|
|
Hi admins,
i wanted to report a strange effect that I failed to investigate into.
I have a tun-ed tcp-served openvpn server set up for multiple-links,
spawning the 10.254.0.0/16 class.
I also have several clients on it, and the whole setup runs perfectly
fine from months now.
So, it happened the other day to ping the wrong IP from one of those clients.
The server is supposed to take its role at 10.254.0.1: from the client
10.254.0.13, I launched a ping to 10.245.0.6 instead.
To my astonishment, that system responded to me. How comes, since
I explicitly don't have any client-to-client option on the server?
I double-checked configurations and docs to find the explaination,
with no considerable luck.
The fun part is: if I ping 10.254.0.13 from 10.254.0.6, it does not
even attempts to route, just the way it is supposed to be.
So how comes that 10.254.0.6 was able to respond to 10.254.0.13
when pinged from there?
At now, none if the clients in the served subnet are able to communicate
openly, EXCEPT for 10.254.0.13->10.254.0.6 case (which appears to be
different than the 10.254.0.6->10.254.0.13 case).
This sounds absurd to me.
some details:
This is my server: ------------------------
port 1129
dev tun
server 10.254.0.0 255.255.0.0
proto tcp-server
float
user nobody
group nobody
ping-timer-rem
persist-tun
persist-key
keepalive 20 120
comp-lzo
daemon
verb 3
mute 10
tls-auth ta.key 0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
management 127.0.0.1 1130
management-log-cache 100
-----------------------------------------
Currently the server runs 2.0.5 on top of FreeBSD-5.4.
This is my typical client: --------------------
port 1129
dev tun
client
proto tcp-client
resolv-retry infinite
float
remote MY_PUBLIC_SERVER_HERE
nobind
user nobody
group nobody
ping-timer-rem
persist-key
persist-tun
keepalive 20 120
comp-lzo
daemon
verb 3
mute 10
connect-retry 120
tls-auth ta.key 1 # earlier clients filter
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
-----------------------------------------
(yes, all the clients have the same conf, and all of them run openvpn
versions from 2.0 to 2.0.5. Most machines are Linux, no windowses at today).
All of the VPB routing on the server and clients is setup by openvpn itself.
The tables show no sign of discrepancy with the VPN configuration, and
all of the routing table entries made by openvpn on the clients are
masked 255.255.255.255.
I really fail getting this thing clear.
Someone out there has the explaination I miss?
I'm sure I'm not pay attention to that stupid detail which
explains everything.
TIA
----
Andrea Gronchi
neta@xxxxxxxxxxx
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00009.html on line 275
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00009.html on line 275
|