Re: [Openvpn-users] ifconfig-push

["Sturla Holm Hansen" <sturla@xxxxxxxxxxxxx>]

If I try to put in a netmask instead of the last 10.8.0.x I get an error
in /var/log/daemon.log that this needs to be an ip not a netmask.
After some reading I tried to put "ifconfig-push 10.8.0.x 10.8.0.1" in all
the clients ccd-files, this seemed to work as all the clients now got the
ip I had assigned in the ccd-file for that client, but only one client can
route the local subnet.
All clients have access to the servers subnet, but only one client-subnet
has access to the server-subnet.
The routing-table on the server says:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
81.191.132.0    *               255.255.255.0   U     0      0        0 eth1
10.13.13.0      10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.13.10.0      *               255.255.255.0   U     0      0        0 tun1
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
10.14.15.0      10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.14.14.0      10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.10.10.0      *               255.255.255.0   U     0      0        0 tun1
default         <my public ip>  0.0.0.0         UG    0      0        0 eth1

10.13.13.0, 10.14.14.0 and 10.14.15.0 are client-subnets for clients 1,2
and 3.
I have no idea what 10.13.10.0 and 10.10.10.0 is or where it comes from, I
don't understand what 10.8.0.2 is either.

My server.conf-file is:

port 1194
proto udp

dev tun

ca keys/ca.crt
cert keys/server.crt
key keys/server.key  # This file should be kept secret

dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 10.13.13.0 255.255.255.0
route 10.14.14.0 255.255.255.0
route 10.14.15.0 255.255.255.0

keepalive 10 120

comp-lzo
persist-key
persist-tun

status openvpn-status.log

verb 3

And my ccd-file: (example for client 1)

iroute 10.13.13.0 255.255.255.0
ifconfig-push 10.8.0.254 10.8.0.1

The client.conf:

client
dev tun
proto udp
remote <my public ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert sturla.crt
key sturla.key
ns-cert-type server
comp-lzo
verb 3


Anyone having ANY idea why this doesn't work?
Much appreciated :)

Thanx

Sturla

On Wed, August 30, 2006 14:04, Charles Duffy wrote:
> Sturla Holm Hansen wrote:
>> Hi there list.
>> Can anyone point me to a good explanation for why routing stops working
>> on
>> machines that have the "ifconfig-push 10.8.0.x 10.8.0.x" setting in
>> their
>> file in /etc/openvpn/ccd/?
>> It seems like the first machine connecting gets the right settings, the
>> rest don't (The first one also has broken routing though)
>> Any ideas?
>
> Putting 10.8.0.x in for both parameters for ifconfig-push is quite
> certainly wrong; the second parameter is supposed to be a netmask.
> Beyond that, a more concrete example would be useful: What does your
> server configuration look like? (Are you using ifconfig-pool-linear or
> topology subnet? Either of these gives you more flexibility with regard
> to which addresses you can push, but at the expense of excluding Windows
> clients in the first case or requiring OpenVPN 2.1 in the second). Does
> the address you're pushing line up with a /30 netmask?
>
> Also, details as to how exactly the remaining systems' settings are
> wrong (what do they look like? How do you know they're wrong?) would be
> a Good Thing.
>
>
> -------------------------------------------------------------------------
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>


______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users