[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] ifconfig-push doesn't give me what I expect


  • Subject: [Openvpn-users] ifconfig-push doesn't give me what I expect
  • From: Alain Williams <addw@xxxxxxxxxxxx>
  • Date: Mon, 9 Jul 2007 18:34:56 +0100

I have set up an OpenVPN on a Linux box (CentOS 4.5, running openvpn 2.0.9).
The client in this case is another Linux box (CentOS 4.5, running openvpn 2.0.9).

I expect the client to have VPN IP 10.200.200.7 and the server 10.200.200.1.
The server is as I expect, the client ends up as 10.200.200.6.

What appears in the system logs on each machine matches what netstat tells me and
is correct for the local end - but wrong for the peer end.

Why:

1) does the client IP address not take on the value given in the ifconfig-push line ?
2) do the values in the log files not match anything for the peer ?

I am confused.

Explanations gratefully received -- particularly for (1).

TIA

**** Diagnostic:

I can connect on the client to the server using IP 10.200.200.1 and 'who' tells me that
I have logged in from 10.200.200.6.

In the system log in the client I see:

	/sbin/ip link set dev tun2 up mtu 1500
	/sbin/ip addr add dev tun2 local 10.200.200.6 peer 10.200.200.5

The command 'netstat -rn' on the client gives:

	Kernel IP routing table
	Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
	10.200.200.1    10.200.200.5    255.255.255.255 UGH       0 0          0 tun2
	10.200.200.5    0.0.0.0         255.255.255.255 UH        0 0          0 tun2


In the system log in the server I see:

	/sbin/ip link set dev tun2 up mtu 1500
	/sbin/ip addr add dev tun2 local 10.200.200.1 peer 10.200.200.2

The command 'netstat -rn' on the server gives:

	Kernel IP routing table
	Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
	10.200.200.2    0.0.0.0         255.255.255.255 UH        0 0          0 tun2
	10.200.200.0    10.200.200.2    255.255.255.0   UG        0 0          0 tun2


(Irrelevant lines removed above)

**** The config files:

On the server I have:

/etc/openvpn/Clients/remoteMachine.example.com:

	ifconfig-push 10.200.200.7 10.200.200.0

/etc/openvpn/Server.conf:
	
	local 192.168.0.2
	port 1194
	proto udp
	dev tun2
	ca ca.crt
	cert server.crt
	key server.key
	dh dh1024.pem
	tls-auth ta.key 0

	server 10.200.200.0 255.255.255.0

	reneg-sec 60
	keepalive 10 120
	ifconfig-pool-persist ipp.txt
	comp-lzo
	cipher BF-CBC        # Blowfish (default)

	user nobody
	group nobody
	persist-key
	persist-tun

	client-config-dir Externalmint-Clients

On remoteMachine.example.com I have in :

/etc/openvpn/Client.conf:

	client
	proto udp
	dev tun2
	nobind
	remote server.example.com 1194

	user nobody
	group nobody
	persist-tun
	persist-key

	ca ca.crt
	cert client.crt
	key client.key
	dh dh1024.pem
	tls-auth ta.key 1

	comp-lzo
	cipher BF-CBC        # Blowfish (default)

	reneg-sec 300
	keepalive 10 120


______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users