[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Configuration problem.


  • Subject: [Openvpn-users] Configuration problem.
  • From: "Jake Solid" <richardsolid@xxxxxxxxx>
  • Date: Tue, 24 Jul 2007 17:12:01 -0400

Hello,

Is there an IRC channel for OpenVPN?

This is the scenario:
================

Remote Client(10.0.0.113 )  <-->  VPNServerEth0(10.0.0.115 )/VPNServerEth1(172.16.0.5) <--> LAN Workstation( 172.16.0.10)


1. I turned OFF the OpenVPN running at 10.0.0.115 for one moment.

2. On host 10.0.0.113 I added the route like this:

route add 172.16.0.0 mask 255.255.255.0 10.0.0.115 metric 2

When I ping from 10.0.0.113 I get replies from

10.0.0.115(server eth0)
172.16.0.5(server eth1)
172.16.0.1 (server tun0)
172.16.0.10 ( workstation inside the 172.16.0.0 network)

3. On host 172.16.0.10 I added the route like this:

route add 10.0.0.0 mask 255.255.255.0 172.16.0.5 metric 2

When I ping from 172.16.0.10 I get replies from

10.0.0.115(server eth0)
172.16.0.5(server eth1)
172.16.0.1(server tun0)
10.0.0.113 ( workstation inside the 10.0.0.0 network)

4. I turned ON the OpenVPN on the server and started the openvpn client on computer 10.0.0.113.

Now I get replies from:

172.16.0.10 ( workstation inside the 172.16.0.0 network)
10.0.0.115(server eth0)


But NOT from the following:

172.16.0.5(server eth1)
172.16.0.1(server tun0)

I do get replies from 172.16.0.10 because I placed that route statically. How can I have the VPN server provide these routes automatically when the client connects?

When I print the route table from machine 10.0.0.113 I get 172.16.0.4 and 172.16.0.5 . Where the IP addresses 172.16.0.4 and 172.16.0.5 are coming from?

Thanks for any assistance.





This is how the route list looks like when I initialize the VPN conection:
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1      10.0.0.113       1
         10.0.0.0    255.255.255.0       10.0.0.113      10.0.0.113       20
       10.0.0.113   255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255       10.0.0.113      10.0.0.113       20
        127.0.0.0        255.0.0.0         127.0.0.1       127.0.0.1       1
       172.16.0.0    255.255.255.0       10.0.0.115      10.0.0.113       2
       172.16.0.1  255.255.255.255       172.16.0.5       172.16.0.6       1
       172.16.0.4  255.255.255.252       172.16.0.6      172.16.0.6       30
       172.16.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   172.16.255.255  255.255.255.255       172.16.0.6      172.16.0.6        30
        224.0.0.0        240.0.0.0       10.0.0.113      10.0.0.113       20
        224.0.0.0        240.0.0.0       172.16.0.6      172.16.0.6       30
  255.255.255.255  255.255.255.255       10.0.0.113      10.0.0.113       1
  255.255.255.255   255.255.255.255       172.16.0.6      172.16.0.6       1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None

This is my ifconfig of the VPN server:
====================
eth0    inet addr:10.0.0.115  Bcast:10.0.0.255  Mask:255.255.255.0
eth1    inet addr:172.16.0.5  Bcast:172.16.0.255  Mask:255.255.255.0
lo      inet addr: 127.0.0.1  Mask:255.0.0.0
tun0    inet addr:172.16.0.1  P-t-P:172.16.0.2  Mask:255.255.255.255
  

This is my server config:
========================

dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret

dh /etc/openvpn/keys/dh1024.pem

server 172.16.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

keepalive 10 120

cipher BF-CBC        # Blowfish (default)

