|
|
Hi all, I'm having trouble making openvpn to allow tcp connections. Here's my layout: winxp --------+ linux wkstn --+ win2k server -+-- openvpn server --+ internet win2k wkstn --+-- openvpn client --+ internet The ultimate goal is to allow the win2k wkstn to use the exchange server on the win2k server and for the linux wkstn to rdp to the win2k wkstn. What works: Ping from win2k wkstn to win2k server Nslookup from win2k wkstn to win2k server Ping from linux wkstn to win2k wkstn [root@mrcwkstn nmap]# ping -f -s 1400 172.20.5.3 PING 172.20.5.3 (172.20.5.3) 1400(1428) bytes of data. ........ --- 172.20.5.3 ping statistics --- 1071 packets transmitted, 1063 received, 0% packet loss, time 15405ms rtt min/avg/max/mdev = 31.857/74.165/192.469/33.227 ms, pipe 15, ipg/ewma 14.398/47.322 ms Openvpn server: RH Linux 9. Openvpn 2-rc16 Shorewall 2.0.10 Shorewall configuration: Policy #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc vpn ACCEPT vpn loc ACCEPT loc all DROP info net all DROP info all all DROP info interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect # Relocated to hosts loc eth1 detect vpn tap0 detect vpn tun0 detect tunnels # TYPE ZONE GATEWAY GATEWAY # ZONE openvpn:5000 net ip_open_vpn_client Openvpn config: remote ip_open_vpn_client port 5000 dev tun0 ifconfig 192.168.0.1 192.168.0.2 #dev tap0 #ifconfig 192.168.0.1 255.255.255.252 route 172.20.5.0 255.255.255.0 192.168.0.2 secret keys/stoon.key ping 10 comp-lzo verb 3 Openvpn client Redhat linux 9 Shorewall 2.0.10 Openvpn 2-rc16 Shorewall config: Policy #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc vpn ACCEPT loc net ACCEPT vpn loc ACCEPT vpn net REJECT net all DROP info all all DROP info #LAST LINE -- DO NOT REMOVE tunnels openvpn:5000 net ip_of_openvpn_server #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE interfaces #ZONE INTERFACE BROADCAST OPTIONS # net eth0 detect norfc1918,nobogons,routefilter,blacklist,tcpflags,routeback,nosmurfs loc eth1 detect routefilter,tcpflags,routeback,detectnets vpn tap0 detect vpn tun0 detect #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Openvpn config: remote ip_of_openvpn_server port 5000 dev tun0 ifconfig 192.168.0.2 192.168.0.1 #dev tap0 #ifconfig 192.168.0.2 255.255.255.252 route 198.73.67.0 255.255.255.0 192.168.0.1 secret keys/regina.key ping 10 comp-lzo verb 1 mute 10 -- Milton Calnek mcalnek@xxxxxxxxxx +1 306 359 6939 -- DISCLAIMER: The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00057.html on line 313 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00057.html on line 313 |