[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Multiple tunnels and one tap adapter, clients can't connect to eachother.


  • Subject: Re: [Openvpn-users] Multiple tunnels and one tap adapter, clients can't connect to eachother.
  • From: "Marco Castillo" <mabcastillo@xxxxxxxxx>
  • Date: Tue, 24 Jul 2007 17:06:22 -0600

use the client-to-client directive in your server config file.

Hope this helps

Marco

On 7/24/07, Derek Arnold < darnold@xxxxxxxxxxxxxxx> wrote:
I'm setting up multiple servers out in the wild with OpenVPN tunnels
back home, and all is going well.  My setup is one instance of OpenVPN
with a tap adapter, and have about 20 Windows servers successfully
connected.  They can access the network perfectly alright, except for
they can't seem to send packets to or get packets from the other servers
connected via VPN.

When I was first setting this up, I was setting up a separate instance
per tunnel, and did not have this issue then.  For reference sake, this
is FreeBSD with PF and OpenVPN 2.0.9.  My PF ruleset shouldn't be an
issue, since the assigned addresses are a part of the network the
interface bridged with tap0 is on, and tap0 is set to pass quick.  For
reference sake, my server and client configs:

server config:
dev tap0
port 1194
server-bridge 10.56.73.1 255.255.252.0 10.56.73.2 10.56.73.254
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh1024.pem
push "dhcp-option DNS 10.56.75.205"
push "dhcp-option WINS 10.56.75.205"
comp-lzo
ping-timer-rem
persist-tun
persist-key
group nobody
daemon
verb 3
status /var/log/openvpn_status.log
log /var/log/openvpn.log
client-config-dir client-configs

client config, Windows Server 2003:

client
dev tap
proto udp
remote 209.218.7.212 1194  resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert clientname.crt
key clientname.key
comp-lzo
verb 3
nobind

My question is, is this by design (or as a result of implementation) or
have I goofed something up?

Thank you,
Derek


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users