[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN IP range

  • Subject: Re: [Openvpn-users] OpenVPN IP range
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Sat, 21 Jul 2007 01:30:22 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID363LgugEd0268X38

First off, this should be a new thread, not a reply to an existing
thread.  In the future it's consider good form to start new threads for
topics that don't relate to topic of another thread.

greek ordono wrote:
> Hi,
> I have question regarding unreliable connection on the client side
> when using lower IP. The client with lower IP disconnect after pinging
> the server.
> Lower IP connection:
> Client eth0            Server
> -->
> Higher IP connection:
> Client eth0
> -->
> I also check the route but they have the same route. There a lot of
> packet drops when using lower IP.

Based on your setup below, you're referring to the IP address of the
physical local adapter of the client.  This has no bearing on OpenVPN at
all, so your issue is probably on your network somewhere.  However, also
see my notes below on what you're trying to do with the VPN routes.


> #
> # Server
> # OS: Trustix 2.2(2.4.34-ltr Kernel)
> # Openvpn: 2.0.5
> local
> port 4911
> proto tcp
> dev tun
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/server.crt
> key /etc/openvpn/keys/server.key
> dh /etc/openvpn/keys/dh1024.pem
> server
> push "route"
> push "redirect-gateway def1"
> push "dhcp-option DNS"
> push "dhcp-option DOMAIN vpntesting"
> keepalive 60 120
> comp-lzo
> verb 6
> mute 20

By pushing a route to the network via the VPN tunnel you're
creating a redundant route since the physical adapter also has an IP and
route to that network.  This is going to lead to odd results depending
on what IP and interface local applications try to use when sending
data.  You can't really test a VPN by also being on the network you're
connecting to for this very reason.  With redirect-gateway, either the
default gateway is overridden (and specific routes are always a higher
priority than the default route) or with the def1 option, the metric is
higher than existing routes, causing the same effect.

I don't think your packet loss has anything to do with the higher verses
lower IP, but either (or both) an issue with the local network (such as
an IP conflict) or just simple routing confusion on the server and/or
subnet clients.


Attachment: signature.asc
Description: OpenPGP digital signature