[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] No router/default gateway after connect.


  • Subject: Re: [Openvpn-users] No router/default gateway after connect.
  • From: "Niels Peeters" <px@xxxxxxxxxxxxxxxxx>
  • Date: Sat, 22 Dec 2007 13:06:21 +0100

Hey Jan,

Problem is solved. Was a naming resolution problem. The netbios name was
still pointing to .200 instead of .210. 
I did an add route -net 192.168.2.0/24 192.168.1.210 on all boxes in the
network, so they know the route to reply things back instead of pushing it
to the default gateway of .254.
Thanks for all the efford!

Fijne dagen!

Niels
 
-----Oorspronkelijk bericht-----
Van: Jan Just Keijser [mailto:janjust@xxxxxxxxx] 
Verzonden: vrijdag 21 december 2007 16:35
Aan: Niels Peeters; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Onderwerp: Re: [Openvpn-users] No router/default gateway after connect.

Hi Niels,

is it possible to ping 192.168.1.210 from the vpn client?
also, how is your local network configured? when you're pinging a host 
on your LAN from the VPN client, the host on the LAN needs to know where 
to send stuff back to. What is the default gateway on your LAN? does 
this default gateway know the route back to your VPN server?

HTH / groetjes,

JJK

Niels Peeters wrote:
> Hey Jan,
>
> Ok, so the problem is in the forwarding/nat part. 
> In my /etc/sysctl.conf I've got the following line which should enable
> packet forwarding.
> net.inet.ip.forwarding=1
>
> And when I run the cmd manually, it says its going from 1 > 1, so its
proper
> enabled.
>
> My ipfw firewall rules (where nothing has changed):
> 00100   290   32098 allow ip from any to any via lo0
> 00200     0       0 deny ip from any to 127.0.0.0/8
> 00300     0       0 deny ip from 127.0.0.0/8 to any
> 65000 41505 8531434 allow ip from any to any
> 65535     0       0 deny ip from any to any
>
> So where should I be looking for my old IP (.200) and change it to .210 ?
>
> Thanks in advance.
>
>
>
> -----Oorspronkelijk bericht-----
> Van: Jan Just Keijser [mailto:janjust@xxxxxxxxx] 
> Verzonden: vrijdag 21 december 2007 14:09
> Aan: Niels Peeters; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Onderwerp: Re: [Openvpn-users] No router/default gateway after connect.
>
> Hi Niels,
>
> OK if you can ping the .1 address then your connection is up and 
> running. It is quite "normal" that you cannot ping the .5 address, that 
> is the same for me. This is an anomaly of the way an OpenVPN connection 
> is set up in good ol' Windows.
> Can you ping the external interface of the OpenVPN box, i.e. 192.168.1.210
?
> Are you using masquerading or NAT'ting at all? Have you set up a routing 
> rule on your internal network such that hosts on your LAN know that all 
> traffic intended for 192.168.2.6 has to go through the VPN server 
> instead of the default gateway? Esp if you have changed the address of 
> your OpenVPN server itself this could cause routing problems,
>
> cheers,
>
> JJK
>
> Niels Peeters wrote:
>   
>> Yeah I can ping .1, but can't ping the rest of the network.
>> Weird thing is, when I do ipconfig /all I get .5 as DHCP server, but I
>>     
> cant
>   
>> ping it....
>>
>> The OpenVPN server has no firewall, since I filter on the internet
router.
>> I only accept port 1194 UDP incoming, and it worked with this setting..
>>
>>
>>
>> -----Oorspronkelijk bericht-----
>> Van: Jan Just Keijser [mailto:janjust@xxxxxxxxx] 
>> Verzonden: vrijdag 21 december 2007 12:22
>> Aan: Niels Peeters
>> CC: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> Onderwerp: Re: [Openvpn-users] No router/default gateway after connect.
>>
>> what happens if you try to ping
>>   192.168.2.1
>> instead of .5 ?
>> also, your client connect log looks fine, so my bet is that you're 
>> looking at a firewalling issue.
>>
>> HTH/groetjes,
>>
>> JJK
>>
>> Niels Peeters wrote:
>>   
>>     
>>> Hello,
>>>
>>> I've got OpenVPN 2.0.6_7 installed on a FreeBSD 6.2-STABLE box and it
ran
>>> fine for a while.
>>> However, since today when I connect a client it doesn't get any default
