|
|
Hello all,
Firstly I'd like to thank and congratulate the developers of OpenVPN.
Although I have run into an obstacle as outlined below, I've come a lot
closer to getting things perfect with OpenVPN than I have with IPSec.
I've managed to set up a VPN using tap. The client can ping the server
and vice versa. Also, by adding this little bit of magic to the server:
echo 1 >/proc/sys/net/ipv4/conf/all/forwarding
echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp
and by setting the server as the gateway on the other machines on ther
server's LAN, the client can ping them too. (And vice versa again.)
However, there is one last glitch: NetBIOS doesn't work 100% -- the
client can't access machines on the server's LAN by name. I know there
are several solutions to this:
* set up bridging between tap0 and eth1 (my preferred
solution);
* use a 'hosts' file (my backup solution); or
* use a WINS server (I'd rather not do this).
So I've been trying to get bridging working, as this will fix the
NetBIOS problem and should also prevent some other problems that I
anticipate a little further down the line.
I've downloaded the bridge-start and bridge-stop scripts from
openvpn.net and substituted in my network parameters where required, but
if I run:
/etc/init.d/openvpn stop
/etc/openvpn/bridge-stop
/etc/openvpn/bridge-start
/etc/init.d/openvpn start
and then connect to the server from the client, the client and server
are no longer able to ping each other -- indeed the client can't ping
anything on the server's LAN, and vice versa. Only by stopping the VPN,
stopping bridging and restarting the VPN without bridging are they able
to see each other again.
Does anyone have any ideas?
Network topology:
Firewall (ZyWALL 70 UTM) WAN 81.2.120.182.
LAN 192.168.100.254.
1194/tcp forwarded correctly.
Main LAN is on 192.168.100.0/24.
Secondary LAN is on 192.168.1.0/24.
VPN LAN is 192.168.10.0/24.
Linux server has IP address 192.168.100.106 and 192.168.100.196.
OpenVPN listening on 1194/tcp.
Server is given IP address 192.168.10.1 by OpenVPN.
Windows XP client is given IP address 192.168.10.10.
Let me know if any other network details required.
Client settings:
client
dev tap
dev-node OpenVPN1
proto tcp
remote 81.2.120.182 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop04.crt
key laptop04.key
comp-lzo
verb 6
Server settings:
port 1194
proto tcp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.10.1 255.255.255.0 192.168.10.10
192.168.10.100
push "route 192.168.100.0 255.255.255.0"
#push "route 192.168.10.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 6
mute 25
management localhost 7505
Important bits from bridge-start:
br="br0"
tap="tap0"
eth="eth1"
eth_ip="192.168.100.196"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.100.255"
Let me know if there's anything else that would give you a better idea.
Thanks in advance for any light you can shed on this.
kind regards
--
Toby Inkster <mail@xxxxxxxxxxxxxxxxx>
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-08/msg00068.html on line 296
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-08/msg00068.html on line 296
|