[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] IP traffic dont work to/from my provider


  • Subject: [Openvpn-users] IP traffic dont work to/from my provider
  • From: Alfred Hallmert <alfred.hallmert@xxxxxxxxx>
  • Date: Sun, 9 Jan 2005 22:14:21 +0000 (UTC)

Hi!

I have ordered a static public IP-address that should be tunneled through 
OpenVPN to a TAP-interface. I think everything looks alright in my 
configuration, but by some reason things dont work out. I wonder if there are 
any errors on my side, or if it is my provider that misconfigurated someting on 
their side.
	
I am running FreeBSD 5.3-STABLE with OpenVPN 2.0 RC1, and so do my profider. 
This is what it looks like (IP-addressses changed here by security reasons):

openvpn.conf:
---
remote 194.212.248.8
dev tap1
ifconfig 194.212.250.21 255.255.255.192
port 7111
ping 10
verb 3
comp-lzo
---

this is how my output looks like when running openvpn:
---
skarselden# openvpn /etc/openvpn/openvpn.conf
Sun Jan  9 22:30:30 2005 OpenVPN 2.0_rc1 i386-unknown-freebsd5.3 [SSL] [LZO] 
built on Jan  3 2005
Sun Jan  9 22:30:30 2005 WARNING: --ping should normally be used with --ping-
restart or --ping-exit
Sun Jan  9 22:30:30 2005 ******* WARNING *******: all encryption and 
authentication features disabled -- all data will be tunnelled as cleartext
Sun Jan  9 22:30:30 2005 LZO compression initialized
Sun Jan  9 22:30:30 2005 TUN/TAP device /dev/tap1 opened
Sun Jan  9 22:30:30 2005 /sbin/ifconfig tap1 194.212.250.21 netmask 
255.255.255.192 mtu 1500 up
Sun Jan  9 22:30:30 2005 Data Channel MTU parms [ L:1533 D:1433 EF:1 EB:19 
ET:32 EL:0 ]
Sun Jan  9 22:30:30 2005 Local Options hash (VER=V4): '9c5b35be'
Sun Jan  9 22:30:30 2005 Expected Remote Options hash (VER=V4): '9c5b35be'
Sun Jan  9 22:30:30 2005 Output Traffic Shaping initialized at 131072 bytes per 
second
Sun Jan  9 22:30:30 2005 UDPv4 link local (bound): [undef]:7111
Sun Jan  9 22:30:30 2005 UDPv4 link remote: 194.212.248.8:7111
Sun Jan  9 22:30:41 2005 Peer Connection Initiated with 194.212.248.8:7111
Sun Jan  9 22:30:42 2005 Initialization Sequence Completed
---

...and this is my ifconfig:
---
skarselden# ifconfig -a
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 213.80.43.161 netmask 0xffffff00 broadcast 213.80.43.255
        ether 00:30:4f:18:9f:af
        media: Ethernet autoselect (10baseT/UTP)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
tap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 194.212.250.21 netmask 0xffffffc0 broadcast 194.212.250.63
        ether 00:bd:f2:96:00:01
        Opened by PID 453
---

the firewall is open and shall be source routing my tunneled IP-address to a 
gateway at the provider's:
---
skarselden# ipfw show
00100    0      0 allow ip from any to any via lo0
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
65000 5023 766568 allow ip from any to any
65100    0      0 fwd 194.212.250.1 ip from 194.212.250.21 to any
65535    0      0 deny ip from any to any

skarselden# route -n get 194.212.250.1
   route to: 194.212.250.1
destination: 194.212.250.0
       mask: 255.255.255.192
  interface: tap1
      flags: <UP,DONE,CLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500     -1167
---

...but I can not ping the gateway through the tunnel interface (but I do can 
ping the gateway IP over Internet without going through the tunnel, so the 
gateway is up):
---
skarselden# ping 194.212.250.1
PING 194.212.250.1 (194.212.250.1): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 194.212.250.1 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
---

No IP-traffic seem to be working on the TAP-interface.

Is there anything else that could be wrong on my side of this tunnel now? 
(mtu_test tells me that the MTU-stuff works alright). What shall do, or say to 
the provider?
	
/Alfred Hallmert






-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users