[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] one way tunnel -- what am I doing wrong?


  • Subject: Re: [Openvpn-users] one way tunnel -- what am I doing wrong?
  • From: Todd and Margo Chester <ToddAndMargo@xxxxxxxxxxx>
  • Date: Sat, 30 Jun 2007 13:11:39 -0700

Josh Cepek wrote:
> Todd and Margo Chester wrote:
>> openvpn-2.0.9-gui-1.0.3-install
>> Win XP-Pro, SP2 (both)
>>
>> Hi All,
>>     I am trying to test a tunnel between two
>> computers on a local network.  I am trying to
>> set the server up as a bridge so that other
>> computers on the network can be reached
>> by the client.  The server-bridge's IP addresses
>> are not in the range used by the DHCP server.
>>   
> 
> This won't work.  First of all, you cannot test the VPN with a client
> computer on the same LAN as the destination VPN bridge, because then you
> have 2 identical networks and the VPN won't work without the physical
> network (which won't be reachable because the client will think the VPN
> is how to access that network.)  Second, it looks like you might the
> same problem on your server, which I'll go into details about below.

For the purposes of the test, can I set the client
IP manually to a different network?  Current network
is 192.168.123.0/24.  Would changing the client to
192.168.240.0/24 work?


> 
> It would have been useful if you provided networking details of the
> server including the configuration of the physical adapter and any
> bridge setup.  Based on the information provided here, it looks like you
> may not have actually bridged the tap adapter with a physical adapter,
> which is going to cause problems.  In this scenario, the server has 2
> identical IP addresses on the same network on 2 separate network
> interfaces (the physical interface and the tap interface) and you have
> the same problem I described above: the server will be unable to reach
> one of the 2 networks, and clients will never be able to connect.
> 
> In order to create a bridged setup like your stated goal, you need to
> use your operating system's facility to bridge the tap adapter and the
> physical interface together to form a logical network adapter that
> includes both.  Under Windows XP or higher, you need to select both
> interfaces, right-click, and bridge them together.  Then, set the local
> IP address on the bridged adapter in the OS, which will be the same IP
> you will want to provide in the server-bridge directive in the
> configuration file

The local IP is the same as 192.168.123.20 as in the
server.ovpn's server-bridge rule:
     server-bridge 192.168.123.20 255.255.255.0 192.168.123.50 
192.168.123.90
And, the IP is fixed by its MAC address in the DHCP server.

server network: 192.168.123.0/24.  One network card.  I right clicked
on the physical adapter, then <ctrl> right clicked on the
virtual tap adapter (renamed to "tap-bridge"), then right
clicked again and selected Bridge Connections.

If it helps, these are the directions I followed:
       http://openvpn.net/bridge.html

Specifically:
>When OpenVPN is installed on Windows, it automatically
 >creates a single TAP-Win32 adapter which will be assigned
 >a name like "Local Area Connection 2". Go to the Network
 >Connections control panel and rename it to "tap-bridge".
> 
> Next select tap-bridge and your ethernet adapter with
 >the mouse, right click, and select Bridge Connections.
 >This will create a new bridge adapter icon in the control panel.

Would my client using the same network as the server
be the cause of my problems?

Also, do my ovpn files look correct?
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users