow is config file for server,
>
> ########################################
> # Sample OpenVPN config file for
> # multi-client udp server
> #
> # tap-style tunnel
>
> port 5000
> dev tap
>
> # TLS parms
>
> tls-server
> dh /usr/local/etc/my-openvpn-keys/dh1024.pem
> ca /usr/local/etc/my-openvpn-keys/ca.crt
> cert /usr/local/etc/my-openvpn-keys/server.crt
> key /usr/local/etc/my-openvpn-keys/server.key
>
> # Tell OpenVPN to be a multi-client udp server
> mode server
>
> # The server's virtual subnet
> ifconfig 192.168.1.1 255.255.255.0
>
> # Pool of IP addresses to be allocated to clients.
> # When a client connects, an --ifconfig command
> # will be automatically generated and pushed back to
> # the client.
> ifconfig-pool 192.168.1.5 192.168.1.255
>
> # Delete client instances after some period
> # of inactivity.
> #inactive 600
>
> # The server doesn't need privileges
> user nobody
> group nobody
>
> daemon
>
>
>
> And follow is config file for all client,
>
> #############################
> # Sample config for client
> #
> # tap style
> #
>
> port 5000
> dev tap
> remote myvpnserver.com
>
> # TLS parms
>
> tls-client
> ca ca.crt
> cert client2.crt
> key client2.key
>
> # This parm is required for connecting
> # to a multi-client server. It tells
> # the client to accept options which
> # the server pushes to us.
> pull
>
> # moderate verbosity
> verb 4
>
>
>
> On my Linux server, I can ping each client.
>
> # ping 192.168.1.5
> PING 192.168.1.5 (192.168.1.5) 56(84) bytes of data.
> 64 bytes from 192.168.1.5: icmp_seq=1 ttl=128 time=47.3 ms
> 64 bytes from 192.168.1.5: icmp_seq=2 ttl=128 time=42.0 ms
> 64 bytes from 192.168.1.5: icmp_seq=3 ttl=128 time=50.2 ms
> .
> .
>
> # ping 192.168.1.6
> PING 192.168.1.6(192.168.1.6 56(84) bytes of data.
> 64 bytes from 192.168.1.6: icmp_seq=1 ttl=128 time=47.3 ms
> 64 bytes from 192.168.1.6 icmp_seq=2 ttl=128 time=42.0 ms
> 64 bytes from 192.168.1.6 icmp_seq=3 ttl=128 time=50.2 ms
> .
> .
>
>
> But I can't ping other client on one client.
>
> On Client A (192.168.1.5),
>
> C:\> ping 192.168.1.6
> Pinging 192.168.1.6 with 32 bytes of data:
>
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
>
> Ping statistics for 192.168.1.6:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
>
>
> And can't ping to client A on client B, too. follow is the output of tcpdump
on Linux server.
>
> # tcpdump -i tap0
> tcpdump: listening on tap0
> 00:09:56.462149 arp who-has 192.168.1.5 tell 192.168.1.6
> 00:10:01.527639 arp who-has 192.168.1.5 tell 192.168.1.6
> 00:10:07.027825 arp who-has 192.168.1.5 tell 192.168.1.6
> 00:10:12.527269 arp who-has 192.168.1.5 tell 192.168.1.6
>
>
> I think can't get ARP address of each client. What's the problem?
> Please help me~
>
>
> -PS-
>
> Sorry for my poor
english.ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÓ?+��ó^µé??X¬²?'²?Þu¼ÿ:¶??ít?gqêí?ø?v?í?èh¶×¬¶Øb?�¯z»h?+m?é?®GÿÿΧ%{]
ý6¤y©Î§%{]
rV¬²z0ý©ÝÁïå?�¯{*.¶�?Å©?DAÿ?ÛiÿÿÚvÏè±Ùÿr?¿ý§ÿ?×?ÿjYhsø?ëú)rOÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿüê^?úgþë�®É??X§?X¬´ê^?úgþë�®Ïå?ËlþÊ.Ç?¢¸�þw?Ûi³ÿÿ?+-³û(º·�~?à{ùÞ·ùb²Û??+-?wèþ?^?úgþë�
>
--
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-05/msg00003.html on line 346
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-05/msg00003.html on line 346
|