[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Fwd: Re: [Openvpn-users] Re: openvpn and ccd]


  • Subject: Re: [Fwd: Re: [Openvpn-users] Re: openvpn and ccd]
  • From: "BlaaT 0001" <blaat0001@xxxxxxxxx>
  • Date: Fri, 14 Apr 2006 15:23:14 +0200

Your config files look pretty much OK.

The IP of your OpenVPN server is 192.168.2.254 right?

This should reflect in your config file.

> now i'm using tap to test
>
> my config file on server side (comments in french)
> ************************************************************************************************************************
> local <ip>            # ip publique du serveur
> port 1194
> proto udp
>
> dev tap                    # type interface = tap (layer2)

dev tap0 to avoid any conflicts with other TAP devices (if any exist)

> tun-mtu 1500
> mssfix                      # ?? link with tun-mtu ??
>
> persist-key
> persist-tun
> ca /etc/openvpn/tls/cacert.pem        # certificat de l'autorité de
> certification
> cert /etc/openvpn/tls/vpn.pierre.crt    # certificat du serveur
> key /etc/openvpn/tls/vpn.pierre.key    # clé privé du serveur
> dh /etc/openvpn/tls/dh1024.pem        # clé DH pour initialisation du tunnel
>
> server-bridge 192.168.2.253 255.255.255.0 192.168.2.5 192.168.2.15

This should state the IP of your OpenVPN server LAN IP (eth0/tap0
share the same IP 192.168.2.254)
server-bridge 192.168.2.254 255.255.255.0 192.168.2.5 192.168.2.15


> ifconfig-pool-persist /etc/openvpn/jail/log/ipp.txt    # fichier
> contenant les attributions Common Name/IP
> client-to-client            # autorise les clients à se voir entre eux
>
> keepalive 10 120
> cipher BF-CBC                # chiffrement Blowfish
> comp-lzo                # compression des données => meilleures perfs
>
> max-clients 15
> user nobody
> group nogroup
>
> chroot /etc/openvpn/jail/log/
> status /etc/openvpn/jail/log/status_bridged.log
> log-append /etc/openvpn/jail/log/openvpn_bridged.log
>
> verb 4
> mute 10
> ********************************************************************************************************************************
>
> i found it on the web http://www.nbs-system.com/article/openvpn2_howto
> i don't know why when the server push the route-gw to the client i don't
> see it in the client route.
>
This is a snip for the man page:

Finally, set aside a IP range in the bridged subnet, denoted by
pool-start-IP and pool-end-IP, for OpenVPN to allocate to connecting
clients.

For example, server-bridge 10.8.0.4 255.255.255.0 10.8.0.128
10.8.0.254 expands as follows:

mode server
tls-server

ifconfig-pool 10.8.0.128 10.8.0.254 255.255.255.0
push "route-gateway 10.8.0.4"


******************************
It shows that the "PUSH-REPLY" mentioned earlier in your log files is
correct with the supplied config file.

Change the server-bridge directive as mentioned above. Than you should
be able to ping the 192.168.2.254 address.

How are you connecting to the OpenVPN server? Does it reside on the
same LAN? Is your client PC on the 192.168.2.0/24 network as well? If
this is the case it's hard to see if traffic is really flowing over
the VPN link or just over your ordinary LAN connection.

Cheers,

BlaaT


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users