|
|
Dear all, I am using OpenVPN 2.0.9 x86_64-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Feb 27 2007 and I am trying to setup a VPN from my road laptop to my home server using bridged connection (tap). Now I want to route all IP traffic through the tunnel when I have it open but for some reason the windows box doesn't route properly. I tried following all documents I found and searching in the mailing lists for other issues like this without success. I need help here, could someone give a few hints please? When I connect to the vpn, the laptop gets a local address 192.168.0.100 and the route to 192.168.0.1 is added. But I can not even ping the linux box at 192.168.0.1. This is the vpn log at the client: Thu May 10 16:53:42 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Thu May 10 16:53:42 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Thu May 10 16:53:42 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu May 10 16:53:45 2007 LZO compression initialized Thu May 10 16:53:45 2007 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Thu May 10 16:53:45 2007 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Thu May 10 16:53:45 2007 Local Options hash (VER=V4): '31fdf004' Thu May 10 16:53:45 2007 Expected Remote Options hash (VER=V4): '3e6d1056' Thu May 10 16:53:45 2007 Attempting to establish TCP connection with xxx.xxx.xxx.xxx:245 Thu May 10 16:53:45 2007 TCP connection established with xxx.xxx.xxx.xxx:245 Thu May 10 16:53:45 2007 TCPv4_CLIENT link local: [undef] Thu May 10 16:53:45 2007 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:245 Thu May 10 16:53:46 2007 TLS: Initial packet from xxx.xxx.xxx.xxx:245, sid=5cfe793c 4f3c7845 Thu May 10 16:53:50 2007 VERIFY OK: depth=1, /C=XX/ST=XX/L=XX/O=MontblancVPN/CN=xxxx/emailAddress=xxxxx Thu May 10 16:53:50 2007 VERIFY OK: depth=0, /C=XX/ST=XX/O=MontblancVPN/CN=xxxx/emailAddress=xxxx Thu May 10 16:53:57 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu May 10 16:53:57 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu May 10 16:53:57 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu May 10 16:53:57 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu May 10 16:53:57 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu May 10 16:53:57 2007 [xxxx] Peer Connection Initiated with 81.56.221.174:245 Thu May 10 16:53:58 2007 SENT CONTROL [xxxx]: 'PUSH_REQUEST' (status=1) Thu May 10 16:53:59 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,ip-win32 dynamic,dhcp-option DNS 192.168.0.1,route-gateway 192.168.0.1,ping 10,ping-restart 120,ifconfig 192.168.0.100 255.255.255.0' Thu May 10 16:53:59 2007 OPTIONS IMPORT: timers and/or timeouts modified Thu May 10 16:53:59 2007 OPTIONS IMPORT: --ifconfig/up options modified Thu May 10 16:53:59 2007 OPTIONS IMPORT: route options modified Thu May 10 16:53:59 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu May 10 16:53:59 2007 TAP-WIN32 device [VPN to Montblanc] opened: \\.\Global\{03D2D989-1CAA-4D63-8333-84F5C01D4053}.tap Thu May 10 16:53:59 2007 TAP-Win32 Driver Version 8.4 Thu May 10 16:53:59 2007 TAP-Win32 MTU=1500 Thu May 10 16:53:59 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.100/255.255.255.0 on interface {03D2D989-1CAA-4D63-8333-84F5C01D4053} [DHCP-serv: 192.168.0.0, lease-time: 31536000] Thu May 10 16:53:59 2007 Successful ARP Flush on interface [6] {03D2D989-1CAA-4D63-8333-84F5C01D4053} Thu May 10 16:53:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Thu May 10 16:53:59 2007 Route: Waiting for TUN/TAP interface to come up... Thu May 10 16:53:59 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Thu May 10 16:53:59 2007 Route: Waiting for TUN/TAP interface to come up... Thu May 10 16:54:00 2007 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down Thu May 10 16:54:00 2007 Route: Waiting for TUN/TAP interface to come up... Thu May 10 16:54:01 2007 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up Thu May 10 16:54:01 2007 route ADD 81.56.221.174 MASK 255.255.255.255 10.6.1.1 Thu May 10 16:54:01 2007 Warning: route gateway is ambiguous: 10.6.1.1 (2 matches) Thu May 10 16:54:01 2007 Route addition via IPAPI failed Thu May 10 16:54:01 2007 route ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1 Thu May 10 16:54:01 2007 Route addition via IPAPI succeeded Thu May 10 16:54:01 2007 route ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1 Thu May 10 16:54:01 2007 Route addition via IPAPI succeeded Thu May 10 16:54:01 2007 Initialization Sequence Completed What is this warning about an ambiguous gateway ???? Here is my ipconfig /all (note ethernet interface, wireless and vmware interfaces): C:\Documents and Settings\pep>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : peak Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8 Physical Address. . . . . . . . . : 00-50-56-C0-00-08 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.18.