Hi All,
I have installed OpenVPN 2.0 on Linux (server) and on Windows (client)
Here is the network topology
OpenVPN 2.0 server ----------------- OpenVPN 2.0 Client
192.168.201.1 192.168.201.[100-150]
|
|
|
Local net 192.168.1.x
IP = 192.168.1.107
Here is the issue:
I can ping 192.168.201.1 but I can't for the life of me ping
192.168.1.107 (or anything in the 192.168.1.x net).
Route on the Server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.201.0 0.0.0.0 255.255.255.0 U 0 0 0
tap0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0
eth0
Route on the client:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 64.10.90.244 64.10.90.244 1
64.10.90.244 255.255.255.255 127.0.0.1 127.0.0.1 1
64.255.255.255 255.255.255.255 64.10.90.244 64.10.90.244 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
142.77.225.83 255.255.255.255 64.10.90.244 64.10.90.244 1
192.168.0.0 255.255.255.0 192.168.201.1 192.168.201.100 1
192.168.201.0 255.255.255.0 192.168.201.100 192.168.201.100 1
192.168.201.100 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.201.255 255.255.255.255 192.168.201.100 192.168.201.100 1
224.0.0.0 224.0.0.0 64.10.90.244 64.10.90.244 1
224.0.0.0 224.0.0.0 192.168.201.100 192.168.201.100 1
255.255.255.255 255.255.255.255 64.10.90.244 1000003 1
Default Gateway: 64.10.90.244
===========================================================================
Persistent Routes:
None
Here are both of my config files:
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
;dev tap
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote biond.dyndns.org 5000
;remote my-server-2 5000
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description.
ca my-ca.crt
cert home.crt
key home.key
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Set log file verbosity.
verb 4
# Silence repeating messages
;mute 20
########################
# Server side
#
#
# Sample OpenVPN configuration file for
# office using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tap
proto udp
port 5000
# 10.1.0.1 is our local VPN endpoint (office).
# 10.1.0.2 is our remote VPN endpoint (home).
; ifconfig 10.1.0.1 10.1.0.2
# Our up script will establish routes
# once the VPN is alive.
; up /etc/openvpn/office.up
# Our pre-shared static key
; secret /etc/openvpn/static.key
tls-server
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/my-ca.crt
cert /etc/openvpn/office.crt
key /etc/openvpn/office.key
#
# Server config
#
mode server
ifconfig 192.168.201.1 255.255.255.0
ifconfig-pool 192.168.201.100 192.168.201.150
push "route 192.168.0.0 255.255.255.0"
push "route-gateway 192.168.201.1"
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo
# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15
# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 4
duplicate-cn
################################
Any help is greatly appreciated.
Thanks,
Stephane.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click