[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Bridged connection is successfull but I cannot seethe remote network


  • Subject: Re: [Openvpn-users] Bridged connection is successfull but I cannot seethe remote network
  • From: "Serge Wautier" <serge@xxxxxxxxxxx>
  • Date: Mon, 2 Apr 2007 23:37:37 +0200

Are you sure you're using a bridge? If it were the case, your VPN IP address
should be in the same subnet as your office LAN.

Serge.
http://www.apptranslator.com
 

> -----Original Message-----
> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
> [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of ???
> Sent: lundi 2 avril 2007 20:51
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: [Openvpn-users] Bridged connection is successfull 
> but I cannot seethe remote network
> 
> Hello,
> 
> I successfully established a VPN bridge through internet 
> between my home computer and my office's router. The remote 
> router provides me with an IP address but unfortunately I 
> cannot see the remote network.
> 
> Ping to any address of the 10.8.0.0/24 network fails, except 
> 10.8.0.5 which is the address I obtain from OpenVPN server.
> Ping to any address of the remote network (10.11.12.0/24) fails.
> 
> Also, it does not always completes successfully.
> 
> ---
> 
> Here are some details about my configuration:
> 
> 	[A] Client: Windows XP SP2 with OpenVPN GUI 1.03 and 
> OpenVPN 2.0.9
> 	[B] Client's router: Dlink DWL-524 (wifi)
> 	[C] Server: Linux (OpenWRT 0.9) on a Linksys WRT54GL router
> 	[D] Server's router: the server _is_ the router
> 
> Here are some details about their network connectivity:
> 
> [A]
> 	wifi:
> 	IP Address: 192.168.1.100
> 	Subnet Mask: 255.255.255.0
> 	Default Gateway: 192.168.1.1
> 	vpn:
> 	IP Address: 10.8.0.5
> 	Subnet Mask: 255.255.255.0
> 	Default Gateway: [blank]
> 
> [B]
> 	LAN:
> 	IP Address: 192.168.1.1
> 	Subnet Mask: 255.255.255.0
> 	WAN:
> 	IP Address: xx.xx.xx.xx
> 
> [C]
> 	LAN:
> 	IP Address: 11.12.13.1
> 	Subnet Mask: 255.255.255.0
> 	vpn:
> 	IP Address: 10.8.0.1
> 	Subnet Mask: 255.255.255.0
> 	Default Gateway: [blank]
> 
> [D]
> 	LAN: see [C]
> 	WAN:
> 	IP Address: XX.XX.XX.XX
> 	Subnet Mask: 255.255.255.0
> 
> Here are my configuration files:
> 
> Client:
> 
> 	client
> 	dev tap
> 	proto udp
> 	remote XX.XX.XX.XX 1194
> 	resolv-retry infinite
> 	nobind
> 	tls-client
> 	persist-key
> 	persist-tun
> 	ca ca.crt
> 	cert myself.crt
> 	key myself.key
> 	ns-cert-type server
> 	tls-auth ta.key 1
> 	cipher BF-CBC
> 	verb 2
> 	mute 5
> 
> Server:
> 
> 	local XX.XX.XX.XX
> 	port 1194
> 	proto udp
> 	dev tap
> 	mode server
> 	tls-server
> 	tun-mtu 1500
> 	mssfix
> 	persist-key
> 	persist-tun
> 	ca /etc/openvpn/keys/ca.crt
> 	cert /etc/openvpn/keys/myServer.crt
> 	key /etc/openvpn/keys/myServer.key
> 	dh /etc/openvpn/keys/dh1024.pem
> 	tls-auth /etc/openvpn/keys/ta.key 0
> 	server-bridge 10.8.0.253 255.255.255.0 10.8.0.5 10.8.0.15
> 	client-to-client
> 	keepalive 10 120
> 	cipher BF-CBC
> 	max-clients 15
> 	verb 4
> 	mute 10
> 
> Here is the script that creates TAP devices for use by 
> OpenVPN and bridges them into OpenWRT Bridge
> 
> 	#!/bin/sh
> 	insmod tun
> 	br="br0"
> 	tap="tap0"
> 	for t in $tap; do
> 	    openvpn --mktun --dev $t
> 	done
> 	for t in $tap; do
