[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn tunnel suse <-> osX


  • Subject: [Openvpn-users] openvpn tunnel suse <-> osX
  • From: paul <paul@xxxxxxxxxxxxx>
  • Date: Fri, 11 May 2007 00:03:41 +0200

Dear list,

I'm in the process setting up a tunnel between two subnets. The gateway
machines are one suse box (client) and one Mac OS X Tiger (server). I've
installed and configured openvpn 2.09 on both machines and the tunnel
works fine, but I cannot ping the subnets, and the internal gateway IPs
only one way (see below). This is supposed to be a routed setup, no NAT.

Additional steps after setting up openvpn:
  -disable all firewalls
  -enable IP forwarding on both machines

I start running out of ideas, so any help is much appreciated.

thanks
  Paul


Details:

LAN1 (192.168.1.0/24) <-> gw (OS X, 192.168.1.100) <--> gw(suse,
192.168.52.52) <-> LAN2 (192.168.52.0/24)

(suse): ping 10.111.198.1 	WORKS (vpn IP os X)
(suse): ping 192.168.1.100	WORKS (lan IP os X)

(os X): ping 10.111.198.6	WORKS (vpn IP suse)
(os X): ping 192.168.52.52	DOESNT WORK (lan IP suse)

but you can see outgoing packets on os X:

sh-2.05b# tcpdump -i tun0 -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 65535 bytes
15:56:41.510421 IP 10.111.198.1 > 192.168.52.52: icmp 64: echo request seq 0
15:56:42.510207 IP 10.111.198.1 > 192.168.52.52: icmp 64: echo request

the packets are never seen by tcpdump on the suse tun0 iface.


(suse): ping subnet behind os X DOESNT WORK

but packages are seen by os X:
sh-2.05b# tcpdump -i tun0 -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 65535 bytes
16:02:55.709036 IP 10.111.198.6 > 192.168.1.203: icmp 64: echo request seq 1
16:02:56.699464 IP 10.111.198.6 > 192.168.1.203: icmp 64: echo request seq 2


## relevant (I hope) excerpts from config files:

dev tun0
tls-server
client-to-client

mode server
server 10.111.198.0 255.255.255.0
ifconfig-pool-persist ipp.txt

;networks behind clients
route 192.168.52.0 255.255.255.0

;push local network
push "route 192.168.1.0 255.255.255.0"

##client specific config on server:
iroute 192.168.52.0 255.255.255.0


## client config:
client
dev tun
remote xx.xxxxx.xxx 1194
rport 1194 ;redundant?

tls-client
persist-tun
persist-key


mtu-test
tun-mtu 1500
;tun-mtu-extra 32
pull
comp-lzo

== interfaces suse ==
eth0      Link encap:Ethernet  HWaddr 00:30:84:40:8D:68
           inet addr:192.168.52.52  Bcast:192.168.52.255  Mask:255.255.255.0
           inet6 addr: fe80::230:84ff:fe40:8d68/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:19153 errors:0 dropped:0 overruns:0 frame:0
           TX packets:16568 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:6774714 (6.4 Mb)  TX bytes:8514567 (8.1 Mb)
           Interrupt:10 Base address:0x2000

tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           inet addr:10.111.198.6  P-t-P:10.111.198.5  Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
           RX packets:118 errors:0 dropped:0 overruns:0 frame:0
           TX packets:325 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:20848 (20.3 Kb)  TX bytes:26138 (25.5 Kb)


== interfaces os X ==
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         inet6 fe80::230:65ff:fedf:d8de%en0 prefixlen 64 scopeid 0x4
         inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
         ether 00:30:65:df:d8:de
         media: autoselect (100baseTX <full-duplex>) status: active
         supported media: none autoselect 10baseT/UTP <half-duplex>
10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback>
100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX
<full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT
<full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> 1000baseT
<full-duplex,flow-control,hw-loopback>


tun0: flags=8951<UP,POINTOPOINT,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
         inet 10.111.198.1 --> 10.111.198.2 netmask 0xffffffff
         open (pid 16829)


== routing table suse ==
server:/etc/sysconfig # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.111.198.5    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.52.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     10.111.198.5    255.255.255.0   UG    0      0        0 tun0
10.111.198.0    10.111.198.5    255.255.255.0   UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.52.1    0.0.0.0         UG    0      0        0 eth0

== routing table zero ==
zero:/Library/StartupItems/openvpn root# netstat -r

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGSc     1398    12674    en0
10.111.198/24      10.111.198.2       UGSc        5       23   tun0
10.111.198.2       10.111.198.1       UH          4        0   tun0
127                localhost          UCS         0        0    lo0
localhost          localhost          UH         14   577236    lo0
192.168.1.100      localhost          UHS         0     6124    lo0
192.168.1.255      link#4             UHLWb       2      872    en0
192.168.52         10.111.198.2       UGSc        1      141   tun0

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users