|
|
On 10/4/05, Steve Wasser <steve@xxxxxxx> wrote:
>
>
>
> I'm not even going to pretend to know 1% of what's going on, so I'll post my
> configs and I'm sure someone will have the answer. I'm doing this because
> this is a work project that has gone on about a week, and I'm a couple steps
> from completion.
>
>
>
> I'm running WinXP client connecting to Debian 2.4.27 kernel with openvpn
> 2.0. Couple of background notes that might help:
>
>
>
> This is a DSL connected test network that resides in our corporate office.
> It is totally disconnected from our LAN for testing purposes, but we want to
> have VPN connectivity. The Linux box sits behind a Linksys WRT54GS that is
> port forwarding 500, 1194, 1723, and Linux is the Host DMZ. I am not using
> wireless, that is going out of our LAN to the WAN port of the Linksys, which
> uses DDNS. For now, I've turned firewall protection off. All the assets on
> that LAN have a 192.168.0.x addressing scheme, which is where I think the
> problem may reside, understanding Openvpn wants to use a different subnet
> and route over. Problem is, I'm not too strong on that, so I thought it
> would be easier to keep it all on the same subnet and assign statically the
> IP address of the client (not included below since I turned it off for
> testing). It seems to be working, it makes the connection but I cannot ping,
> and a minute later I disconnect (see way below) Any help would be more than
> appreciated.
> Client config file:
>
> client
>
> dev tun
>
> proto tcp
>
> resolv-retry infinite
>
> nobind
>
> persist-key
>
> persist-tun
>
> ca ca.crt
>
> cert client1.crt
>
> key client1.key
>
> comp-lzo
>
> verb 3
>
>
>
> Server
>
> local 192.168.0.100
>
> port 1194
>
> proto tcp
>
> dev tun
>
> ca ca.crt
>
> cert server.crt
>
> key server.key # This file should be kept secret
>
> dh dh1024.pem
>
> server 192.168.0.0 255.255.255.0
>
> ifconfig-pool-persist ipp.txt
>
> keepalive 10 120
>
> comp-lzo
>
> persist-key
>
> persist-tun
>
> status openvpn-status.log
>
> log-append openvpn.log
>
> verb 6
You have threesubnets defined with the same IP address range. This is
like having 3 men named John Smith and no middle name... confusion.
The connection may be gettin dropped due to this violation of basic
subnetting. You need the VPN IP addresses and the "remote" lan to
have subnets that are not duplicated in your main network.
WIthout knowing your infrastructure or IP addressing scheme I can't
suggest subnets, but you may want to skip 192.168/16 (192.168.0.0
- 192.168.255.255) and use something in:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> Client result log:
>
>
>
> Tue Oct 04 18:29:36 2005 IMPORTANT: OpenVPN's default port number is now
> 1194, b
>
> ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and
> earl
>
> ier used 5000 as the default port.
>
> Tue Oct 04 18:29:36 2005 WARNING: No server certificate verification method
> has
>
> been enabled. See http://openvpn.net/howto.html#mitm for
> more info.
>
> Tue Oct 04 18:29:36 2005 Re-using SSL/TLS context
>
>
> Tue Oct 04 18:30:57 2005 Preserving previous TUN/TAP instance: Local Area
> Connec
>
> tion 4
>
> Tue Oct 04 18:30:57 2005 Initialization Sequence Completed
>
> Tue Oct 04 18:31:26 2005 Connection reset, restarting [-1]
>
> Tue Oct 04 18:31:26 2005 TCP/UDP: Closing socket
>
> Tue Oct 04 18:31:26 2005 SIGUSR1[soft,connection-reset] received, process
> restar
>
> ting
>
> Tue Oct 04 18:31:26 2005 Restart pause, 5 second(s)
DISCLAIMER: I have not tried OpenVPN over TCP.
If this is not related to the subnet issue then it appears that you
have a connectivity issue that is causing the reset.
1.) Troubleshoot the DSL connection or main internet connection for
problems or bandwidth issues.
2.) Consider using UDP.
--
Leonard Isham, CISSP
Ostendo non ostento.
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|