Re: [Openvpn-users] can ping and dns, but not pop or rdp.

[Erich Titl <erich.titl@xxxxxxxx>]

Hi

just a shot in the dark, you did not tell us about your internet 
connection, could it be a fragmentation issue?
Did you set CLAMPMSS in shorewall.conf

cheers

Erich

Milton R. Calnek wrote:

> Hi all,
>
> I'm having trouble making openvpn to allow tcp connections.
>
> Here's my layout:
>
> winxp --------+
> linux wkstn --+
> win2k server -+-- openvpn server --+ internet
>
> win2k wkstn --+-- openvpn client --+ internet
>
> The ultimate goal is to allow the win2k wkstn to use the exchange server
> on the win2k server and for the linux wkstn to rdp to the win2k wkstn.
>
> What works:
> Ping from win2k wkstn to win2k server
> Nslookup from win2k wkstn to win2k server
>
> Ping from linux wkstn to win2k wkstn
> [root@mrcwkstn nmap]# ping -f -s 1400 172.20.5.3
> PING 172.20.5.3 (172.20.5.3) 1400(1428) bytes of data.
> ........        
> --- 172.20.5.3 ping statistics ---
> 1071 packets transmitted, 1063 received, 0% packet loss, time 15405ms
> rtt min/avg/max/mdev = 31.857/74.165/192.469/33.227 ms, pipe 15,
> ipg/ewma 14.398/47.322 ms
>
>
> Openvpn server:
> RH Linux 9.
> Openvpn 2-rc16
> Shorewall 2.0.10
>
> Shorewall configuration:
> Policy
> #SOURCE         DEST            POLICY          LOG
> LIMIT:BURST
> #                                               LEVEL
> loc             vpn             ACCEPT
> vpn             loc             ACCEPT
> loc             all             DROP            info
> net             all             DROP            info
>
> all             all             DROP            info 
>
> interfaces
> #ZONE    INTERFACE      BROADCAST       OPTIONS
> net     eth0    detect # Relocated to hosts
> loc     eth1    detect
> vpn     tap0    detect
> vpn     tun0    detect
>
> tunnels
> # TYPE                  ZONE    GATEWAY         GATEWAY
> #                                               ZONE
> openvpn:5000    net     ip_open_vpn_client
>
> Openvpn config:
> remote ip_open_vpn_client
> port 5000
> dev tun0
> ifconfig 192.168.0.1 192.168.0.2
> #dev tap0
> #ifconfig 192.168.0.1 255.255.255.252
> route 172.20.5.0 255.255.255.0 192.168.0.2
> secret keys/stoon.key
> ping 10
> comp-lzo
> verb 3
>
> Openvpn client
> Redhat linux 9
> Shorewall 2.0.10
> Openvpn 2-rc16
>
> Shorewall config:
> Policy
> #SOURCE         DEST            POLICY          LOG
> LIMIT:BURST
> #                                               LEVEL
> loc     vpn     ACCEPT
> loc     net     ACCEPT
>
> vpn     loc     ACCEPT
> vpn     net     REJECT
>
> net     all     DROP    info
>
> all     all     DROP    info 
> #LAST LINE -- DO NOT REMOVE
>
> tunnels
> openvpn:5000    net     ip_of_openvpn_server
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> interfaces
> #ZONE    INTERFACE      BROADCAST       OPTIONS
> #
> net     eth0    detect
> norfc1918,nobogons,routefilter,blacklist,tcpflags,routeback,nosmurfs
> loc     eth1    detect  routefilter,tcpflags,routeback,detectnets
> vpn     tap0    detect
> vpn     tun0    detect
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> Openvpn config:
> remote ip_of_openvpn_server
> port 5000
> dev tun0
> ifconfig 192.168.0.2 192.168.0.1
> #dev tap0
> #ifconfig 192.168.0.2 255.255.255.252
> route 198.73.67.0 255.255.255.0 192.168.0.1
> secret keys/regina.key
> ping 10
> comp-lzo
> verb 1
> mute 10
>
> --
> Milton Calnek
> mcalnek@xxxxxxxxxx
> +1 306 359 6939
>
>
>
> --
> DISCLAIMER: The information transmitted is intended only for the 
> addressee and may contain confidential, proprietary and/or privileged 
> material. Any unauthorized review, distribution or other use of or 
> the taking of any action in reliance upon this information is 
> prohibited. If you received this in error, please contact the sender 
> and delete or destroy this message and any copies.  
>
>  



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users