[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Cannot access shares on server


  • Subject: [Openvpn-users] Cannot access shares on server
  • From: Jason Baker <jbaker@xxxxxxxxxxxxxx>
  • Date: Tue, 31 Jul 2007 15:52:46 -0400

Title: jbaker_signature
I have OpenVPN running on a CentOS 4 machine, with Samba 3 and LDAP. My LAN is at 172.16.0.0/255.255.0.0. My VPN network is 192.168.100.0/255.255.255.0. I have a laptop which is connecting remotely through the internet. It will receive a dynamic IP from the ISP. I can connect to the VPN, I can ping the server by IP (172.16.24.7), I can ping the server by VPN IP (192.168.100.1). I can ping other machines on the local LAN by hostname (HENBANE, SEDGE, etc.). I cannot ping the server by host name (ASTER). I can access network shares on other machines on the LAN, but I cannot access shares on the server. I see the following error on the server log:
RTue Jul 31 11:25:06 2007 us=89692 cassava/12.148.55.75:1194 MULTI: bad source address from client [12.148.55.75], packet dropped
I get this error frequently, whether I'm connecting to the server, or another machine on the LAN. The IP 12.148.55.75 is the IP given to the laptop from the ISP when connecting remotely:

###OpenVPN server config routing TUN setup########
port 1194
dev tun
tls-server
mode server
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/aster.crt
key /etc/openvpn/aster.key
duplicate-cn
ifconfig 192.168.100.1 192.168.100.2
ifconfig-pool 192.168.100.5 192.168.100.200 # IP range clients
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
#keep tunnel open by ping
push "ping 10"
push "ping-restart 60"
ping 10
ping-restart 120
#route to be established on the server
route-up "route delete -net 192.168.100.0/24"
route-up "route add -net 192.168.100.0/24 tun0"
#route to push to clients
push "route 172.16.0.0 255.255.0.0" #route to company network
push "dhcp-option DOMAIN glastender.com"  #push the DNS domain suffix
push "dhcp-option DNS 172.16.24.7"  #push DNS entries to client
push "dhcp-option WINS 172.16.24.7" #push WINS resolution to client
push "route 192.168.100.1" # add route to protected network
#push "redirect-gateway"
comp-lzo
status-version 2
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 9
####################### end server config ##############


####################client.ovpn######
port 1194 #udp by default
dev tun
##remote is the openvpn-server
remote xxx.xxx.xxx.xxx
tls-client
ca ca.crt
cert cassava.crt
key cassava.key
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
#ip-win32 ipapi|manual|dynamic|netsh (see man page, use
#when ip address on interface does not appear, but dhcp server
#is visible in ipconfig /all)
ip-win32 ipapi
comp-lzo
verb 4
##############################end########
~                                             
--

Jason Baker
IT Coordinator


Glastender Inc.
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444

www.glastender.com

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------