|
|
I unfortunately haven't made any progress getting xp talking properly to
Linux over openvpn.
The tunnel seems to negotiate fine. My XP ovpn console gives me: Fri Aug 05 22:48:19 2005 us=406742 [server] Peer Connection Initiated with 216.57.216.165:1194 Fri Aug 05 22:48:20 2005 us=514320 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up Fri Aug 05 22:48:20 2005 us=514595 Initialization Sequence Completed WRRwRwRwRwRwWRWRWRWRwRwRwRwRwWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRW and all of the RW traffic is keep-alive pings, I presume. Problem 1 -------------- The Linux box sees 10.101.1.14 as the XP box. It can send it a ping, but XP drops it. XP's pfirewall log says: 2005-08-05 22:59:13 DROP ICMP 10.101.1.14 10.101.1.1 - - 84 - - - - 0 0 - SEND 2005-08-05 22:59:14 DROP ICMP 10.101.1.14 10.101.1.1 - - 84 - - - - 0 0 - SEND 2005-08-05 22:59:15 DROP ICMP 10.101.1.14 10.101.1.1 - - 84 - - - - 0 0 - SEND Which is odd because I've turned firewalling off on xp's tun0, and am allowing all ICMP. If I turn off the XP firewall completely, I just don't get any response. Ethereal on XP shows no outbound response to Linux server. Problem 2 ----------- When I try to ping 10.101.1.1 from XP, I get no traffic for it over XP's tun0. I get unreachable replys from...other networks. If I add route 10.101.1.0 255.255.255.0 10.101.1.14 to XP's ovpn, I get ARP requests for 10.101.14 on tun0, but I don't see that traffic from the Linux point of view. No traffic on linux tun0. Problem 3 ------------ When I ping 10.101.1.13 from XP (10.101.1.14) I see traffic going outbound, and Linux sees pings comming in: 23:10:07.150549 10.101.1.14 > 10.101.1.13: icmp: echo request 23:10:08.150104 10.101.1.14 > 10.101.1.13: icmp: echo request 23:10:08.150128 10.101.1.14 > 10.101.1.13: icmp: echo request Linux is not responding, even tho it should not be ignoring icmp. # /proc/sys/net/ipv4 # cat icmp_echo_ignore_broadcasts 0 # /proc/sys/net/ipv4 # cat icmp_echo_ignore_all 0 Problem 4 ----------- Non ICMP requests make it to Linux, but I get no response. XP: wget http://10.101.1.1/ -- no response, this arps XP: wget http://10.101.1.13/ -- Linux sees this request: 23:17:38.896826 10.101.1.14.1619 > 10.101.1.13.http: S 196395906:196395906(0) win 16384 <mss 1368,nop,nop,sackOK> (DF) 23:17:38.896884 10.101.1.14.1619 > 10.101.1.13.http: S 196395906:196395906(0) win 16384 <mss 1368,nop,nop,sackOK> (DF) But no response. I have turned iptables on, iptables off too. XP's tun0 is not firewalled. XP's tun0 should be accepting all ICMP packets. Problem 5 ----------- Why does it work when I reboot XP to FC3? I have two FC3 laptops which can both talk to the Linux server and I've even configured them to use the Linux server as their SMTP host. Problem 6 --------------- I've tried this on two different XP boxes from two different client networks. Their behavior is identical. Problem 7 ------------ When I specify --dev-node "tun0" in XP config, Ovpn can't find it. If I leave that line out, it finds the tun/tap device OK. Is this signifigant? I've seen other people post about how they've gotten xp<->linux with --dev tun before, tho the majority of the posters seem to be using --dev tap.
ccd/xp ------- ifconfig-push 10.101.1.14 10.101.1.13 iroute 192.168.45.0 255.255.255.0 XP.ovpn ---------- dev tun0 remote benry.is-a-geek.net tls-client ifconfig 10.101.1.14 10.101.1.13 ca ca.crt cert hds-jbr-ws.crt key hds-jbr-ws.key port 1194 comp-lzo ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key verb 5 route 10.101.1.0 255.255.255.0 10.101.1.14 XP Routes ------------ $ route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 06 25 a9 75 cc ...... Instant Wireless Network PC Card V3.0 - Packet Scheduler Miniport 0x3 ...00 ff 64 5d 1d 47 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.45.1 192.168.45.201 40 10.101.1.0 255.255.255.0 10.101.1.14 10.101.1.14 1 10.101.1.12 255.255.255.252 10.101.1.14 10.101.1.14 30 10.101.1.14 255.255.255.255 127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.255 10.101.1.14 10.101.1.14 30 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.45.0 255.255.255.0 192.168.45.201 192.168.45.201 40 192.168.45.201 255.255.255.255 127.0.0.1 127.0.0.1 40 192.168.45.255 255.255.255.255 192.168.45.201 192.168.45.201 40 224.0.0.0 240.0.0.0 10.101.1.14 10.101.1.14 30 224.0.0.0 240.0.0.0 192.168.45.201 192.168.45.201 40 255.255.255.255 255.255.255.255 10.101.1.14 10.101.1.14 1 255.255.255.255 255.255.255.255 192.168.45.201 192.168.45.201 1 Default Gateway: 192.168.45.1 =========================================================================== Persistent Routes: None Linux Routes ---------------- Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface creosote * 255.255.255.255 UH 0 0 0 tun0 26.57.216.160 * 255.255.255.248 U 0 0 0 eth0 192.168.101.0 creosote 255.255.255.0 UG 0 0 0 tun0 10.101.1.0 creosote 255.255.255.0 UG 0 0 0 tun0 10.101.2.0 creosote 255.255.255.0 UG 0 0 0 tun0 192.168.45.0 creosote 255.255.255.0 UG 0 0 0 tun0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default ip26-57-216-16 0.0.0.0 UG 0 0 0 eth0 (creosote = 10.101.1.2 in /etc/hosts) Jed ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00076.html on line 350 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00076.html on line 350 |