[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] openvpn 2.0_beta7 routing problem

Subject: [Openvpn-users] openvpn 2.0_beta7 routing problem
From: Thomas Delaet <thomas@xxxxxxxxxx>
Date: Sat, 10 Jul 2004 11:23:32 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm having some trouble getting my OpenVPN configuration running.
I'm using OpenVPN 2.0_beta7 on OpenBSD 3.5. This is the my setup:
2 computers in one LAN (uranus & pluto).
They both have a 10.0.0.x address on the real network interface.
Pluto will be the server and has the following config file:
port 5000
dev tun0
tls-server
ca /etc/ssl/certs/ca.crt
cert /etc/ssl/certs/me.crt
key /intra.net/pluto/secrets/ssl/host/me.key
dh /intra.net/pluto/secrets/ssl/dh1024.pem
mode server
user nobody
group nobody
ping 10
ping-restart 120
#client-to-client
route 172.23.8.0  255.255.255.0 172.23.8.2
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1400
verb 5

I set-up the tun0 device automatically on startup. This is the config for this 
device:
up
inet 172.23.8.2 255.255.255.0 NONE
dest 172.23.8.1

On Uranus (client) the config file is:
port 5000
dev tun0
tls-client
ca /etc/ssl/certs/ca.crt
cert /etc/ssl/certs/me.crt
key /intra.net/uranus/secrets/ssl/host/me.key
user nobody
group nobody
ping 10
ping-restart 120
route 172.23.8.0 255.255.255.0 172.23.8.16
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1400
verb 5
remote 10.0.0.1

The tun0 device has (as on pluto) been set-up at startup:
up
inet 172.23.8.16 255.255.255.0 NONE
dest 172.23.8.2

For testing purposes I configured the firewalls to allow all traffic on all 
interfaces. I also enabled IP-forwarding on both hosts.

However. When I startup the server on pluto and try to connect to it from 
uranus, the authentication and initial setup runs fine, I don't see any error 
messages in the log files. But when trying to ping 172.23.8.2 (tun0 ip on 
pluto - server) from uranus (client) I don't get any replies.

Using tcpdump, I can see the packets on the tun0 interface of uranus (client), 
I can see that packets are sent to pluto (port 5000, LAN interface). I can 
also see them arrive on pluto (port 5000, LAN interface). But I don't see 
them on the tun0 interface of pluto (where the replies should start imho).

I put the logs for my server (pluto) and client (uranus) online at 
http://thomas.delaet.org/openvpn-problem/.

The relevant portion of the routing table on pluto is:
172.23.8.0       172.23.8.2         UG
172.23.8.1       172.23.8.2         UH

And on uranus:
172.23.8.0       172.23.8.16        UG
172.23.8.2       172.23.8.16        UH

I hope someone has a clue about how to fix this.

Thanks a lot for any help,

Kind Regards,
- -- 
Thomas

gpgkey @ http://thomas.delaet.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFA77WXIZsL90hyEFkRArknAKCsPkcSkjf+fQ8ZMpAfkJm3CLpSWQCg4PRx
eIHUby+na8rgJOHwb1AkueE=
=67Wb
-----END PGP SIGNATURE-----


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: Re: OpenVPN's bridge algorithm, was: Re: [Openvpn-users] Seemingly inexplicable phenomena with several bridges in a full mesh
Next by Date: [Openvpn-users] How to use Windows CA for TLS
Previous by thread: Re: [Openvpn-users] Can't sign my own requests with easy-rsa.
Next by thread: [Openvpn-users] How to use Windows CA for TLS
Index(es):
- Date
- Thread