after playing with OpenVPN for a while I have no idea left, so I came here to ask what to do to heal this setup.
I have an OpenVPN server (linux) and I can connect to it from a Windows XP client,
"Wed Sep 21 14:06:27 2005 Initialization Sequence Completed"
However I only can ping my assigned IP address and nothing on the other side of the tunnel.
Both the server and the clients are the version of 2.0.2.
We have tried it from two different client (windows) PCs from two different networks,
with two different client certificate set, so I think we can exclude client failures.
We also have another server with almost the same configuration, and it works fine, and
both of these client can connect to the other server fine.
Since we have a working instance I've made comaprsions between the config files and
the rounting tables (both the client and the servers) and did not found any mentionable difference.
I was googleing and browsing the lists for a while, also read the FAQ so here is what I've already tried:
1.) Modified the server's firewall:
*iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A INPUT -i tap+ -j ACCEPT iptables -A FORWARD -i tap+ -j ACCEPT
2.) I've checked the connection options (such as cipher,auth,keysize,etc) to see if there is a difference between client and server.
3.) I've made a **tcpdump -i tun0 on both the servers in order to see what happens. What I've notified is: - I have tons of lines when tcpdumping on the working server - I have the following lines on the problematic server (at the first line I tried to make a ping from the client): mosoly:/home/fulop # tcpdump -n -i tun0 tcpdump: listening on tun0 14:38:03.041002 10.8.77.6 > 192.168.77.10: icmp: echo request 14:38:26.603376 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 14:38:27.621096 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST 14:38:28.088917 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 14:38:29.124286 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST 14:38:29.591429 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 14:38:30.622887 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST
7 packets received by filter 0 packets dropped by kernel
Here is my server configuration: -------------------------------- port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/mosoly.crt dh /etc/openvpn/keys/dh1024.pem server 10.8.77.0 255.255.255.0 ifconfig-pool-persist /etc/openvpn/ipp.txt push "route 192.168.77.0 255.255.255.0" push "dhcp-option WINS 10.8.77.1" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3
Here is my client configuration: -------------------------------- client dev tun proto udp remote myhost 1194 resolv-retry infinite nobind persist-key persist-tun ca "C:\\docs\\vpn\\myhost\\ca.crt" cert "C:\\docs\\vpn\\myhost\\fulop.crt" key "C:\\docs\\vpn\\myhost\\fulop.key" comp-lzo verb 3