[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] openvpn netmask query


  • Subject: Re: [Openvpn-users] openvpn netmask query
  • From: Jason Keltz <jas@xxxxxxxxxxx>
  • Date: Sat, 4 Jun 2005 07:05:49 -0400 (EDT)

On Fri, 3 June 2005, ksp - knetdome wrote:

"ifconfig-push 172.16.16.107 172.16.16.1 255.255.240.0"

172.16.16.1 is a host address, not a network address, so one thought is to change it to 172.16.16.0

---

Unfortunately, I don't think that's right either.

OpenVPN uses the second address as the pointtopoint address ..
ie. changing the above to .0 would yield..

 /sbin/ifconfig tun0 172.16.16.107 pointopoint 172.16.16.0 mtu 1500

.. which is wrong.

The 172.16.16.1 was the right address.. it's just that I can't seem to figure out how to get it to set the netmask on the interface as well.

I'm a bit confused with the syntax on ifconfig-push.

I'm using it from a client connect script. When I was using the default netmask it worked fine:

eg. ifconfig-push 10.8.0.10 10.8.0.1

Now that I am trying to use a different netmask (255.255.240.0), I can't seem to get it to work.

The man page for openvpn says the syntax is:

--ifconfig-push local remote-netmask

... then it seems like I should be pushing (in my case)
172.16.16.107  255.255.240.0, but that doesn't work either..

It doesn't seem like there is a separate netmask argument.

Most examples with ifconfig-push use the second argument to refer back to the vpn .1 primary ip.

If anyone else has any suggestions, it would be appreciated... I've been up a good part of the night playing with options and trying to figure this out on my own.. I know I'm close, but can't figure out what I'm missing!

thanks..

jas.

On Fri, 3 Jun 2005, Jason Keltz wrote:

I'm having a problem with the netmask on my OpenVPN setup and was hoping someone could help..

My netmask of 255.255.240.0 seems to get ignored?

The server/client start okay.

The client gets its address.

if I use ifconfig to look at "tun0" on the client I see:

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.16.107 P-t-P:172.16.16.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


on the server I see:

tun0      Link encap:Point-to-Point Protocol
         inet addr:172.16.16.1  P-t-P:172.16.16.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

I can ping between the hosts, but if I try to telnet between them, my firewall blocks me because it only allows in 172.16.0.0/20.

It looks like the netmask is not being set correctly..

As you can see, it is set in the server configuration file on the "route" line below.

It is set in the client by the connect script which returns to the client the following in this case:

"ifconfig-push 172.16.16.107 172.16.16.1 255.255.240.0"

server config:

tmp-dir /tmp
port 1194
proto udp
dev tun
writepid /var/run/openvpn-server.pid
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
mode server
tls-server
ifconfig 172.16.16.1 172.16.16.2
route 172.16.16.0 255.255.240.0
client-connect /etc/openvpn/connect
ser nobody
group nobody
persist-key
persist-tun

client config:

client
dev tun
proto udp
remote vpn1 1194
writepid /var/run/openvpn.pid
nobind
user nobody
group nobody
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
dh /etc/openvpn/dh1024.pem
ns-cert-type server
comp-lzo

any ideas?

thanks,
jas.


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users



____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users