> 	    brctl addif $br $t
> 	done
> 	for t in $tap; do
> 	    ifconfig $t 0.0.0.0 promisc up
> 	done
> 
> Here is my connection log:
> 
> 	Mon Apr 02 18:51:59 2007 OpenVPN 2.0.9 Win32-MinGW 
> [SSL] [LZO] built on Oct  1 2006
> 	Mon Apr 02 18:51:59 2007 IMPORTANT: OpenVPN's default 
> port number is now 1194, based on an official port number 
> assignment by IANA.  OpenVPN
> 2.0-beta16 and earlier used 5000 as the default port.
> 	Mon Apr 02 18:51:59 2007 Control Channel 
> Authentication: using 'ta.key'
> as a OpenVPN static key file
> 	Mon Apr 02 18:51:59 2007 Outgoing Control Channel 
> Authentication: Using 160 bit message hash 'SHA1' for HMAC 
> authentication
> 	Mon Apr 02 18:51:59 2007 Incoming Control Channel 
> Authentication: Using 160 bit message hash 'SHA1' for HMAC 
> authentication
> 	Mon Apr 02 18:51:59 2007 Control Channel MTU parms [ 
> L:1573 D:166 EF:66 EB:0 ET:0 EL:0 ]
> 	Mon Apr 02 18:51:59 2007 Data Channel MTU parms [ 
> L:1573 D:1450 EF:41
> EB:4 ET:32 EL:0 ]
> 	Mon Apr 02 18:51:59 2007 Local Options hash (VER=V4): '1a647362'
> 	Mon Apr 02 18:51:59 2007 Expected Remote Options hash 
> (VER=V4): '47de3ccc'
> 	Mon Apr 02 18:51:59 2007 UDPv4 link local: [undef]
> 	Mon Apr 02 18:51:59 2007 UDPv4 link remote: XX.XX.XX.XX:1194
> 	Mon Apr 02 18:52:04 2007 VERIFY OK: depth=1, 
> /C=XX/ST=XXX/L=myCity/O=myOrg/CN=myServer/emailAddress=me@mydomain
> 	Mon Apr 02 18:52:04 2007 VERIFY OK: nsCertType=SERVER
> 	Mon Apr 02 18:52:04 2007 VERIFY OK: depth=0, 
> /C=XX/ST=XXX/L=myCity/O=myOrg/CN=myServer/emailAddress=me@mydomain
> 
> The log continues like this when it works:
> 
> 	Mon Apr 02 18:52:04 2007 Data Channel Encrypt: Cipher 'BF-CBC'
> initialized with 128 bit key
> 	Mon Apr 02 18:52:04 2007 Data Channel Encrypt: Using 
> 160 bit message hash 'SHA1' for HMAC authentication
> 	Mon Apr 02 18:52:04 2007 NOTE: --mute triggered...
> 	Mon Apr 02 18:52:04 2007 3 variation(s) on previous 5 
> message(s) suppressed by --mute
> 	Mon Apr 02 18:52:04 2007 [myServer] Peer Connection 
> Initiated with
> XX.XX.XX.XX:1194
> 	Mon Apr 02 18:52:05 2007 TAP-WIN32 device [vpn] opened:
> \\.\Global\{74DB13BF-3271-4001-B7DC-06A38FC7AF7A}.tap
> 	Mon Apr 02 18:52:05 2007 TAP-Win32 MTU=1500
> 	Mon Apr 02 18:52:05 2007 Notified TAP-Win32 driver to 
> set a DHCP IP/netmask of 10.8.0.5/255.255.255.0 on interface 
> {74DB13BF-3271-4001-B7DC-06A38FC7AF7A} [DHCP-serv: 10.8.0.0, 
> lease-time:
> 31536000]
> 	Mon Apr 02 18:52:05 2007 Successful ARP Flush on 
> interface [2] {74DB13BF-3271-4001-B7DC-06A38FC7AF7A}
> 	Mon Apr 02 18:52:07 2007 Initialization Sequence Completed
> 	
> The log continues like this when it fails:
> 
> 	Mon Apr 02 20:20:25 2007 TLS Error: TLS key negotiation 
> failed to occur within 60 seconds (check your network connectivity)
> 	Mon Apr 02 20:20:25 2007 TLS Error: TLS handshake failed
> 	Mon Apr 02 20:20:25 2007 TCP/UDP: Closing socket
> 	Mon Apr 02 20:20:25 2007 SIGUSR1[soft,tls-error] 
> received, process restarting
> 
> Regards,
> 
> --
> Ran Shishen
> 
> 
> --------------------------------------------------------------
> -----------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the 
> chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge
&CID=DEVDEV
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users