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::250:56ff:fec0:8%4 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%5 fec0:0:0:ffff::2%5 fec0:0:0:ffff::3%5 Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1 Physical Address. . . . . . . . . : 00-50-56-C0-00-01 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.17.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::250:56ff:fec0:1%5 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%4 fec0:0:0:ffff::2%4 fec0:0:0:ffff::3%4 Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : ifrc.ds Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection Physical Address. . . . . . . . . : 00-0E-35-D4-45-EF Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.6.4.43 Subnet Mask . . . . . . . . . . . : 255.255.0.0 IP Address. . . . . . . . . . . . : fe80::20e:35ff:fed4:45ef%6 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.6.1.1 DNS Servers . . . . . . . . . . . : 10.1.1.90 10.1.1.91 fec0:0:0:ffff::1%2 fec0:0:0:ffff::2%2 fec0:0:0:ffff::3%2 Primary WINS Server . . . . . . . : 10.1.1.90 Secondary WINS Server . . . . . . : 10.1.1.91 Lease Obtained. . . . . . . . . . : Thursday, May 10, 2007 4:11:05 PM Lease Expires . . . . . . . . . . : Sunday, May 20, 2007 4:11:05 PM Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : ifrc.ds Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti on Physical Address. . . . . . . . . : 00-01-4A-05-5C-35 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.6.4.41 Subnet Mask . . . . . . . . . . . : 255.255.0.0 IP Address. . . . . . . . . . . . : fe80::201:4aff:fe05:5c35%7 Default Gateway . . . . . . . . . : 10.6.1.1 DHCP Server . . . . . . . . . . . : 10.6.1.1 DNS Servers . . . . . . . . . . . : 10.1.1.90 10.1.1.91 fec0:0:0:ffff::1%2 fec0:0:0:ffff::2%2 fec0:0:0:ffff::3%2 Primary WINS Server . . . . . . . : 10.1.1.90 Secondary WINS Server . . . . . . : 10.1.1.91 Lease Obtained. . . . . . . . . . : Thursday, May 10, 2007 4:53:35 PM Lease Expires . . . . . . . . . . : Sunday, May 20, 2007 4:53:35 PM Ethernet adapter VPN to Montblanc: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V8 Physical Address. . . . . . . . . : 00-FF-03-D2-D9-89 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::2ff:3ff:fed2:d989%8 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.0 DNS Servers . . . . . . . . . . . : 192.168.0.1 fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Lease Obtained. . . . . . . . . . : Thursday, May 10, 2007 4:54:00 PM Lease Expires . . . . . . . . . . : Friday, May 09, 2008 4:54:00 PM Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth Device (Personal Area Netw ork) Physical Address. . . . . . . . . : 00-01-4A-15-87-5B Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-00 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%9 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : C0-A8-12-01 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:192.168.18.1%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%5 fec0:0:0:ffff::2%5 fec0:0:0:ffff::3%5 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : C0-A8-11-01 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:192.168.17.1%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%4 fec0:0:0:ffff::2%4 fec0:0:0:ffff::3%4 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : ifrc.ds Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 0A-06-04-29 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:10.6.4.41%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2 fec0:0:0:ffff::2%2 fec0:0:0:ffff::3%2 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : ifrc.ds Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 0A-06-04-2B Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:10.6.4.43%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2 fec0:0:0:ffff::2%2 fec0:0:0:ffff::3%2 NetBIOS over Tcpip. . . . . . . . : Disabled As you see the interface "VPN to Montblanc" has address 192.168.0.100, gateway and dns is pointing to the linux box at 192.168.0.1. DHCP server points to 192.168.0.0 ? Now here is the routing table in the laptop: C:\Documents and Settings\pep>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8 0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1 0x4 ...00 0e 35 d4 45 ef ...... