[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] problem with connecting to private network

  • Subject: Re: [Openvpn-users] problem with connecting to private network
  • From: "Julio Maidanik" <juliomaidanik@xxxxxxxxxxx>
  • Date: Fri, 14 May 2004 17:23:52 -0300
Hi,
Your configuration seems wrong.


> The configuration of OpenVPN in either machine is as follow:
> FreeBSD:
> =======
> remote   192.168.1.91
> #proto      upd
> port        5000
> dev         tun3
>
> ifconfig   192.168.2.1 172.16.0.1
>

In your ifconfig the IP adresses should be  the tun  addresses of the
endpoints.
As far as I understand 192.168.2.1 is the LAN address of your gateway (as
192.168.2.2. is the WinXP on that same LAN), so the tun address should not
be the same as your LAN address.

The same holds true for the other gateway, in general you need three sets of
addresses, each on different subnets (network address):
1) local and remote - real IPs connecting to the internet, or the WAN (as
seems to be your case)
2) tun addresses - virtual private IPs making the tunnel, which should not
interfere with any of the other network address.
Those are the addresses which are defined on ifconfig.
3) LAN addresses - real private IPs. If not bridging both LANs have to have
subnet addresses.
To enable access to those addresses, they need to be entered in the route
command, using tun endpoint as gateway.

In short, IMHO, you need two  tun addresses, one for each endpoint of the
tunnel, for example
192.168.0.1 and 192.168.0.2

Julio
----- Original Message ----- 
From: "samwun" <samwun@xxxxxxxxxxxxxxxx>
To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, May 14, 2004 1:06 PM
Subject: [Openvpn-users] problem with connecting to private network


> Dear all,
>
> I have setup openvpn p-t-p connection between tow openvpn gateways and
> running fine when executing connection from the openvpn gateway.
> But when I tried to connect to a remote openvpn server thru a client
> behind the openvpn gateway, the connection failed. Here is the diagram:
>
> 172.16.0.1 --- 192.168.1.91 (redhat 9.0)<---> 192.168.1.1(freeBSD 4.9)
> --- 192.168.2.1 --- 192.168.2.2 (WindowsXP client)
>
> where 192.168.1.91 (redhat 9.0) and 192.168.1.1 (freeBSD 4.9) are two
> openvpn gateways,
> 172.16.0.1 is an alias IP address of 192.168.1.91. ( because lack of
> nework card)
> 192.168.2.1 is a second nework card in the same box of 192.168.1.1
> (freeBSD).
> 192.168.2.2 (WindowsXP) is a client machine without OpenVPN installed
> and sit behind 192.168.1.1 gateway.
>
> The connection from 192.168.1.1 to 172.16.0.1 usingi ssh works fine:
> root@fbsd [2:46am] [/etc/openvpn]# ssh 172.16.0.1
> root@xxxxxxxxxx's password:
>
> ip forwarding in Redhat is turnned on:
> root@redhat [12:36am] [/etc/openvpn]# cat /proc/sys/net/ipv4/ip_forward
> 1
> ip forwarding in FreeBSD is also turned on:
> root@fbsd [2:52am] [/etc/openvpn]# sysctl -a | grep forward
> net.inet.ip.forwarding: 1
>
> But login attempt  from 192.168.2.2 (windows xp) to 172.16.0.1 is failed.
>
> What is wrong with the configuration I have in 2 openvpn gateways?
>
> The configuration of OpenVPN in either machine is as follow:
> FreeBSD:
> =======
> /etc/openvpn/server.conf:
> remote   192.168.1.91
> #proto      upd
> port        5000
> dev         tun3
>
> ifconfig   192.168.2.1 172.16.0.1
> up /etc/openvpn/home.up
>
> user nobody
> group nobody
>
> #comp-lzo
> ping 10
> verb 9
>
> /etc/openvpn/home.up:
> #!/bin/bash
> route add -net 172.16.0 192.168.1.1 255.255.255.0
>
> result of ifconfig -a in freeBSD:
> root@fbsd [2:45am] [/etc/openvpn]# ifconfig -a
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>         inet6 fe80::202:b3ff:febb:a7a5%fxp0 prefixlen 64 scopeid 0x1
>         ether 00:02:b3:bb:a7:a5
>         media: Ethernet autoselect (10baseT/UTP)
>         status: active
> fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
>         inet6 fe80::202:b3ff:fe8a:c348%fxp1 prefixlen 64 scopeid 0x2
>         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
>         ether 00:02:b3:8a:c3:48
>         media: Ethernet autoselect (10baseT/UTP)
>         status: active
> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>         inet 127.0.0.1 netmask 0xff000000
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> tun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>         inet6 fe80::202:b3ff:febb:a7a5%tun3 prefixlen 64 scopeid 0x8
>         inet 192.168.2.1 --> 172.16.0.1 netmask 0xffffffff
>         Opened by PID 264
>
> Redhat:
> ======
> /etc/openvpn/server.conf:
> remote   192.168.1.1
> #proto      upd
> port        5000
> dev         tun0
>
> ifconfig   172.16.0.1 192.168.2.1
> up /etc/openvpn/home.up
>
> user nobody
> group nobody
>
> #comp-lzo
> ping 10
> verb 9
>
> /etc/openvpn/home.up:
> #!/bin/bash
> route add -net 192.168.2.0 netmask 255.255.255.0 gw $5
>
> result of ipconfig -a in Redhat:
> root@redhat [12:34am] [/etc/openvpn]# ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:90:27:57:59:8C
>           inet addr:192.168.1.91  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:7908 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:6289 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:2065 txqueuelen:100
>           RX bytes:1112845 (1.0 Mb)  TX bytes:1205461 (1.1 Mb)
>           Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038
>
> eth0:0    Link encap:Ethernet  HWaddr 00:90:27:57:59:8C
>           inet addr:172.16.0.1  Bcast:172.16.0.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:153 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)
>           Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:184 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:112144 (109.5 Kb)  TX bytes:112144 (109.5 Kb)
>
> tun0      Link encap:Point-to-Point Protocol
>           inet addr:172.16.0.1  P-t-P:192.168.2.1  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:153 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)
>
> Thanks
> Sam
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: SourceForge.net Broadband
> Sign-up now for SourceForge Broadband and get the fastest
> 6.0/768 connection for only $19.95/mo for the first 3 months!
> http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users