[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Connection reset - cannot connect


  • Subject: Re: [Openvpn-users] Connection reset - cannot connect
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Sun, 02 Sep 2007 08:08:57 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID305LiBNJL0242X38

Dawid Ciecierski wrote:
1) Windows XP client, internal IP 10.77.30.101, connecting through
gateway 194.72.81.131. XP firewall turned off entirely, no anti-virus
software etc.

2) Small Linux home router / server in another location. Internally machines on eth0
/ LAN are assigned 10.1.1.2 upwards.
This looks suspicious....
Sat Aug 18 11:51:51 2007 us=126086   push_list = 'route 10.0.0.0
255.0.0.0,redirect-gateway,route 10.8.0.1'
You should check the netmask here
    

I just noticed that Sourceforge deleted my original attachments, so
here they are.

The route above is added as the private LAN behind the server I'm
connecting to have IPs from 10.1.1.1, and OpenVPN clients should be
getting 10.8.0.0 and above (look at the configs). As I understand it,
netmask 255.0.0.0 means that clients can take any IP from 10.0.0.0 to
10.255.255.255, so should be ok.

You can't push a 10.0.0.0/8 route as you have because your client is given a 10.77.30.101 address on the remote side.  You should never push overlapping routes to clients, so if you push that 10.0.0.0/255.0.0.0 route, you can't connect to the VPN if your computer is on any network in that range.

Either the client's physical default gateway becomes reachable (since it thinks that IP should be contacted over the VPN thus taking down your entire VPN and Internet connection until the VPN times out) or your have a firewall issue blocking some of the traffic, and I suspect the former.

-- 
Josh

Attachment: signature.asc
Description: OpenPGP digital signature