>>> gateway.
>>> The only change done is an IP change of the server from 192.168.1.200 to
>>> 192.168.1.210.
>>> The OpenVPN server pushes the rules, and they get applied proper, but I
>>> still cant ping the gateway (192.168.2.5)
>>> I've tried Windows client and the OSX client (tunnelblick), both with
>>>       
> same
>   
>>> result.
>>> Normally I could ping 192.168.2.5 and even 192.168.1.210.
>>> What could this be all of the sudden?
>>> Info below.
>>>
>>>
>>> Net info:
>>>
>>> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>>         options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
>>>         inet 192.168.1.210 netmask 0xffffff00 broadcast 192.168.1.255
>>>         ether 00:11:85:c4:04:63
>>>         media: Ethernet autoselect (100baseTX <full-duplex>)
>>>         status: active
>>> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>>>         inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff
>>>         Opened by PID 691
>>>
>>>
>>>
>>>
>>> Log of a client:
>>>
>>> Thu Dec 20 21:42:48 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
>>>     
>>>       
>> Oct
>>   
>>     
>>> 1 2006
>>> Thu Dec 20 21:42:48 2007 IMPORTANT: OpenVPN's default port number is now
>>> 1194, based on an official port number assignment by IANA.  OpenVPN
>>> 2.0-beta16 and earlier used 5000 as the default port.
>>> Thu Dec 20 21:42:48 2007 Control Channel Authentication: using 'ta.key'
>>>       
> as
>   
>>>     
>>>       
>> a
>>   
>>     
>>> OpenVPN static key file
>>> Thu Dec 20 21:42:48 2007 Outgoing Control Channel Authentication: Using
>>>     
>>>       
>> 160
>>   
>>     
>>> bit message hash 'SHA1' for HMAC authentication
>>> Thu Dec 20 21:42:48 2007 Incoming Control Channel Authentication: Using
>>>     
>>>       
>> 160
>>   
>>     
>>> bit message hash 'SHA1' for HMAC authentication
>>> Thu Dec 20 21:42:48 2007 LZO compression initialized
>>> Thu Dec 20 21:42:48 2007 Control Channel MTU parms [ L:1542 D:166 EF:66
>>>     
>>>       
>> EB:0
>>   
>>     
>>> ET:0 EL:0 ]
>>> Thu Dec 20 21:42:48 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
>>>     
>>>       
>> EB:135
>>   
>>     
>>> ET:0 EL:0 AF:3/1 ]
>>> Thu Dec 20 21:42:48 2007 Local Options hash (VER=V4): '504e774e'
>>> Thu Dec 20 21:42:48 2007 Expected Remote Options hash (VER=V4):
>>>       
> '14168603'
>   
>>> Thu Dec 20 21:42:48 2007 UDPv4 link local (bound): [undef]:1194
>>> Thu Dec 20 21:42:48 2007 UDPv4 link remote: 192.168.1.210:1194
>>> Thu Dec 20 21:42:48 2007 TLS: Initial packet from 192.168.1.210:1194,
>>> sid=9beba790 17452984
>>> Thu Dec 20 21:42:48 2007 VERIFY OK: depth=1, blahblah
>>> Thu Dec 20 21:42:48 2007 VERIFY OK: nsCertType=SERVER
>>> Thu Dec 20 21:42:48 2007 VERIFY OK: depth=0, blahblah 
>>> Thu Dec 20 21:42:48 2007 Data Channel Encrypt: Cipher 'BF-CBC'
>>>       
> initialized
>   
>>> with 128 bit key
>>> Thu Dec 20 21:42:48 2007 Data Channel Encrypt: Using 160 bit message
hash
>>> 'SHA1' for HMAC authentication
>>> Thu Dec 20 21:42:48 2007 Data Channel Decrypt: Cipher 'BF-CBC'
>>>       
> initialized
>   
>>> with 128 bit key
>>> Thu Dec 20 21:42:48 2007 Data Channel Decrypt: Using 160 bit message
hash
>>> 'SHA1' for HMAC authentication
>>> Thu Dec 20 21:42:48 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
>>> DHE-RSA-AES256-SHA, 1024 bit RSA
>>> Thu Dec 20 21:42:48 2007 [Server01] Peer Connection Initiated with
>>> 192.168.1.210:1194
>>> Thu Dec 20 21:42:49 2007 SENT CONTROL [Server01]: 'PUSH_REQUEST'
>>>     
>>>       
>> (status=1)
>>   
>>     
>>> Thu Dec 20 21:42:49 2007 PUSH: Received control message:
>>>       
> 'PUSH_REPLY,route
>   
>>> 192.168.1.0 255.255.255.0,route 192.168.2.0 255.255.255.0,ping
>>> 10,ping-restart 120,ifconfig 192.168.2.6 192.168.2.5'
>>> Thu Dec 20 21:42:49 2007 OPTIONS IMPORT: timers and/or timeouts modified
>>> Thu Dec 20 21:42:49 2007 OPTIONS IMPORT: --ifconfig/up options modified
>>> Thu Dec 20 21:42:49 2007 OPTIONS IMPORT: route options modified
>>> Thu Dec 20 21:42:49 2007 TAP-WIN32 device [Local Area Connection 7]
