[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] problem with connecting to private network

  • Subject: Re: [Openvpn-users] problem with connecting to private network
  • From: samwun <samwun@xxxxxxxxxxxxxxxx>
  • Date: Sat, 15 May 2004 11:16:42 +0800
Julio Maidanik wrote:

Hi,
Your configuration seems wrong.




The configuration of OpenVPN in either machine is as follow:
FreeBSD:
=======
remote   192.168.1.91
#proto      upd
port        5000
dev         tun3

ifconfig   192.168.2.1 172.16.0.1




In your ifconfig the IP adresses should be  the tun  addresses of the
endpoints.
As far as I understand 192.168.2.1 is the LAN address of your gateway (as
192.168.2.2. is the WinXP on that same LAN), so the tun address should not
be the same as your LAN address.

The same holds true for the other gateway, in general you need three sets of
addresses, each on different subnets (network address):
1) local and remote - real IPs connecting to the internet, or the WAN (as
seems to be your case)
2) tun addresses - virtual private IPs making the tunnel, which should not
interfere with any of the other network address.
Those are the addresses which are defined on ifconfig.
3) LAN addresses - real private IPs. If not bridging both LANs have to have
subnet addresses.
To enable access to those addresses, they need to be entered in the route
command, using tun endpoint as gateway.

In short, IMHO, you need two  tun addresses, one for each endpoint of the
tunnel, for example
192.168.0.1 and 192.168.0.2



thanks for your help, I have changed the ifconfig in the server.conf according what you described:
in FreeBSD:
==========
remote 192.168.1.91
#proto upd
port 5000
dev tun3

ifconfig   192.168.0.2 192.168.0.1
up /etc/openvpn/home.up
down /etc/openvpn/home.down

user nobody
group nobody

#comp-lzo
ping 10
verb 9

In Redhat:
=========
remote   192.168.1.1
#proto      upd
port        5000
dev         tun0

ifconfig   192.168.0.1 192.168.0.2
up /etc/openvpn/home.up
down /etc/openvpn/home.down

user nobody
group nobody

#comp-lzo
ping 10
verb 9

Now, ping from FreeBSD to Redhat does not receive echo, but Ping from Redhat to FreeBSD dose fine.

How can I further investigate this problem?

Sam

Julio
----- Original Message ----- From: "samwun" <samwun@xxxxxxxxxxxxxxxx>
To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, May 14, 2004 1:06 PM
Subject: [Openvpn-users] problem with connecting to private network




Dear all,

I have setup openvpn p-t-p connection between tow openvpn gateways and
running fine when executing connection from the openvpn gateway.
But when I tried to connect to a remote openvpn server thru a client
behind the openvpn gateway, the connection failed. Here is the diagram:

172.16.0.1 --- 192.168.1.91 (redhat 9.0)<---> 192.168.1.1(freeBSD 4.9)
--- 192.168.2.1 --- 192.168.2.2 (WindowsXP client)

where 192.168.1.91 (redhat 9.0) and 192.168.1.1 (freeBSD 4.9) are two
openvpn gateways,
172.16.0.1 is an alias IP address of 192.168.1.91. ( because lack of
nework card)
192.168.2.1 is a second nework card in the same box of 192.168.1.1
(freeBSD).
192.168.2.2 (WindowsXP) is a client machine without OpenVPN installed
and sit behind 192.168.1.1 gateway.

The connection from 192.168.1.1 to 172.16.0.1 usingi ssh works fine:
root@fbsd [2:46am] [/etc/openvpn]# ssh 172.16.0.1
root@xxxxxxxxxx's password:

ip forwarding in Redhat is turnned on:
root@redhat [12:36am] [/etc/openvpn]# cat /proc/sys/net/ipv4/ip_forward
1
ip forwarding in FreeBSD is also turned on:
root@fbsd [2:52am] [/etc/openvpn]# sysctl -a | grep forward
net.inet.ip.forwarding: 1

But login attempt  from 192.168.2.2 (windows xp) to 172.16.0.1 is failed.

What is wrong with the configuration I have in 2 openvpn gateways?

The configuration of OpenVPN in either machine is as follow:
FreeBSD:
=======
/etc/openvpn/server.conf:
remote   192.168.1.91
#proto      upd
port        5000
dev         tun3

ifconfig   192.168.2.1 172.16.0.1
up /etc/openvpn/home.up

user nobody
group nobody

#comp-lzo
ping 10
verb 9

/etc/openvpn/home.up:
#!/bin/bash
route add -net 172.16.0 192.168.1.1 255.255.255.0

result of ifconfig -a in freeBSD:
root@fbsd [2:45am] [/etc/openvpn]# ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
       inet6 fe80::202:b3ff:febb:a7a5%fxp0 prefixlen 64 scopeid 0x1
       ether 00:02:b3:bb:a7:a5
       media: Ethernet autoselect (10baseT/UTP)
       status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
       inet6 fe80::202:b3ff:fe8a:c348%fxp1 prefixlen 64 scopeid 0x2
       inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
       ether 00:02:b3:8a:c3:48
       media: Ethernet autoselect (10baseT/UTP)
       status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
       inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
       inet6 fe80::202:b3ff:febb:a7a5%tun3 prefixlen 64 scopeid 0x8
       inet 192.168.2.1 --> 172.16.0.1 netmask 0xffffffff
       Opened by PID 264

Redhat:
======
/etc/openvpn/server.conf:
remote   192.168.1.1
#proto      upd
port        5000
dev         tun0

ifconfig   172.16.0.1 192.168.2.1
up /etc/openvpn/home.up

user nobody
group nobody

#comp-lzo
ping 10
verb 9

/etc/openvpn/home.up:
#!/bin/bash
route add -net 192.168.2.0 netmask 255.255.255.0 gw $5

result of ipconfig -a in Redhat:
root@redhat [12:34am] [/etc/openvpn]# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:90:27:57:59:8C
         inet addr:192.168.1.91  Bcast:192.168.1.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:7908 errors:0 dropped:0 overruns:0 frame:0
         TX packets:6289 errors:0 dropped:0 overruns:0 carrier:0
         collisions:2065 txqueuelen:100
         RX bytes:1112845 (1.0 Mb)  TX bytes:1205461 (1.1 Mb)
         Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038

eth0:0    Link encap:Ethernet  HWaddr 00:90:27:57:59:8C
         inet addr:172.16.0.1  Bcast:172.16.0.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:153 errors:0 dropped:0 overruns:0 frame:0
         TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)
         Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:184 errors:0 dropped:0 overruns:0 frame:0
         TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:112144 (109.5 Kb)  TX bytes:112144 (109.5 Kb)

tun0      Link encap:Point-to-Point Protocol
         inet addr:172.16.0.1  P-t-P:192.168.2.1  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:153 errors:0 dropped:0 overruns:0 frame:0
         TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)

Thanks
Sam






____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users