|
|
On Wed 02 Jan 2008, Timothy Murphy wrote: > Is there a good tutorial for openvpn under Fedora 7 or 8? > I've followed the instructions at > <http://www.webhostingtalk.com/showthread.php?t=595436> > but they seem to have made things worse rather than better. Actually, I found I made a typo in server.conf on my desktop. When I corrected this, and restarted openvpn on both machines, everything appeared (from /var/log/messages) to be fine. I have tun0 on my desktop at 192.168.5.1 and tun0 on my laptop at 192.168.5.6 . I guess my question now is rather different - I'm not sure what I can do with the connection. I don't seem able to ssh in either direction. And ping fails in both directions too. Here are my server.conf and client.conf : ------------------------------ ;local a.b.c.d port 1194 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /usr/local/openvpn/keys/dh1024.pem ;server 10.8.0.0 255.255.255.0 server 192.168.5.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway" ;push "dhcp-option DNS 10.8.0.1" ;push "dhcp-option WINS 10.8.0.1" client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo ;max-clients 100 ;user nobody ;group nobody persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20 ------------------------------ client ;dev tap dev tun ;dev-node MyTap ;proto tcp proto udp remote www.gayleard.com 1194 ;remote my-server-2 1194 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/martha.crt key /etc/openvpn/keys/martha.key ;ns-cert-type server ;tls-auth ta.key 1 ;cipher x comp-lzo verb 3 ;mute 20 ------------------------------ I don't think there can be anything wrong with my firewall, or I wouldn't have got this far. But I am using shorewall on my desktop, with the two added lines in /etc/shorewall/rules ------------------------------ ACCEPT net $FW udp 1194 ACCEPT $FW net udp 1194 ------------------------------ Again, any help or advice gratefully received. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-01/msg00022.html on line 328 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-01/msg00022.html on line 328 |