>>>     
>>>       
>> opened:
>>   
>>     
>>> \\.\Global\{5EB96B73-7605-4C58-9846-408ED84AB740}.tap
>>> Thu Dec 20 21:42:49 2007 TAP-Win32 Driver Version 8.4 
>>> Thu Dec 20 21:42:49 2007 TAP-Win32 MTU=1500
>>> Thu Dec 20 21:42:49 2007 Notified TAP-Win32 driver to set a DHCP
>>>     
>>>       
>> IP/netmask
>>   
>>     
>>> of 192.168.2.6/255.255.255.252 on interface
>>> {5EB96B73-7605-4C58-9846-408ED84AB740} [DHCP-serv: 192.168.2.5,
>>>     
>>>       
>> lease-time:
>>   
>>     
>>> 31536000]
>>> Thu Dec 20 21:42:49 2007 Successful ARP Flush on interface [131076]
>>> {5EB96B73-7605-4C58-9846-408ED84AB740}
>>> Thu Dec 20 21:42:49 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0
>>>     
>>>       
>> u/d=down
>>   
>>     
>>> Thu Dec 20 21:42:49 2007 Route: Waiting for TUN/TAP interface to come
>>>     
>>>       
>> up...
>>   
>>     
>>> Thu Dec 20 21:42:51 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0
>>>     
>>>       
>> u/d=down
>>   
>>     
>>> Thu Dec 20 21:42:51 2007 Route: Waiting for TUN/TAP interface to come
>>>     
>>>       
>> up...
>>   
>>     
>>> Thu Dec 20 21:42:52 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0
>>>     
>>>       
>> u/d=down
>>   
>>     
>>> Thu Dec 20 21:42:52 2007 Route: Waiting for TUN/TAP interface to come
>>>     
>>>       
>> up...
>>   
>>     
>>> Thu Dec 20 21:42:53 2007 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0
>>>       
> u/d=up
>   
>>> Thu Dec 20 21:42:53 2007 route ADD 192.168.1.0 MASK 255.255.255.0
>>> 192.168.2.5
>>> Thu Dec 20 21:42:53 2007 Route addition via IPAPI succeeded
>>> Thu Dec 20 21:42:53 2007 route ADD 192.168.2.0 MASK 255.255.255.0
>>> 192.168.2.5
>>> Thu Dec 20 21:42:53 2007 Route addition via IPAPI succeeded
>>> Thu Dec 20 21:42:53 2007 Initialization Sequence Completed
>>>
>>>
>>>
>>>
>>>
>>> Route print @ client:
>>>
>>> Network Destination        Netmask          Gateway       Interface
>>>     
>>>       
>> Metric
>>   
>>     
>>>           0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.64
>>>     
>>>       
>> 1
>>   
>>     
>>>         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
>>>     
>>>       
>> 1
>>   
>>     
>>>       192.168.1.0    255.255.255.0     192.168.1.64    192.168.1.64
>>>     
>>>       
>> 20
>>   
>>     
>>>       192.168.1.0    255.255.255.0      192.168.2.5     192.168.2.6
>>>     
>>>       
>> 1
>>   
>>     
>>>      192.168.1.64  255.255.255.255        127.0.0.1       127.0.0.1
>>>     
>>>       
>> 20
>>   
>>     
>>>     192.168.1.255  255.255.255.255     192.168.1.64    192.168.1.64
>>>     
>>>       
>> 20
>>   
>>     
>>>       192.168.2.0    255.255.255.0      192.168.2.5     192.168.2.6
>>>     
>>>       
>> 1
>>   
>>     
>>>       192.168.2.4  255.255.255.252      192.168.2.6     192.168.2.6
>>>     
>>>       
>> 30
>>   
>>     
>>>       192.168.2.6  255.255.255.255        127.0.0.1       127.0.0.1
>>>     
>>>       
>> 30
>>   
>>     
>>>     192.168.2.255  255.255.255.255      192.168.2.6     192.168.2.6
>>>     
>>>       
>> 30
>>   
>>     
>>>         224.0.0.0        240.0.0.0     192.168.1.64    192.168.1.64
>>>     
>>>       
>> 20
>>   
>>     
>>>         224.0.0.0        240.0.0.0      192.168.2.6     192.168.2.6
>>>     
>>>       
>> 30
>>   
>>     
>>>   255.255.255.255  255.255.255.255     192.168.1.64    192.168.1.64
>>>     
>>>       
>> 1
>>   
>>     
>>>   255.255.255.255  255.255.255.255      192.168.2.6     192.168.2.6
>>>     
>>>       
>> 1
>>   
>>     
>>> Default Gateway:     192.168.1.254
>>>
>>>
>>>
>>>
>>>
>>> Ipconfig @ client:
>>>
>>> Ethernet adapter Local Area Connection 7:
>>>
>>>         Connection-specific DNS Suffix  . :
>>>         IP Address. . . . . . . . . . . . : 192.168.2.6
>>>         Subnet Mask . . . . . . . . . . . : 255.255.255.252
>>>         Default Gateway . . . . . . . . . :
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>   
>>>     
>>>       
>>   
>>     
>
>   


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users