Re: [Openvpn-users] Corrected version of "OpenVPN makes vpn-Server unreachable at iso/osi level if a client connects"

[Markus Mueller <openvpn030905@xxxxxxx>]

Hi Leonard Isham,

> > Hi OpenVPN Users,
> >
> > cause of my real bad english, and some wrong/confusing and/or incomplete
> > statements in the last mail,
> > I rewrote it... Please excuse the last bad email about this issue.
> > I have a serious problem with OpenVPN: If a client successful connects, my
> > OpenVPN Server runs out of reachability at iso/osi level level 4 (TCP/UDP).
> > The interesting thing is that ping works...
> >
> > What I have done?
> >
> >    
> [snip]
>
> A couple of requests.
> 1.  Don't post HTML
>  
ok.

> 2.  Strip comments out of config files for review.
>  
ok, done.

> Disclaimer:  I'm not a bridging expert I rout as much as possible.
>
> In both configs:
>
> dev tap0
> - I think think this should be tap not tap0
> - Then add "dev-node tap0"
>  
dev tap0 is ok, on both sides. This tells you the animadverted comments 
in the config file:

# ... 
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# ...

So its realy the problem? I tried... it also doesn't work if there is 
only "tap".

Similar dev-node:

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

> In the serverlogs
>
> [ECONNREFUSED]: Connection refused (code=111)
>
> Not sure what is happening here...
>
> Have you tried a tcpdump capture on the tap interfaces?
>  
cause my server should be accessable again, I stop the openvpn client 
after about 1/2 minutes.
The problem is allways there, so there is no need to let it every tre 
more then 1/2 minutes.

The tap interface shows all the trafic I have on the br0 and eth0, cause 
they are in the same
bridging interface (br0). I also installed a iptables filter, so there 
can't from client and/or server
bad packets to the other side, which might cause the problem. But it 
doesn't change anything.

There are further results: The problem about the no reachability is the 
same... but in
the named window above, in which the ssh gets a rush of messages: In 
this situation
the vpn worked, but only for few packets:

[...]
From 192.168.0.10 icmp_seq=90 Destination Host Unreachable
From 192.168.0.10 icmp_seq=91 Destination Host Unreachable
From 192.168.0.10 icmp_seq=92 Destination Host Unreachable
From 192.168.0.10 icmp_seq=94 Destination Host Unreachable
From 192.168.0.10 icmp_seq=95 Destination Host Unreachable
From 192.168.0.10 icmp_seq=96 Destination Host Unreachable
64 bytes from 192.168.0.68: icmp_seq=97 ttl=64 time=1082 ms
From 192.168.0.10 icmp_seq=124 Destination Host Unreachable
From 192.168.0.10 icmp_seq=125 Destination Host Unreachable
From 192.168.0.10 icmp_seq=126 Destination Host Unreachable
64 bytes from 192.168.0.68: icmp_seq=127 ttl=64 time=2082 ms
64 bytes from 192.168.0.68: icmp_seq=128 ttl=64 time=1086 ms
64 bytes from 192.168.0.68: icmp_seq=129 ttl=64 time=91.1 ms
From 192.168.0.10 icmp_seq=155 Destination Host Unreachable
From 192.168.0.10 icmp_seq=156 Destination Host Unreachable
From 192.168.0.10 icmp_seq=157 Destination Host Unreachable
[...]

What could this be for a problem ?!

Regards & Thanks for the hints,
Markus Mueller


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users