[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Not able to Ping - Newbie Question

  • Subject: Re: [Openvpn-users] Not able to Ping - Newbie Question
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Mon, 17 Jul 2006 09:05:54 -0500

Vishal Abrol wrote:
>   What I want to do is to setup openVPN server at 'LOC-B' at my static IP
> '61.XXX.XXX.XXX'. only IP allowed on 'LOC-A' server will be openVPN Server's
> IP. Anybody who wants to connect to 'LOC-A' will have to connect to openVPN
> server at 'LOC-B' and openVPN will provide them an internal IP address from
> range configured through openVPN. Also once they are connected to openVPN,
> they should be able to browse the internet.

Use IP masquerading on your OpenVPN server (which makes more sense 
configured w/ tun rather than tap), such that all packets from VPN 
clients will have the source IP of the VPN server.

> For now, I am testing with 2 XP machine. I installed & configured openVPN
> server with bridging. Once I connect to openVPN server through client, I get
> an IP 
> IP :
> Subnet:
> Gateway:
> DNS server: (pushed thru dhcp-options)
> After the connection, I am not able to browse the internet or connect to our
> servers at 'LOC-A'. From the client machine, I am not even able to ping
> or or I disabled all the firewalls but still no 
> ping reply.

First, make sure your bridge is working: Use ethereal, tcpdump or 
similar tools to determine whether packets sent in the tap adapter on 
one side of your VPN client make it out the other side; then, use the 
same tools to determine whether those packets make it onto the Ethernet 
interface you're attempting to bridge to.

That said -- I still advise that you switch from bridging to routing 
with a masquerade rule, given your initial statement of requirements.

OpenVPN mailing lists