Re: [Openvpn-users] problem with connecting to private network

[samwun <samwun@xxxxxxxxxxxxxxxx>]

Ping from 192.168.2.2 (the windows xp) machine to 172.16.0.1 works while 
ssh failed.

samwun wrote:

> Dear all,
>
> I have setup openvpn p-t-p connection between tow openvpn gateways and 
> running fine when executing connection from the openvpn gateway.
> But when I tried to connect to a remote openvpn server thru a client 
> behind the openvpn gateway, the connection failed. Here is the diagram:
>
> 172.16.0.1 --- 192.168.1.91 (redhat 9.0)<---> 192.168.1.1(freeBSD 4.9) 
> --- 192.168.2.1 --- 192.168.2.2 (WindowsXP client)
>
> where 192.168.1.91 (redhat 9.0) and 192.168.1.1 (freeBSD 4.9) are two 
> openvpn gateways,
> 172.16.0.1 is an alias IP address of 192.168.1.91. ( because lack of 
> nework card)
> 192.168.2.1 is a second nework card in the same box of 192.168.1.1 
> (freeBSD).
> 192.168.2.2 (WindowsXP) is a client machine without OpenVPN installed 
> and sit behind 192.168.1.1 gateway.
>
> The connection from 192.168.1.1 to 172.16.0.1 usingi ssh works fine:
> root@fbsd [2:46am] [/etc/openvpn]# ssh 172.16.0.1
> root@xxxxxxxxxx's password:
>
> ip forwarding in Redhat is turnned on:
> root@redhat [12:36am] [/etc/openvpn]# cat /proc/sys/net/ipv4/ip_forward
> 1
> ip forwarding in FreeBSD is also turned on:
> root@fbsd [2:52am] [/etc/openvpn]# sysctl -a | grep forward
> net.inet.ip.forwarding: 1
>
> But login attempt  from 192.168.2.2 (windows xp) to 172.16.0.1 is failed.
>
> What is wrong with the configuration I have in 2 openvpn gateways?
>
> The configuration of OpenVPN in either machine is as follow:
> FreeBSD:
> =======
> /etc/openvpn/server.conf:
> remote   192.168.1.91
> #proto      upd
> port        5000
> dev         tun3
>
> ifconfig   192.168.2.1 172.16.0.1
> up /etc/openvpn/home.up
>
> user nobody
> group nobody
>
> #comp-lzo
> ping 10
> verb 9
>
> /etc/openvpn/home.up:
> #!/bin/bash
> route add -net 172.16.0 192.168.1.1 255.255.255.0
>
> result of ifconfig -a in freeBSD:
> root@fbsd [2:45am] [/etc/openvpn]# ifconfig -a
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>        inet6 fe80::202:b3ff:febb:a7a5%fxp0 prefixlen 64 scopeid 0x1
>        ether 00:02:b3:bb:a7:a5
>        media: Ethernet autoselect (10baseT/UTP)
>        status: active
> fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
>        inet6 fe80::202:b3ff:fe8a:c348%fxp1 prefixlen 64 scopeid 0x2
>        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
>        ether 00:02:b3:8a:c3:48
>        media: Ethernet autoselect (10baseT/UTP)
>        status: active
> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>        inet6 ::1 prefixlen 128
>        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>        inet 127.0.0.1 netmask 0xff000000
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> tun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>        inet6 fe80::202:b3ff:febb:a7a5%tun3 prefixlen 64 scopeid 0x8
>        inet 192.168.2.1 --> 172.16.0.1 netmask 0xffffffff
>        Opened by PID 264
>
> Redhat:
> ======
> /etc/openvpn/server.conf:
> remote   192.168.1.1
> #proto      upd
> port        5000
> dev         tun0
>
> ifconfig   172.16.0.1 192.168.2.1
> up /etc/openvpn/home.up
>
> user nobody
> group nobody
>
> #comp-lzo
> ping 10
> verb 9
>
> /etc/openvpn/home.up:
> #!/bin/bash
> route add -net 192.168.2.0 netmask 255.255.255.0 gw $5
>
> result of ipconfig -a in Redhat:
> root@redhat [12:34am] [/etc/openvpn]# ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:90:27:57:59:8C          inet 
> addr:192.168.1.91  Bcast:192.168.1.255  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:7908 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:6289 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:2065 txqueuelen:100
>          RX bytes:1112845 (1.0 Mb)  TX bytes:1205461 (1.1 Mb)
>          Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038
>
> eth0:0    Link encap:Ethernet  HWaddr 00:90:27:57:59:8C          inet 
> addr:172.16.0.1  Bcast:172.16.0.255  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:153 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)
>          Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038
>
> lo        Link encap:Local Loopback          inet addr:127.0.0.1  
> Mask:255.0.0.0
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>          RX packets:184 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:112144 (109.5 Kb)  TX bytes:112144 (109.5 Kb)
>
> tun0      Link encap:Point-to-Point Protocol          inet 
> addr:172.16.0.1  P-t-P:192.168.2.1  Mask:255.255.255.255
>          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>          RX packets:153 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)
>
> Thanks
> Sam


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users