[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Multiple tunnels and one tap adapter, clients can't connect to eachother.


  • Subject: Re: [Openvpn-users] Multiple tunnels and one tap adapter, clients can't connect to eachother.
  • From: Derek Arnold <darnold@xxxxxxxxxxxxxxx>
  • Date: Tue, 24 Jul 2007 12:41:04 -0500

Nevermind, I got it!  Next time I will read the man page more closely.  
(client-to-client)

Derek Arnold wrote:
> I'm setting up multiple servers out in the wild with OpenVPN tunnels 
> back home, and all is going well.  My setup is one instance of OpenVPN 
> with a tap adapter, and have about 20 Windows servers successfully 
> connected.  They can access the network perfectly alright, except for 
> they can't seem to send packets to or get packets from the other servers 
> connected via VPN.
>
> When I was first setting this up, I was setting up a separate instance 
> per tunnel, and did not have this issue then.  For reference sake, this 
> is FreeBSD with PF and OpenVPN 2.0.9.  My PF ruleset shouldn't be an 
> issue, since the assigned addresses are a part of the network the 
> interface bridged with tap0 is on, and tap0 is set to pass quick.  For 
> reference sake, my server and client configs:
>
> server config:
> dev tap0
> port 1194
> server-bridge 10.56.73.1 255.255.252.0 10.56.73.2 10.56.73.254
> ca /usr/local/etc/openvpn/keys/ca.crt
> cert /usr/local/etc/openvpn/keys/server.crt
> key /usr/local/etc/openvpn/keys/server.key
> dh /usr/local/etc/openvpn/keys/dh1024.pem
> push "dhcp-option DNS 10.56.75.205"
> push "dhcp-option WINS 10.56.75.205"
> comp-lzo
> ping-timer-rem
> persist-tun
> persist-key
> group nobody
> daemon
> verb 3
> status /var/log/openvpn_status.log
> log /var/log/openvpn.log
> client-config-dir client-configs
>
> client config, Windows Server 2003:
>
> client
> dev tap
> proto udp
> remote 209.218.7.212 1194  resolv-retry infinite
> persist-key
> persist-tun
> ca ca.crt
> cert clientname.crt
> key clientname.key
> comp-lzo
> verb 3
> nobind
>
> My question is, is this by design (or as a result of implementation) or 
> have I goofed something up?
>
> Thank you,
> Derek
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users