comp-lzo
max-clients 10

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

verb 6

This is my client config:
========================

client

dev tun

proto udp

remote 10.0.0.115 1194

resolv-retry infinite

nobind


persist-key
persist-tun

ca ca.crt
cert rcrane.crt
key rcrane.key

comp-lzo

verb 3

This is the output of my client log:
=======================

Tue Jul 24 16:32:01 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Jul 24 16:32:01 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Jul 24 16:32:01 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 24 16:32:01 2007 LZO compression initialized
Tue Jul 24 16:32:01 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 24 16:32:01 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jul 24 16:32:01 2007 Local Options hash (VER=V4): '41690919'
Tue Jul 24 16:32:01 2007 Expected Remote Options hash (VER=V4): '530fdded'
Tue Jul 24 16:32:01 2007 UDPv4 link local: [undef]
Tue Jul 24 16:32:01 2007 UDPv4 link remote: 10.0.0.115:1194
Tue Jul 24 16:32:01 2007 TLS: Initial packet from 10.0.0.115:1194, sid=df83e7f0 c677b8da
Tue Jul 24 16:32:01 2007 VERIFY OK: depth=1, /C=US/ST=Florida/L=Weston/O=LatPro_Inc/OU=IT/CN=mail1.domain.tld/emailAddress=webmaster@xxxxxxxxxx
Tue Jul 24 16:32:01 2007 VERIFY OK: depth=0, /C=US/ST=Florida/O=LatPro_Inc/OU=IT/CN=mail1.domain.tld/emailAddress=webmaster@xxxxxxxxxx
Tue Jul 24 16:32:01 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 24 16:32:01 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 24 16:32:01 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 24 16:32:01 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 24 16:32:01 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jul 24 16:32:01 2007 [ mail1.domain.tld] Peer Connection Initiated with 10.0.0.115:1194
Tue Jul 24 16:32:02 2007 SENT CONTROL [mail1.domain.tld]: 'PUSH_REQUEST' (status=1)
Tue Jul 24 16:32:02 2007 PUSH: Received control message: 'PUSH_REPLY,route 172.16.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 172.16.0.6 172.16.0.5'
Tue Jul 24 16:32:02 2007 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 24 16:32:02 2007 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 24 16:32:02 2007 OPTIONS IMPORT: route options modified
Tue Jul 24 16:32:02 2007 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{EA522DE2-811E-4403-94E0-B8545EB0BB47}.tap
Tue Jul 24 16:32:02 2007 TAP-Win32 Driver Version 8.4
Tue Jul 24 16:32:02 2007 TAP-Win32 MTU=1500
Tue Jul 24 16:32:02 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.0.6/255.255.255.252 on interface {EA522DE2-811E-4403-94E0-B8545EB0BB47} [DHCP-serv: 172.16.0.5, lease-time: 31536000]
Tue Jul 24 16:32:02 2007 Successful ARP Flush on interface [3] {EA522DE2-811E-4403-94E0-B8545EB0BB47}
Tue Jul 24 16:32:02 2007 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jul 24 16:32:02 2007 Route: Waiting for TUN/TAP interface to come up...
Tue Jul 24 16:32:03 2007 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jul 24 16:32:03 2007 Route: Waiting for TUN/TAP interface to come up...
Tue Jul 24 16:32:05 2007 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jul 24 16:32:05 2007 Route: Waiting for TUN/TAP interface to come up...
Tue Jul 24 16:32:06 2007 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Tue Jul 24 16:32:06 2007 route ADD 172.16.0.0 MASK 255.255.255.0 172.16.0.5
Tue Jul 24 16:32:06 2007 Route addition via IPAPI succeeded
Tue Jul 24 16:32:06 2007 Initialization Sequence Completed



This is the route information of the client once is connected to the VPN:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1      10.0.0.113       1
         10.0.0.0    255.255.255.0       10.0.0.113      10.0.0.113       20
       10.0.0.113  255.255.255.255          127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255       10.0.0.113      10.0.0.113       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.0.0    255.255.255.0       172.16.0.5        172.16.0.6       1
       172.16.0.4  255.255.255.252       172.16.0.6      172.16.0.6       30
       172.16.0.6  255.255.255.255        127.0.0.1       127.0.0.1         30
   172.16.255.255  255.255.255.255       172.16.0.6      172.16.0.6         30
        224.0.0.0        240.0.0.0       10.0.0.113      10.0.0.113       20
        224.0.0.0        240.0.0.0       172.16.0.6      172.16.0.6       30
  255.255.255.255  255.255.255.255       10.0.0.113      10.0.0.113       1
  255.255.255.255    255.255.255.255       172.16.0.6      172.16.0.6       1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None