[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Mode Server on XP: bridging working; routing not


  • Subject: [Openvpn-users] Mode Server on XP: bridging working; routing not
  • From: Kay Wischkony <kyw@xxxxxxxxxxx>
  • Date: Tue, 04 Jan 2005 11:55:14 +0100

With the kind help of this marvelous list, I could put
ethernet-bridging of road warriors to work. Thanks again!

Now I want to set up a second link to this same
VPN-Server, but of tun-type this one.

What I have configured:
- First network [192.168.0.0/24]
  - DSL-Router with firewall [192.168.0.111]
    - portforwarding for 1194/udp and 5000/udp
      directed to [192.168.0.105:1194] and
      [192.168.0.105:5000] resp.
    - dyndns-Name for the public IP on the outside Interface
  - OpenVPN 2.0b11 on XPSP2 [192.168.0.105]
    - Two tap-devices named VPN1 and VPN2 resp.
    - VPN1 bridged to the ethernic on [192.168.0.105]
    - A .ovpn-config for ethernet-bridging bound
      to VPN1; unchanged and working alright
    - A second .ovpn-config for tun-style bound to
      VPN2

- Second network [192.168.2.0/24]
  - DSL-Router [192.168.2.1]
  - OpenVPN 2.0b11 on XPSP2 [192.168.2.113]
    - One tap-device named VPN1

Anything alright till here? I think P2P wouldn't be really an
option, as I want to give access to some more networks soon.

What I see:
- Two OpenVPN-processes running on [192.168.0.105].
- OpenVPN running on [192.168.2.113]
- Ethernet-bridging from road warriors still working fine.
- The client log says: "Initialisation sequence completed".
- Neither log contains "warn", "erro" or "fail" at verb 7.
- The TLS-Negotiation is running fine, including processing
  of the right file in ccd.
- The local VPN-IPs on [192.168.2.113] and [192.168.0.105] are
  assigned and pingable.
- Neither the remote tunnel-IPs nor their real IPs are
  pingable from either end!

What I assume from this:
- The packet-trail is free
- TLS-Authentication is working alright
- I guess there are routes missing
- To use the VPN from other machines on the nets
  I'd have to add routes for the connected net(s),
  pointing to the VPN-Servers. Either on each machine
  using it or on the default gateway.

My questions are:
- What am I looking for, to see what's wrong?
- What's going wrong? :-)

Configs see below. The logs are too big for this list. If
usefull I would put them on some webspace or post the parts
you want here.

TIA & HAND
Kay

****** Server config ******
local 192.168.0.105
port 5000
proto udp
dev tun
dev-node VPN2

tls-server
ca ca.crt
cert buch105.crt
key buch105.key  # This file is secret
dh dh1024.pem

server 172.17.2.0 255.255.255.0

push "route 192.168.0.0 255.255.255.0"

client-config-dir ccd-tun
route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0

keepalive 10 120

comp-lzo
persist-key
persist-tun

status openvpn-status-tun.log
log openvpn-tun.log
verb 7
****** In Ccd-file:
iroute 192.168.2.0 255.255.255.0
****** End of Server config  ******



****** Client config ******
client
dev tun
dev-node VPN1
proto udp

remote undisclosed.dyndns.org 5000
resolv-retry infinite

ca ca.crt
cert note113.crt
key note113.key

comp-lzo
verb 7
log simple-tun.log
****** End of Client config ******



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users