[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] server push wrong routing and ifconfig to client

  • Subject: Re: [Openvpn-users] server push wrong routing and ifconfig to client
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Thu, 6 Jan 2005 21:20:09 +0100 (CET)

On Wed, 5 Jan 2005, Shaun Savage wrote:

Mathias Sundman wrote:
On Wed, 5 Jan 2005, Shaun Savage wrote:

Hi all

I am using openvpn-2.2.0-rc6 on linux. I had tls to tls vpn working now I am trying to get the sever - client working now.

The server.conf
The problem is the tun0 on the server is point to point to PtoP
the routing is also

# route

BUT on the client

tun0 is

with route UGH 0 0 0 tun0 * U 0 0 0 eth0 UG 0 0 0 tun0

Why doesn't the routing match? the 2 PtoP should be inverse.

Why? Is it a problem or would you just have prefered to have it inversed?

If you need the whole configuration I can send it, but I hope I the limited config will be enough to know the problem.

Your client is assigned, and the routing table says that it can reach and through Looks fine to me.

What problems are you having?

from the server does not pin 192.168.34 net from the server net 192.168.0 does not ping the 192.168.34 net from client net 192.168.34 does not ping 192.168.0 net

the routing from the server sends 192.168.34.packets to but the IP on the client side is

When I del the 192.168.34 route and try to add route to 192.168.34 using there is no interface.

Looking at the server logs I see the route to 34 net is added before 34 net connects.

in short I can't tunnel through the VPN.

I concept of what it should be

server tun0 PtoP
server route gw

client tun0 PtoP
client route 192.168.0/20 gw

when the next is added (I guess)

server tun1 PtoP
server route gw

This is where your logic fails. For true PtP links that's the way it should be, but as the current implementation of the TAP driver for Windows does not support true PtP, OpenVPN emulates PtP with a normal /30 subnet for each client instead.

This means that each client has its own gateway. The .1 address can't be shared with the clients as it's not part of the clients subnet.

So, the routing table you see on your client does look correct to me, so there's something else thats wrong.

Firewall blocking?

Routing disabled?

Use tcpdump to check how far your pings get.

I think you can force the use of real PtP links the way you wanted it with the --ifconfig-pool-linear option, but then Windows clients will not be able to connect.

Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail

------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users