[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Bridged connection is successfull but I cannot see the remote network


  • Subject: [Openvpn-users] Bridged connection is successfull but I cannot see the remote network
  • From: ??? <ranshishen@xxxxxxxxx>
  • Date: Mon, 02 Apr 2007 20:51:08 +0200

Hello,

I successfully established a VPN bridge through internet between my home
computer and my office's router. The remote router provides me with an
IP address but unfortunately I cannot see the remote network.

Ping to any address of the 10.8.0.0/24 network fails, except 10.8.0.5
which is the address I obtain from OpenVPN server.
Ping to any address of the remote network (10.11.12.0/24) fails.

Also, it does not always completes successfully.

---

Here are some details about my configuration:

	[A] Client: Windows XP SP2 with OpenVPN GUI 1.03 and OpenVPN 2.0.9
	[B] Client's router: Dlink DWL-524 (wifi)
	[C] Server: Linux (OpenWRT 0.9) on a Linksys WRT54GL router
	[D] Server's router: the server _is_ the router

Here are some details about their network connectivity:

[A]
	wifi:
	IP Address: 192.168.1.100
	Subnet Mask: 255.255.255.0
	Default Gateway: 192.168.1.1
	vpn:
	IP Address: 10.8.0.5
	Subnet Mask: 255.255.255.0
	Default Gateway: [blank]

[B]
	LAN:
	IP Address: 192.168.1.1
	Subnet Mask: 255.255.255.0
	WAN:
	IP Address: xx.xx.xx.xx

[C]
	LAN:
	IP Address: 11.12.13.1
	Subnet Mask: 255.255.255.0
	vpn:
	IP Address: 10.8.0.1
	Subnet Mask: 255.255.255.0
	Default Gateway: [blank]

[D]
	LAN: see [C]
	WAN:
	IP Address: XX.XX.XX.XX
	Subnet Mask: 255.255.255.0

Here are my configuration files:

Client:

	client
	dev tap
	proto udp
	remote XX.XX.XX.XX 1194
	resolv-retry infinite
	nobind
	tls-client
	persist-key
	persist-tun
	ca ca.crt
	cert myself.crt
	key myself.key
	ns-cert-type server
	tls-auth ta.key 1
	cipher BF-CBC
	verb 2
	mute 5

Server:

	local XX.XX.XX.XX
	port 1194
	proto udp
	dev tap
	mode server
	tls-server
	tun-mtu 1500
	mssfix
	persist-key
	persist-tun
	ca /etc/openvpn/keys/ca.crt
	cert /etc/openvpn/keys/myServer.crt
	key /etc/openvpn/keys/myServer.key
	dh /etc/openvpn/keys/dh1024.pem
	tls-auth /etc/openvpn/keys/ta.key 0
	server-bridge 10.8.0.253 255.255.255.0 10.8.0.5 10.8.0.15
	client-to-client
	keepalive 10 120
	cipher BF-CBC
	max-clients 15
	verb 4
	mute 10

Here is the script that creates TAP devices for use by OpenVPN and
bridges them into OpenWRT Bridge

	#!/bin/sh
	insmod tun
	br="br0"
	tap="tap0"
	for t in $tap; do
	    openvpn --mktun --dev $t
	done
	for t in $tap; do
	    brctl addif $br $t
	done
	for t in $tap; do
	    ifconfig $t 0.0.0.0 promisc up
	done

Here is my connection log:

	Mon Apr 02 18:51:59 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
Oct  1 2006
	Mon Apr 02 18:51:59 2007 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
	Mon Apr 02 18:51:59 2007 Control Channel Authentication: using 'ta.key'
as a OpenVPN static key file
	Mon Apr 02 18:51:59 2007 Outgoing Control Channel Authentication: Using
160 bit message hash 'SHA1' for HMAC authentication
	Mon Apr 02 18:51:59 2007 Incoming Control Channel Authentication: Using
160 bit message hash 'SHA1' for HMAC authentication
	Mon Apr 02 18:51:59 2007 Control Channel MTU parms [ L:1573 D:166 EF:66
EB:0 ET:0 EL:0 ]
	Mon Apr 02 18:51:59 2007 Data Channel MTU parms [ L:1573 D:1450 EF:41
EB:4 ET:32 EL:0 ]
	Mon Apr 02 18:51:59 2007 Local Options hash (VER=V4): '1a647362'
	Mon Apr 02 18:51:59 2007 Expected Remote Options hash (VER=V4): '47de3ccc'
	Mon Apr 02 18:51:59 2007 UDPv4 link local: [undef]
	Mon Apr 02 18:51:59 2007 UDPv4 link remote: XX.XX.XX.XX:1194
	Mon Apr 02 18:52:04 2007 VERIFY OK: depth=1,
/C=XX/ST=XXX/L=myCity/O=myOrg/CN=myServer/emailAddress=me@mydomain
	Mon Apr 02 18:52:04 2007 VERIFY OK: nsCertType=SERVER
	Mon Apr 02 18:52:04 2007 VERIFY OK: depth=0,
/C=XX/ST=XXX/L=myCity/O=myOrg/CN=myServer/emailAddress=me@mydomain

The log continues like this when it works:

	Mon Apr 02 18:52:04 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
	Mon Apr 02 18:52:04 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
	Mon Apr 02 18:52:04 2007 NOTE: --mute triggered...
	Mon Apr 02 18:52:04 2007 3 variation(s) on previous 5 message(s)
suppressed by --mute
	Mon Apr 02 18:52:04 2007 [myServer] Peer Connection Initiated with
XX.XX.XX.XX:1194
	Mon Apr 02 18:52:05 2007 TAP-WIN32 device [vpn] opened:
\\.\Global\{74DB13BF-3271-4001-B7DC-06A38FC7AF7A}.tap
	Mon Apr 02 18:52:05 2007 TAP-Win32 MTU=1500
	Mon Apr 02 18:52:05 2007 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 10.8.0.5/255.255.255.0 on interface
{74DB13BF-3271-4001-B7DC-06A38FC7AF7A} [DHCP-serv: 10.8.0.0, lease-time:
31536000]
	Mon Apr 02 18:52:05 2007 Successful ARP Flush on interface [2]
{74DB13BF-3271-4001-B7DC-06A38FC7AF7A}
	Mon Apr 02 18:52:07 2007 Initialization Sequence Completed
	
The log continues like this when it fails:

	Mon Apr 02 20:20:25 2007 TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
	Mon Apr 02 20:20:25 2007 TLS Error: TLS handshake failed
	Mon Apr 02 20:20:25 2007 TCP/UDP: Closing socket
	Mon Apr 02 20:20:25 2007 SIGUSR1[soft,tls-error] received, process
restarting

Regards,

-- 
Ran Shishen

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users