[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping


  • Subject: Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping
  • From: Tavin Cole <tavin.cole@xxxxxxxxx>
  • Date: Mon, 14 Jan 2008 20:47:06 -0500

ok, i have attached client and server log files at verbosity 6 for a
session using net30 topology.  this was identical to my subnet topology
setup in every other way.

i started the server and client, waited, did ping -c 2 10.8.0.1 from the
client, waited, and then stopped them.  no ping replies were received.

thanks!

Jan Just Keijser wrote:
> OK then plz remove the 'topology subnet' line from the server config,
> restart the server and post the log file of an unsuccessful client
> login. Note that the default mode is 'net30' which means that each
> client is assigned a /30 subnet. The server is always reachable at
> 10.8.0.1 for your config file. The first client would be 10.8.0.6 ;
> you will not be able to ping the other 'endpoint', 10.8.0.5, but
> 10.8.0.1 should definitely be reachable.
>
> HTH,
>
> JJK
>
>
> Tavin Cole wrote:
>> i couldn't get it to work at all until i set topology subnet (i.e. the
>> first client couldn't ping across the tunnel).  otherwise i would say
>> no, it's not required ;)
>>
>> but i do need a topology that works with windows as well as nix clients.
>>
>> thanks
>>
>> Jan Just Keijser wrote:
>>  
>>> Is the 'topology subnet' thing required for your setup? Have you tried
>>> it without? If it works without 'topology subnet' and does not work
>>> with that option that would make troubleshooting a heck of a lot
>>> easier.
>>>
>>> HTH,
>>>
>>> JJK
>>>
>>> Tavin Cole wrote:
>>>    
>>>> Greetings,
>>>>
>>>> I'm attaching server and client config files for a setup that has
>>>> worked
>>>> flawlessly during testing with a single client.  We're using subnet
>>>> topology.  All hosts on the server-side LAN have been accessible.
>>>>
>>>> I have found that when a second client connects, regardless of whether
>>>> it's from behind the same NAT or an entirely different location, that
>>>> second client cannot ping the OpenVPN server endpoint (10.8.0.1), nor
>>>> any hosts on the server-side LAN.  However the second client seems to
>>>> get all the routing table entries it's supposed to and its interface
>>>> seems to get configured correctly (10.8.0.3 netmask 255.255.255.0).  I
>>>> haven't been able to spot any errors in the log files on either side;
>>>> TLS negotiations work and the options get pushed to the client.
>>>>
>>>> It hasn't made any difference whether the clients involved are Linux
>>>> or XP.
>>>>
>>>> We are using separate certs for each client.
>>>>
>>>> Any ideas?
>>>>
>>>> Thanks!
>>>>
>>>>  
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> remote x.x.x.x
>>>> ns-cert-type server
>>>>
>>>> client
>>>> nobind
>>>>
>>>> dev tun
>>>> comp-lzo
>>>> keepalive 11 121
>>>> ping-timer-rem
>>>> persist-key
>>>> persist-tun
>>>>
>>>> ca ca.crt
>>>> cert client.crt
>>>> key client.key
>>>> tls-auth ta.key 1
>>>>
>>>>  
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> server 10.8.0.0 255.255.255.0
>>>> topology subnet
>>>>
>>>> push "route 192.168.1.0 255.255.255.0"
>>>> push "dhcp-option DNS 192.168.1.2"
>>>> push "dhcp-option WINS 192.168.1.2"
>>>> push "dhcp-option DOMAIN x.y.com"
>>>>
>>>> dev tun
>>>> comp-lzo
>>>> keepalive 11 121
>>>> ping-timer-rem
>>>> persist-key
>>>> persist-tun
>>>>
>>>> ca ca.crt
>>>> cert server.crt
>>>> key server.key
>>>> dh dh1024.pem
>>>> tls-auth ta.key 0
>>>>
>>>> status openvpn-status.log
>>>> verb 4
>>>>
>>>>  
>>>>       
>

Attachment: client.log.bz2
Description: Binary data

remote x.x.x.x
ns-cert-type server

client
nobind

dev tun
comp-lzo
keepalive 11 121
ping-timer-rem
persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1

verb 6

Attachment: server.log.bz2
Description: Binary data

server 10.8.0.0 255.255.255.0

push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.2"
push "dhcp-option WINS 192.168.1.2"
push "dhcp-option DOMAIN x.x.com"

dev tun
comp-lzo
keepalive 11 121
ping-timer-rem
persist-key
persist-tun

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0

status ..\\log\\openvpn-status.log
verb 6

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users