|
|
Sorry to have bothered you all, for some stupid reason it just started to work after I sent the last mail, if anyone sees an obvious flaw in my setup or have suggestions for improvements I would still appreciate it though :) Oh, and another thing: I saw this in the documentation once but can't seem to find it again: How do you route between client-subnets, so that a computer in the subnet of client1 can reach a computer in the subnet of client2 that is? Cheerio Sturla On Fri, September 1, 2006 07:43, Sturla Holm Hansen wrote: > If I try to put in a netmask instead of the last 10.8.0.x I get an error > in /var/log/daemon.log that this needs to be an ip not a netmask. > After some reading I tried to put "ifconfig-push 10.8.0.x 10.8.0.1" in all > the clients ccd-files, this seemed to work as all the clients now got the > ip I had assigned in the ccd-file for that client, but only one client can > route the local subnet. > All clients have access to the servers subnet, but only one client-subnet > has access to the server-subnet. > The routing-table on the server says: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.8.0.2 * 255.255.255.255 UH 0 0 0 > tun0 > 81.191.132.0 * 255.255.255.0 U 0 0 0 > eth1 > 10.13.13.0 10.8.0.2 255.255.255.0 UG 0 0 0 > tun0 > 10.13.10.0 * 255.255.255.0 U 0 0 0 > tun1 > 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 > tun0 > 192.168.0.0 * 255.255.255.0 U 0 0 0 > eth0 > 10.14.15.0 10.8.0.2 255.255.255.0 UG 0 0 0 > tun0 > 10.14.14.0 10.8.0.2 255.255.255.0 UG 0 0 0 > tun0 > 10.10.10.0 * 255.255.255.0 U 0 0 0 > tun1 > default <my public ip> 0.0.0.0 UG 0 0 0 > eth1 > > 10.13.13.0, 10.14.14.0 and 10.14.15.0 are client-subnets for clients 1,2 > and 3. > I have no idea what 10.13.10.0 and 10.10.10.0 is or where it comes from, I > don't understand what 10.8.0.2 is either. > > My server.conf-file is: > > port 1194 > proto udp > > dev tun > > ca keys/ca.crt > cert keys/server.crt > key keys/server.key # This file should be kept secret > > dh dh1024.pem > server 10.8.0.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > client-config-dir ccd > route 10.13.13.0 255.255.255.0 > route 10.14.14.0 255.255.255.0 > route 10.14.15.0 255.255.255.0 > > keepalive 10 120 > > comp-lzo > persist-key > persist-tun > > status openvpn-status.log > > verb 3 > > And my ccd-file: (example for client 1) > > iroute 10.13.13.0 255.255.255.0 > ifconfig-push 10.8.0.254 10.8.0.1 > > The client.conf: > > client > dev tun > proto udp > remote <my public ip> 1194 > resolv-retry infinite > nobind > persist-key > persist-tun > ca ca.crt > cert sturla.crt > key sturla.key > ns-cert-type server > comp-lzo > verb 3 > > > Anyone having ANY idea why this doesn't work? > Much appreciated :) > > Thanx > > Sturla > > On Wed, August 30, 2006 14:04, Charles Duffy wrote: >> Sturla Holm Hansen wrote: >>> Hi there list. >>> Can anyone point me to a good explanation for why routing stops working >>> on >>> machines that have the "ifconfig-push 10.8.0.x 10.8.0.x" setting in >>> their >>> file in /etc/openvpn/ccd/? >>> It seems like the first machine connecting gets the right settings, the >>> rest don't (The first one also has broken routing though) >>> Any ideas? >> >> Putting 10.8.0.x in for both parameters for ifconfig-push is quite >> certainly wrong; the second parameter is supposed to be a netmask. >> Beyond that, a more concrete example would be useful: What does your >> server configuration look like? (Are you using ifconfig-pool-linear or >> topology subnet? Either of these gives you more flexibility with regard >> to which addresses you can push, but at the expense of excluding Windows >> clients in the first case or requiring OpenVPN 2.1 in the second). Does >> the address you're pushing line up with a /30 netmask? >> >> Also, details as to how exactly the remaining systems' settings are >> wrong (what do they look like? How do you know they're wrong?) would be >> a Good Thing. >> >> >> ------------------------------------------------------------------------- >> security? >> Get stuff done quickly with pre-integrated technology to make your job >> easier >> Geronimo >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> https://lists.sourceforge.net/lists/listinfo/openvpn-users >> > > > > ------------------------------------------------------------------------- > Get stuff done quickly with pre-integrated technology to make your job > easier > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00001.html on line 337 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00001.html on line 337 |