[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Multi-Client Server problem


  • Subject: [Openvpn-users] Multi-Client Server problem
  • From: "Cole" <cole@xxxxxxxxxxxx>
  • Date: Tue, 17 Jul 2007 20:01:33 +0200

Hi.

Ive setup openvpn to run as a multi-client with dynamic ips from a pool. Ive
also written a auth script to handle the username password from the client.
This all works fine, the problem is when the client has connected and
authenticated fine.

Im running these tests on 2 FreeBSD 4.11 boxes and running OpenVPN Version
2.0.6.

My server is running the following command line:
openvpn --dev tun --proto tcp --server 192.168.0.0 255.255.255.0
--auth-user-pass-verify /test via-file --dh
/usr/local/etc/openvpn/keys/dh1024.pem --ca
/usr/local/etc/openvpn/keys/ca.crt --cert
/usr/local/etc/openvpn/keys/server.crt --key
/usr/local/etc/openvpn/keys/server.key --lport 1190
--client-cert-not-required --verb 5

And the client is running this line:
openvpn --dev tun --proto tcp --client --auth-user-pass up.txt --remote
test.server.net --rport 1190 --ca /usr/local/etc/openvpn/keys/ca.crt

Both of the boxes have public ips, and theres no firewall rules blocking the
vpn at all. 

Using these linse, the client connects to the server perfectly fine and
authenticates fine and even gets a proper ip. However, this is where the
problem comes. From either the client or the server, I cannot ping the
remote vpn endpoint.

The server tun device:
tun3: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
        inet 192.168.0.1 --> 192.168.0.2 netmask 0xffffffff

The client tun device:
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet6 fe80::20c:f1ff:feb6:abca%tun1 prefixlen 64 scopeid 0xc 
        inet 192.168.0.10 --> 192.168.0.9 netmask 0xffffffff 
        Opened by PID 33689

The client log:
Tue Jul 17 19:56:16 2007 TUN/TAP device /dev/tun1 opened
Tue Jul 17 19:56:16 2007 /sbin/ifconfig tun1 192.168.0.10 192.168.0.9 mtu
1500 netmask 255.255.255.255 up
add net 192.168.0.1: gateway 192.168.0.9
Tue Jul 17 19:56:16 2007 Initialization Sequence Completed

As you can see, everything connected fine and authentication completed fine.
However now is where the problem comes in, I cannot get a reply to any
request. If I ping the remote end point from the client, I see the following
on both the client and server tun device:

# tcpdump -l -n -i tun1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun1, link-type NULL (BSD loopback), capture size 96 bytes
17:54:24.113934 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 40835,
seq 5632, length 64
17:54:25.123957 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 40835,
seq 5888, length 64
17:54:26.169340 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 40835,
seq 6144, length 64
17:54:27.143516 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 40835,
seq 6400, length 64
17:54:28.549388 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 40835,
seq 6656, length 64
17:54:29.181950 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 40835,
seq 6912, length 64

As you can see, the server is receiving the icmp request, but its not
replying to it. I found out that if i run the following line:
# ifconfig tun1 alias 192.168.0.9 192.168.0.10

Then the ping starts working, and I can even ping 192.168.0.1. This is the
output of tcpdump running on server now after running the ifconfig alias
line:
# tcpdump -l -n -i tun1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun1, link-type NULL (BSD loopback), capture size 96 bytes
17:56:28.739707 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 42627,
seq 0, length 64
17:56:28.739727 IP 192.168.0.9 > 192.168.0.10: ICMP echo reply, id 42627,
seq 0, length 64
17:56:29.509003 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 42627,
seq 256, length 64
17:56:29.509023 IP 192.168.0.9 > 192.168.0.10: ICMP echo reply, id 42627,
seq 256, length 64
17:56:30.803112 IP 192.168.0.10 > 192.168.0.9: ICMP echo request, id 42627,
seq 512, length 64
17:56:30.803132 IP 192.168.0.9 > 192.168.0.10: ICMP echo reply, id 42627,
seq 512, length 64


Any help or suggestions would be appreciated.

Regards
/Cole

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users