[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn route mode

  • Subject: [Openvpn-users] openvpn route mode
  • From: "~☆•`¯`Info`¯`•☆~" <raoufnezhad@xxxxxxxxx>
  • Date: Mon, 24 Sep 2007 16:26:50 +0430
Hi,
I install openvpn version 2 on debian as a routed mode. Now I have a problem.

My structure is :
Openvpn Server------------>Firewall-------------> Internet----------------->My Client

server configuration:
port 1194
proto udp
dev tap
tls-server
mode server
ca /etc/openvpn/examples/easy-rsa/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/keys/MyserverKey.crt
key /etc/openvpn/examples/easy-rsa/keys/MyserverKey.key  # This file should be kept secret
dh /etc/openvpn/examples/easy-rsa/keys/dh2048.pem
ifconfig 10.10.10.1 255.255.255.0
ifconfig-pool 10.10.10.5 10.10.10.10
push "route 60.x.x.x  255.255.255.0"
push "redirect-gateway"
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-128-CBC   # AES
comp-lzo
max-clients 5
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn.log
verb 3


Client configuration:
proto udp
remote MyServer.com 1194
client
dev tap
persist-key
persist-tun
ca keys/ca.crt
cert keys/raoufnezhad.crt
key keys/raoufnezhad.key
keepalive 10 120
cipher AES-128-CBC
user nobody
group nobody
comp-lzo
verb 3
pull
auth-user-pass

ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:69:00:0C:5D:17 
          inet addr: 60.x.x.5  Bcast:60.x.x.255  Mask:255.255.255.0
          inet6 addr: fe80::269:ff:fe0c:5d17/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:42933 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2986 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2882204 (2.7 MiB)  TX bytes:400325 ( 390.9 KiB)
          Interrupt:177 Base address:0xdc00

tap0      Link encap:Ethernet  HWaddr 2A:A6:51:0E:8B:3A 
          inet addr: 10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::28a6:51ff:fe0e:8b3a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:103 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:14888 (14.5 KiB)  TX bytes:4603 ( 4.4 KiB)

route -n :
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
localnet        *               255.255.255.0 U     0      0        0 eth0
10.10.10.0      *               255.255.255.0    U     0      0        0 tap0
default         60.x.x.1     0.0.0.0         UG    0      0        0 eth0

and ip_forward is enable.

My clients can connect to vpn server and ping 10.10.10.1 and each other, but they can ping 60.x.x.5?
Would you please help me?

thanks.