|
|
Hi Leonid Leonid Satanovsky wrote: > Thank you, Erich. > > In two following passages I'll explain (one more time) the problem in common words. > > Right after openvpn at the Windows gateway is switched on > I can't ping Windows gateway from LAN_1 ... - I see echo request > coming to Windows gateway (in Outpost firewall monitor and by the blinking icon in the right bottom corner of the screen... )... > and no answer follows... Outpost firewall is tuned to pass everething. At the FreeBSD gateway > ``tcpdump'' shows usual echo request packets with correct src and dest. addresses sent from the tun interface. > IPFW allows all via the tun interface and all traffic between WAN addressess of the gateways. > > Only after pinging (from LAN_1) some host located in the network behind the Windows gateway - LAN_2 - > I (for a while) get the ability to ping Windows gateway from LAN_1 Sounds like an ICMP redirect? How long is the "while"? Do you see any changes in the routing table after the "while". Does the while correspond to your route-delay? Have you tried to access the remote gateway by its tunnel address, e.g. 192.168.254.6 > > Oo~~~~~~~~~~~~~~~~~-, > DETAILS > Oo~~~~~~~~~~~~~~~~~-, > > ----------------------------------------------------- > LAN_1 GATEWAY > ----------------------------------------------------- > WAN-IP: AA.AA.AA.AA > NET: 192.168.223.0/24 > VPN-ENDPOINT: 192.168.254.5 ----> 192.168.254.6 > GATEWAY-OS: FreeBSD > GATEWAY-LAN-IP: 192.168.223.1 > ----------------------------------------------------- > IFCONFIG > ----------------------------------------------------- > <...> > xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 192.168.223.1 netmask 0xffffff00 broadcast 192.168.223.255 > ether 00:60:98:ef:2b:e5 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > <...> > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 > inet 192.168.254.5 --> 192.168.254.6 netmask 0xffffffff > Opened by PID 1768 > <...> > > ----------------------------------------------------- > OPENVPN CONFIG > ----------------------------------------------------- > remote BB.BB.BB.BB > port 1194 > user nobody > group nobody > proto udp > route 192.168.127.0 255.255.255.0 192.168.254.6 > dev tun > tun-mtu 1500 > mssfix 1400 > ifconfig 192.168.254.5 192.168.254.6 255.255.255.252 > secret openvpn.key.1 > mlock > ping 10 > comp-lzo > verb 4 > mute 10 > > ----------------------------------------------------- > TCPDUMP > ----------------------------------------------------- I guess this is from the tun interface on the BSD side. Do you have a capture on the windoze side too? > In case of communication between our gateways we may get the following: > 01:17:38.220409 192.168.254.5 > 192.168.127.1: icmp: echo request > OR > 01:17:38.220409 192.168.223.1 > 192.168.127.1: icmp: echo request Ok so you try to ping the internal interface of your Windoze box. Does it arrive there and does it get decoded? Ethereal can help you. > OR > 01:17:38.220409 192.168.254.5 > 192.168.254.6: icmp: echo request > OR > 01:17:38.220409 192.168.223.5 > 192.168.254.6: icmp: echo request > In any case no answer follows... The same question shows up here, do the icmp echo requests actually leave the windoze gateway? Again Ethereal on the internal interface and the tun adapter. > > ----------------------------------------------------- > ROUTES > ----------------------------------------------------- > ROUTES ARE FINE :)) If we had them here, we might be able to discuss them :-) > > //======================================== > > ----------------------------------------------------- > LAN_2 GATEWAY > ----------------------------------------------------- > WAN-IP: BB.BB.BB.BB > NET: 192.168.127.0/24, 192.168.0.0/24 > VPN-ENDPOINT: 192.168.254.6 -----> 192.168.254.5 > GATEWAY-OS: Windows server 2003 > GATEWAY-LAN-IP: 192.168.127.1, 192.168.0.55 > ----------------------------------------------------- > IPCONFIG > ----------------------------------------------------- > > <...> > > Ethernet adapter INT: > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 192.168.127.1 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > IP Address. . . . . . . . . . . . : 192.168.0.55 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : > > <...> > > Ethernet adapter kot: > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 192.168.254.6 > Subnet Mask . . . . . . . . . . . : 255.255.255.252 > Default Gateway . . . . . . . . . : > > ----------------------------------------------------- > ARP -A > ----------------------------------------------------- > > <...> > > Interface: 192.168.254.6 --- 0x100006 > Internet Address Physical Address Type > 192.168.254.5 00-00-00-00-00-00 invalid This invalid type is surprising. HTH Erich ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-10/msg00067.html on line 329 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-10/msg00067.html on line 329 |