[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] route not being pushed to client


  • Subject: Re: [Openvpn-users] route not being pushed to client
  • From: Yan Seiner <yan@xxxxxxxxxx>
  • Date: Wed, 07 Nov 2007 07:13:17 -0800

David Balazic wrote:
> Does the client run with administrator rights ?
>  
> I believe this line in the server config is unneeded :
> push "route 192.168.141.0 255.255.255.0"

We've checked - it runs with administrator rights (it can create the tap 
device) and I've removed teh offending line; no joy.  Tunnel is created, 
no traffic flows, no gateway for tap device.

:-(

Do we need to add route-delay 60 or something to the client?

Is there a script or something we can use to create it 'by hand' after 
the connection is up?

--Yan

>  
> Regards,
> David
>
> *From:* openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Yan 
> Seiner
> *Sent:* Wed 07-Nov-07 03:41
> *To:* openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> *Cc:* Johan Niemand
> *Subject:* [Openvpn-users] route not being pushed to client
>
> We're trying to bridge a linux box to a windows road warrior.
>
> We need to bridge because of some software on the road warrior that
> won't work with routed networks.
>
> So far we've established the tunnel and we can get an IP, but no data
> flows.  No pings, no nothing.
>
> We've figured out that this is most likely due to to gateway not being
> pushed to the client.  I've posted a screenshot at
> http://www.seiner.com/screenshot.png
>
>  From the manpage,
>
>        server-bridge gateway netmask pool-start-IP pool-end-IP
>
>               For example,  server-bridge  10.8.0.4  255.255.255.0 
> 10.8.0.128
>               10.8.0.254 expands as follows:
>
>               mode server
>               tls-server
>
>               ifconfig-pool 10.8.0.128 10.8.0.254 255.255.255.0
>               push "route-gateway 10.8.0.4"
>
> So the client should get a default route of 10.8.0.4
>
> On our system, the route for the tap interface is set but the default
> gateway for the tap adapter remains empty, and the default route is set
> to the physical NIC.
>
> Can anyone suggest what we need to set, for either the client or the 
> server?
>
> Server conf:
> port 1194
> proto tcp
> dev tap
> ca /etc/openvpn/easy-rsa/keys/ca.crt
> cert /etc/openvpn/easy-rsa/keys/server.crt
> key /etc/openvpn/easy-rsa/keys/server.key
> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> ifconfig-pool-persist ipp.txt
> server-bridge 192.168.141.3 255.255.255.0 192.168.141.120 192.168.141.127
> push "route 192.168.141.0 255.255.255.0"
> keepalive 10 120
> comp-lzo
> persist-key
> status openvpn-status.log
> verb 3
>
> client conf:
> client
> dev tap
> proto tcp
> remote x.x.x.x 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca ca.crt
> cert tiffini.crt
> key tiffini.key
> comp-lzo
> verb 3
>
> Thanks,
>
> --Yan
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> !DSPAM:473174ed241271804284693! 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users