[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Client can't reach route-gateway


  • Subject: Re: [Openvpn-users] Client can't reach route-gateway
  • From: Phusion <phusion2k@xxxxxxxxx>
  • Date: Thu, 1 Nov 2007 14:58:25 -0500

On 10/26/07, David Balazic <David.Balazic@xxxxxxxxxxxxxxxxxx> wrote:
>
>
>
> Hi!
>
> The line :
> push "route-gateway 192.168.1.2"
> is wrong and unnecessary, the gateway is set automatically in TUN mode.
>
> David
>
>  ________________________________
>  From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on
> behalf of Phusion
> Sent: Fri 26-Oct-07 15:56
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: [Openvpn-users] Client can't reach route-gateway
>
>
>
>
> I have OpenVPN 2.0.6 running on a FreeBSD 6-STABLE server. I have it
> set where the external Windows XP client can connect to the VPN, but
> get the following messages in the status log on the client side.
>
> -----client status log-----
> Wed Oct 24 11:47:23 2007 [VPN-server] Peer Connection Initiated with
> x.x.x.x:1194
> Wed Oct 24 11:47:25 2007 SENT CONTROL [VPN-server]: 'PUSH_REQUEST'
> (status=1)
> Wed Oct 24 11:47:25 2007 PUSH: Received control message:
> 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway
> 192.168.1.2,dhcp-option WINS 192.168.1.20,dhcp-option DNS
> 192.168.1.20,dhcp-option DOMAIN test.local,route 10.8.0.1,ping
> 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
> Wed Oct 24 11:47:25 2007 OPTIONS IMPORT: timers and/or timeouts modified
> Wed Oct 24 11:47:25 2007 OPTIONS IMPORT: --ifconfig/up options modified
> Wed Oct 24 11:47:25 2007 OPTIONS IMPORT: route options modified
> Wed Oct 24 11:47:25 2007 OPTIONS IMPORT: --ip-win32 and/or
> --dhcp-option options modified
> Wed Oct 24 11:47:25 2007 TAP-WIN32 device [VPN] opened:
> \\.\Global\{63EAE761-89A8-4CDC-9EC2-88D199B99453}.tap
> Wed Oct 24 11:47:25 2007 TAP-Win32 Driver Version 8.4
> Wed Oct 24 11:47:25 2007 TAP-Win32 MTU=1500
> Wed Oct 24 11:47:25 2007 Notified TAP-Win32 driver to set a DHCP
> IP/netmask of 10.8.0.6/255.255.255.252 on interface
> {63EAE761-89A8-4CDC-9EC2-88D199B99453} [DHCP-serv:
> 10.8.0.5,
> lease-time: 31536000]
> Wed Oct 24 11:47:25 2007 Successful ARP Flush on interface [3]
> {63EAE761-89A8-4CDC-9EC2-88D199B99453}
> Wed Oct 24 11:47:25 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
> Wed Oct 24 11:47:25 2007 Route: Waiting for TUN/TAP interface to come up...
> Wed Oct 24 11:47:26 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
> Wed Oct 24 11:47:26 2007 Route: Waiting for TUN/TAP interface to come up...
> Wed Oct 24 11:47:28 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
> Wed Oct 24 11:47:28 2007 Route: Waiting for TUN/TAP interface to come up...
> ...
> ...
> ...
> Wed Oct 24 11:47:55 2007 TEST ROUTES: 0/2 succeeded len=2 ret=0 a=0 u/d=up
> Wed Oct 24 11:47:55 2007 route ADD 192.168.1.0 MASK 255.255.255.0
> 192.168.1.2
> Wed Oct 24 11:47:55 2007 Warning: route gateway is not reachable on
> any active network adapters: 192.168.1.2
> Wed Oct 24 11:47:55 2007 Route addition via IPAPI failed
> Wed Oct 24 11:47:55 2007 route ADD 10.8.0.1 MASK 255.255.255.255 192.168.1.2
> Wed Oct 24 11:47:55 2007 Warning: route gateway is not reachable on
> any active network adapters: 192.168.1.2
> Wed Oct 24 11:47:55 2007 Route addition via IPAPI failed
> Wed Oct 24 11:47:55 2007 Initialization Sequence Completed With Errors
> ( see http://openvpn.net/faq.html#dhcpclientserv )
> -----client status log-----
>
> The VPN server has the IP address of 192.168.1.61. Our network has the
> following subnets: 192.168.1.0, 192.168.2.0, 192.168.10.0,
> 192.168.40.0, 192.168.101.0, 192.168.102.0, 192.168.103.0,
> 192.168.104.0. Below are copies of the server and client config files.
>
> -----openvpn.conf-----
> dev tun
> comp-lzo
> port 1194
> proto udp
> ping-timer-rem
> persist-tun
> persist-key
> dh /usr/local/etc/openvpn/keys/dh1024.pem
> ca /usr/local/etc/openvpn/keys/ca.crt
> cert /usr/local/etc/openvpn/keys/VPN-server.crt
> key /usr/local/etc/openvpn/keys/VPN-server.key
> keepalive 10 60
> group nobody
> daemon
> server 10.8.0.0 255.255.255.0
> push "route 192.168.1.0 255.255.255.0"
> push "route-gateway 192.168.1.2"
> push "dhcp-option WINS 192.168.1.20"
> push "dhcp-option DNS 192.168.1.20"
> push "dhcp-option DOMAIN test.local"
> ifconfig-pool-persist ips.txt 60
> plugin /usr/local/lib/openvpn-auth-ldap.so
> /usr/local/etc/openvpn/auth-ldap.conf
> -----openvpn.conf-----
>
> -----vpn.ovpn-----
> client
> remote x.x.x.x 1194
> dev tun
> comp-lzo
> ca ca.crt
> cert VPN-client.crt
> key VPN-client.key
> verb 3
> auth-user-pass
> nobind
> -----vpn.ovpn-----
>
> >From the client status log it looks like there is a problem with the
> server configuration.
>
> Phusion
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
>

David,

After making the suggested change I am able to connect in and
communicate with the devices on the 192.168.1.0 network. Do I need to
make any changes to communicate with the 192.168.2.0, 10.0 and 40.0
network. Another question I have is the host-based firewall
configuration on the OpenVPN server. I have the following enabled on
the FreeBSD 6.X-STABLE server.

-----rc.conf.local-----
gateway_enable="YES"
----------------------------

-----pf.conf-----
ext_if = "fxp0"
network = "192.168.0.0/16"
set loginterface $ext_if
scrub in  on $ext_if all
scrub out on $ext_if all random-id
rdr on $ext_if inet proto tcp from $network to any port 21 ->
127.0.0.1 port 8021
pass in  all
pass out all
--------------------

I would appreciate any suggestions. Thanks.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users