[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] L3 VPN routing problem (without type errors)


  • Subject: [Openvpn-users] L3 VPN routing problem (without type errors)
  • From: José Antonio Olivera Ortega <jaoo62@xxxxxx>
  • Date: Thu, 13 Dec 2007 18:41:29 +0100

Hello,

I am triying to set up a L3 VPN between two linux boxes (sercom and 
berglek). Sercom
acts as s vpn server and berglek acts a vpn client. My goal is to 
include some machines
on the client side using a routed VPN in order to comunicate them with 
sercom.

I ping form a machine on the client side and it is unsuccessful.

The vpn server config file (vpnServer.conf )is as follow:

dev tun0
server 10.1.0.0 255.255.255.0
client-config-dir ccd
route 10.2.0.0 255.255.255.0
dh dh1024.pem
ca ca.crt
cert vpnServer.crt
key vpnServer.key
ping 15
verb 3

The ccd folder has a file (vpnClient). This file has just a line:
iroute 10.2.0.0 255.255.255.0

The vpn client config file (vpnClient.conf) is as follow:
dev tun0
client
nobind
ca ca.crt
cert vpnClient.crt
key vpnClient.key
ping 15
verb 3
remote 10.95.88.60

Sercom is configurated as follow:
sercom:~# route -n -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
10.1.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 
tun0
10.95.88.32     0.0.0.0         255.255.255.224 U         0 0          0 
eth0
10.2.0.0        10.1.0.2        255.255.255.0   UG        0 0          0 
tun0
10.1.0.0        10.1.0.2        255.255.255.0   UG        0 0          0 
tun0
0.0.0.0         10.95.88.33     0.0.0.0         UG        0 0          0 
eth0
sercom:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:19:B9:37:63:37
         inet addr:10.95.88.60  Bcast:10.95.88.63  Mask:255.255.255.224

tun0      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
         inet addr:10.1.0.1  P-t-P:10.1.0.2  Mask:255.255.255.255

Berglek is configurated as follow:

berglek:~# route -n -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
10.1.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 
tun0
10.2.0.4        0.0.0.0         255.255.255.255 UH        0 0          0 
eth2
10.95.88.60     192.168.112.2   255.255.255.255 UGH       0 0          0 
eth1
10.1.0.1        10.1.0.5        255.255.255.255 UGH       0 0          0 
tun0
10.2.0.0        0.0.0.0         255.255.255.0   U         0 0          0 
eth2
192.168.112.0   0.0.0.0         255.255.255.0   U         0 0          0 
eth1
10.1.0.0        0.0.0.0         255.255.255.0   U         0 0          0 
tun0
0.0.0.0         10.1.0.1        0.0.0.0         UG        0 0          0 
tun0

berglek:~# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:15:C5:BE:80:D3
          inet addr:192.168.112.71  Bcast:192.168.112.255  
Mask:255.255.255.0

eth2      Link encap:Ethernet  HWaddr 00:18:DE:91:F8:AB
          inet addr:10.2.0.3  Bcast:10.2.0.255  Mask:255.255.255.0

tun0      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.1.0.6  P-t-P:10.1.0.5  Mask:255.255.255.255


Ronin (a machine on the client side)is configurated as follow:

ronin:~# route -n -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
10.2.0.3        0.0.0.0         255.255.255.255 UH        0 0          0 
eth2
10.2.0.0        0.0.0.0         255.255.255.0   U         0 0          0 
eth2
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 
eth2

ronin:~# ifconfig
eth2      Link encap:Ethernet  HWaddr 00:0E:2E:24:85:17
         inet addr:10.2.0.4  Bcast:10.2.0.255  Mask:255.255.255.0

The L3 VPN is establised between berglek and sercom and I can ping and 
also can
can ping between ronin and berglek, where is the problem when I ping 
form ronin to
sercom? can anybody helpe?

I look forward to hearing from you soon.

Respectfully,

Jose Antonio Olivera.

-- 
José Antonio Olivera Ortega
Automóvil Conectado - Telefónica I+D 

Teléfono: 913340330 Ext. 1000
Email: jaoo62@xxxxxx
--

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users