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport 0x5 ...00 01 4a 05 5c 35 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport 0x6 ...00 ff 03 d2 d9 89 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport 0x10008 ...00 01 4a 15 87 5b ...... Bluetooth Device (Personal Area Network) =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.6.1.1 10.6.4.41 20 0.0.0.0 128.0.0.0 192.168.0.1 192.168.0.100 1 10.6.0.0 255.255.0.0 10.6.4.41 10.6.4.41 20 10.6.0.0 255.255.0.0 10.6.4.43 10.6.4.43 25 10.6.4.41 255.255.255.255 127.0.0.1 127.0.0.1 20 10.6.4.43 255.255.255.255 127.0.0.1 127.0.0.1 25 10.255.255.255 255.255.255.255 10.6.4.41 10.6.4.41 20 10.255.255.255 255.255.255.255 10.6.4.43 10.6.4.43 25 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 128.0.0.0 128.0.0.0 192.168.0.1 192.168.0.100 1 192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 30 192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 30 192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 30 192.168.17.0 255.255.255.0 192.168.17.1 192.168.17.1 20 192.168.17.1 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.17.255 255.255.255.255 192.168.17.1 192.168.17.1 20 192.168.18.0 255.255.255.0 192.168.18.1 192.168.18.1 20 192.168.18.1 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.18.255 255.255.255.255 192.168.18.1 192.168.18.1 20 224.0.0.0 240.0.0.0 10.6.4.41 10.6.4.41 20 224.0.0.0 240.0.0.0 10.6.4.43 10.6.4.43 25 224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 30 224.0.0.0 240.0.0.0 192.168.17.1 192.168.17.1 20 224.0.0.0 240.0.0.0 192.168.18.1 192.168.18.1 20 255.255.255.255 255.255.255.255 10.6.4.41 10.6.4.41 1 255.255.255.255 255.255.255.255 10.6.4.43 10.6.4.43 1 255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1 255.255.255.255 255.255.255.255 192.168.17.1 192.168.17.1 1 255.255.255.255 255.255.255.255 192.168.17.1 10008 1 255.255.255.255 255.255.255.255 192.168.18.1 192.168.18.1 1 Default Gateway: 192.168.0.1 =========================================================================== Persistent Routes: None C:\Documents and Settings\pep> The configuration for the linux box follows: net0 is the ethernet connected to ADSL line net1 is the local ethernet card -> I have local masquerading at home. tap0 is the link for the vpn br0 is the bridge that puts together net1 and tap0. /montblanc:/etc/openvpn# ifconfig br0 Link encap:Ethernet HWaddr 00:17:31:25:9F:4D inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::217:31ff:fe25:9f4d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10734 errors:0 dropped:0 overruns:0 frame:0 TX packets:7419 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:895702 (874.7 KiB) TX bytes:1247372 (1.1 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:118187 errors:0 dropped:0 overruns:0 frame:0 TX packets:118187 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:14719525 (14.0 MiB) TX bytes:14719525 (14.0 MiB) net0 Link encap:Ethernet HWaddr 00:17:31:25:97:DB inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx Mask:255.255.255.0 inet6 addr: fe80::217:31ff:fe25:97db/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21569326 errors:0 dropped:0 overruns:0 frame:0 TX packets:26739960 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:7539973016 (7.0 GiB) TX bytes:22435709760 (20.8 GiB) Base address:0xc800 Memory:e7ee0000-e7f00000 net1 Link encap:Ethernet HWaddr 00:17:31:25:9F:4D inet6 addr: fe80::217:31ff:fe25:9f4d/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:11868317 errors:0 dropped:0 overruns:0 frame:0 TX packets:9887828 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13612167993 (12.6 GiB) TX bytes:7989971125 (7.4 GiB) Interrupt:58 tap0 Link encap:Ethernet HWaddr E2:B1:EB:D7:72:16 inet6 addr: fe80::e0b1:ebff:fed7:7216/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:353 errors:0 dropped:0 overruns:0 frame:0 TX packets:2202 errors:0 dropped:301 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:38819 (37.9 KiB) TX bytes:241901 (236.2 KiB) Now here is my server configuration: dev tap0 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret dh /etc/openvpn/easy-rsa/keys/dh1024.pem ifconfig-pool-persist ipp.txt server-bridge 192.168.0.1 255.255.255.0 192.168.0.100 192.168.0.103 push "redirect-gateway def1" push "ip-win32 dynamic" push "dhcp-option DNS 192.168.0.1" client-to-client keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 4 ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |