ok, i have attached client and server log files at verbosity 6 for a
session using net30 topology. this was identical to my subnet topology
setup in every other way.
i started the server and client, waited, did ping -c 2 10.8.0.1 from the
client, waited, and then stopped them. no ping replies were received.
thanks!
Jan Just Keijser wrote:
> OK then plz remove the 'topology subnet' line from the server config,
> restart the server and post the log file of an unsuccessful client
> login. Note that the default mode is 'net30' which means that each
> client is assigned a /30 subnet. The server is always reachable at
> 10.8.0.1 for your config file. The first client would be 10.8.0.6 ;
> you will not be able to ping the other 'endpoint', 10.8.0.5, but
> 10.8.0.1 should definitely be reachable.
>
> HTH,
>
> JJK
>
>
> Tavin Cole wrote:
>> i couldn't get it to work at all until i set topology subnet (i.e. the
>> first client couldn't ping across the tunnel). otherwise i would say
>> no, it's not required ;)
>>
>> but i do need a topology that works with windows as well as nix clients.
>>
>> thanks
>>
>> Jan Just Keijser wrote:
>>
>>> Is the 'topology subnet' thing required for your setup? Have you tried
>>> it without? If it works without 'topology subnet' and does not work
>>> with that option that would make troubleshooting a heck of a lot
>>> easier.
>>>
>>> HTH,
>>>
>>> JJK
>>>
>>> Tavin Cole wrote:
>>>
>>>> Greetings,
>>>>
>>>> I'm attaching server and client config files for a setup that has
>>>> worked
>>>> flawlessly during testing with a single client. We're using subnet
>>>> topology. All hosts on the server-side LAN have been accessible.
>>>>
>>>> I have found that when a second client connects, regardless of whether
>>>> it's from behind the same NAT or an entirely different location, that
>>>> second client cannot ping the OpenVPN server endpoint (10.8.0.1), nor
>>>> any hosts on the server-side LAN. However the second client seems to
>>>> get all the routing table entries it's supposed to and its interface
>>>> seems to get configured correctly (10.8.0.3 netmask 255.255.255.0). I
>>>> haven't been able to spot any errors in the log files on either side;
>>>> TLS negotiations work and the options get pushed to the client.
>>>>
>>>> It hasn't made any difference whether the clients involved are Linux
>>>> or XP.
>>>>
>>>> We are using separate certs for each client.
>>>>
>>>> Any ideas?
>>>>
>>>> Thanks!
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> remote x.x.x.x
>>>> ns-cert-type server
>>>>
>>>> client
>>>> nobind
>>>>
>>>> dev tun
>>>> comp-lzo
>>>> keepalive 11 121
>>>> ping-timer-rem
>>>> persist-key
>>>> persist-tun
>>>>
>>>> ca ca.crt
>>>> cert client.crt
>>>> key client.key
>>>> tls-auth ta.key 1
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> server 10.8.0.0 255.255.255.0
>>>> topology subnet
>>>>
>>>> push "route 192.168.1.0 255.255.255.0"
>>>> push "dhcp-option DNS 192.168.1.2"
>>>> push "dhcp-option WINS 192.168.1.2"
>>>> push "dhcp-option DOMAIN x.y.com"
>>>>
>>>> dev tun
>>>> comp-lzo
>>>> keepalive 11 121
>>>> ping-timer-rem
>>>> persist-key
>>>> persist-tun
>>>>
>>>> ca ca.crt
>>>> cert server.crt
>>>> key server.key
>>>> dh dh1024.pem
>>>> tls-auth ta.key 0
>>>>
>>>> status openvpn-status.log
>>>> verb 4
>>>>
>>>>
>>>>
>
Attachment:
client.log.bz2
Description: Binary data
remote x.x.x.x
ns-cert-type server
client
nobind
dev tun
comp-lzo
keepalive 11 121
ping-timer-rem
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
verb 6
Attachment:
server.log.bz2
Description: Binary data
server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.2"
push "dhcp-option WINS 192.168.1.2"
push "dhcp-option DOMAIN x.x.com"
dev tun
comp-lzo
keepalive 11 121
ping-timer-rem
persist-key
persist-tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
status ..\\log\\openvpn-status.log
verb 6
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|