[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Connection reset - cannot connect


  • Subject: Re: [Openvpn-users] Connection reset - cannot connect
  • From: "Dawid Ciecierski" <dawid.ciecierski@xxxxxxxxxxxxxx>
  • Date: Sat, 1 Sep 2007 22:22:53 +0100

> > 1) Windows XP client, internal IP 10.77.30.101, connecting through
> > gateway 194.72.81.131. XP firewall turned off entirely, no anti-virus
> > software etc.
> >
> > 2) Small Linux home router / server in another location. It's external
> > IP is 81.6.248.97 (on the ppp0 interface). Internally machines on eth0
> > / LAN are assigned 10.1.1.2 upwards. NAT is in place to allow them to
> > connect to the Internet.
> >  - Port 1194 is opened, verified with tcpdump.
> >  - INPUT and FORWARD on tun+ are set to ACCEPT.
>
> This looks suspicious....
> Sat Aug 18 11:51:51 2007 us=126086   push_list = 'route 10.0.0.0
> 255.0.0.0,redirect-gateway,route 10.8.0.1'
> You should check the netmask here

I just noticed that Sourceforge deleted my original attachments, so
here they are.

The route above is added as the private LAN behind the server I'm
connecting to have IPs from 10.1.1.1, and OpenVPN clients should be
getting 10.8.0.0 and above (look at the configs). As I understand it,
netmask 255.0.0.0 means that clients can take any IP from 10.0.0.0 to
10.255.255.255, so should be ok.

Kind regards.
-- 
David Ciecierski

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs
# Basic settings
client
dev tun
proto tcp
remote 81.6.248.97 1194

# Keys
ca "c:\\keys\\ca.crt"
cert "c:\\keys\\dav.crt"
key "c:\\keys\\dav.key"

verb 6
log client6.log
# Basic settings
dev tun
proto tcp
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

# Route to push to clients
push "route 10.0.0.0 255.0.0.0"
push "redirect-gateway"

# Keys
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 6
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users