Re: [Openvpn-users] Serving only Static IP Addresses to Linux clients

[Matthew Macdonald-Wallace <mmw@xxxxxxxxxxxxxxxxxxxxx>]

On Fri, 08 Feb 2008 11:46:03 +0100
Jan Just Keijser <janjust@xxxxxxxxx> wrote:

> Hi Matthew,
> 
> your current setup is a routed OpenVPN setup, which requires an extra 
> subnet (172.16.16.0/24) to make things work. You can eliminate this 
> extra subnet by switching to bridged mode, but there's one thing I
> don't understand about your setup:
> 
> the vpn client lan space is 192.168.2.0/24
> the vpn server lan space is 192.168.3.0/24
> the vpn lan is 172.16.16.0/24
> 
> where does 172.16.17.0 come from? on which sides of the setup does
> this lan space live? I assume/hope that it's only on the server side.


This is half my problem!  This appears to be required to use the VPN
and I don't know why!


In our labs, I now have a testbed setup with the configs as follows:

Server.conf:

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
mode server
tls-server
ifconfig 10.200.33.6 10.200.33.5
push "route 10.200.33.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 5
user nobody
group nogroup
daemon
client-config-dir ccd/



ccd/desktop
push "ifconfig 10.200.33.5 10.200.33.6"



client.conf:

client
dev tun
proto udp
remote 192.168.5.142 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 5



When I ping the remote VPN address (10.200.33.6 from the client) I get
the following in the logs:

Feb  8 11:34:04 demobuild openvpn[17787]: desktop/192.168.5.69:40148
MULTI: bad source address from client [10.200.33.5], packet dropped

This is repeated over and over again until I stop the ping.

Thanks in advance for all help,

Matt.
-- ______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users