Re: [Openvpn-users] Routing problem on routed VPN (more the 2 networks)

[Alex <postfix@xxxxxxxxxx>]

Hi again,

I solved ping problem enabling ip_forward on VPNS server. I have ping 
between all Computers connected to VPNS server.

The rest of problems still remain unsolved.

Is normal that Default Gateway  field to be empty on tap-vpn client 
virtual interface? Why WindowsXp can't see VPNS-WORKGROUP from samba 
wins server installed on VPNS server? Why i can't browse through 
Microsoft Windows Network?

Also, ovpn.conf directives from VPNS server:
push "route-gateway 10.1.0.1"
push "route 10.1.0.0 255.255.255.0 10.1.0.1"
seems to have no effect on my clients.

Any ideas?

Regards,
Alex

Postfix Mailing List wrote:

> Hi all,
> Please let me very verbose in my explanation and don't delete hurry 
> this email...
> I am trying to setup a VPN Server connection between N>2 networks.
> Each network has almost the same configuration as you see below:
> LAN1 Stations ------- eth1 (192.168.0.1/24)--|GR1|--eth0 (82.75.32.12/24)
> GR1 is a linuxbox which has 2 network interface (eth0, eth1) and is 
> acting as router/gateway for internal net, Lan1.
> I setup a dedicated computer located in our public network 
> 82.75.32.12.0/24(named here VPNS) to act as VPN server (is a linuxbox 
> too) which has only one network card and is used to handle all VPN 
> connections through it.
> LAN1---- eth1---|GR1|-----eth0
> IP Public eth0 82.75.32.12/24
> IP Privat eth1 192.168.1.1/24, gateway and WINS server for LAN1
> LAN1: 192.168.1.0/24
> LAN2---- eth1---|GR2|-----eth0
> IP Public eth0 82.75.32.13/24
> IP Privat eth1 192.168.2.1/24, gateway and WINS server for LAN2
> LAN2: 192.168.2.0/24
> VPNS (only one ethernet card)
> IP Public: 82.75.32.100/24
> In my setup, has been used 10.1.0.0/24 as OPENVPN virtual network class.
> Here comes ovpn.conf from our linux VPNS:
> ### ovpn.conf ###
> port 1194
> proto udp
> dev tap
> mode server
> tls-server
> dh dh2048.pem
> tls-auth ta.key 0
> ca ca.crt
> cert server_cert.crt
> key server_cert.key
> # Define the server's virtual address and subnet
> ifconfig 10.1.0.1 255.255.255.0
> # Pool of IP addresses used by OpenVPN's DHCP server to be allocated
> ifconfig-pool 10.1.0.100 10.1.0.150 255.255.255.0
> # Push default gateway
> push "route-gateway 10.1.0.1"
> # Push route to clients to bind it to our local virtual endpoint
> push "route 10.1.0.0 255.255.255.0 10.1.0.1"
> # Push DNS server entries to openvpn clients
> push "dhcp-option DNS 10.1.0.1"
> # Push WINS server entries to openvpn clients
> push "dhcp-option WINS 10.1.0.1"
> mtu-test
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1450
> keepalive 10 60
> client-to-client
> duplicate-cn
> user nobody
> group nobody
> persist-key
> persist-tun
> comp-lzo
> verb 4
> In our internal LAN, are Windows computers (2k and XP):
> On each networked windows station, i installed 
> openvpn-2.0_rc16-gui-1.0-rc4-install.exe, and client config file is 
> comming here:
> ### global-client.ovpn windows ###
> client
> port 1194
> proto udp
> dev tap
> remote 82.75.32.100
> tls-client
> dev-node tap-vpn
> ns-cert-type server
> ca ca.crt
> cert client.crt
> key client.key
> tls-auth ta.key 1
> pull
> mtu-test
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1450
> comp-lzo
> verb 4
> What is happen now:
> Connection from CompA (a W2K station, located in LAN1) to VPNS is 
> working fine. On VPNS i installed samba and configured as WINS server 
> for 10.1.0.0/24 virtual network.
> ping from VPNS (10.1.0.1) to CompA (10.1.0.105) ok
> ping from CompA (10.1.0.5) to VPNS (10.1.0.101) ok
> OpenVPN's DHCP server is working too ...
> se below what see ipconfig /all on CompA
> Ethernet adapter tap-vpn:
>       Connection-specific DNS Suffix  . :
>       Description . . . . . . . . . . . : TAP-Win32 Adapter V8
>       Physical Address. . . . . . . . . : 00-FF-D1-E6-89-EE
>       DHCP Enabled. . . . . . . . . . . : Yes
>       Autoconfiguration Enabled . . . . : Yes
>       IP Address. . . . . . . . . . . . : 10.1.0.105
>       Subnet Mask . . . . . . . . . . . : 255.255.255.0
>       Default Gateway . . . . . . . . . :
>       DHCP Server . . . . . . . . . . . : 10.1.0.0
>       DNS Servers . . . . . . . . . . . : 10.1.0.1
>       Primary WINS Server . . . . . . . : 10.1.0.1
>       Lease Obtained. . . . . . . . . . : 4 martie 2005 17:44:43
>       Lease Expires . . . . . . . . . . : 4 martie 2006 17:44:43
> Ethernet adapter Local Area Connection:
>       Connection-specific DNS Suffix  . :
>       Description . . . . . . . . . . . : Xircom CardBus Ethernet II
>       Physical Address. . . . . . . . . : xxxxxxxxxxx
>       DHCP Enabled. . . . . . . . . . . : No
>       IP Address. . . . . . . . . . . . : 192.168.1.74
>       Subnet Mask . . . . . . . . . . . : 255.255.255.0
>       Default Gateway . . . . . . . . . : 192.168.1.1
>       DNS Servers . . . . . . . . . . . : 193.226.0.1
>                                           80.97.0.1
>       Primary WINS Server . . . . . . . : 192.168.1.1
> I can see booth VPNS-WORKGROUP and LAN1-WORKGROUP in Microsoft Windows 
> Network, and i can acces shares from SAMBA filserver from VPNS server.
> If another computer CompB located in LAN1 is accesing the server (and 
> will lease for ex IP 10.1.0.4 from VPNS), i have problems:
> - no ping between CompA and CompB
> - ping only between CompB and VPNS or from VPNS to CompB
> - if CompB is a WinXP, just LAN1-WORKGROUP is apearing in Microsoft 
> Windows Network, VPNS-WORKGROUP being invisible, but ....i can access 
> shares from VPNS typeing direct name of samba share, for example: 
> \\fileserver
> If another WindowsXP computer CompC located in LAN2 is connecting to 
> VPNS, i will have the same problem:
> - no ping from CompC (LAN2) to CompA or CompB (LAN1) ... just to/from 
> VPNS
> - just LAN2-WORKGROUP is apearing in Microsoft Windows Network, 
> VPNS-WORKGROUP being invisible, but i can access \\fileserver as above
> OBS: All windows computers used for test has firewall disabled!
> As you can see, it seems to be a problem with routes on each VPN 
> client, but i have no idea what is wrong, where and/or what is 
> missing. Can anybody help me?
> Regards,
> Alex
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users