[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] No router/default gateway after connect.


  • Subject: Re: [Openvpn-users] No router/default gateway after connect.
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Fri, 21 Dec 2007 14:08:38 +0100

Hi Niels,

OK if you can ping the .1 address then your connection is up and 
running. It is quite "normal" that you cannot ping the .5 address, that 
is the same for me. This is an anomaly of the way an OpenVPN connection 
is set up in good ol' Windows.
Can you ping the external interface of the OpenVPN box, i.e. 192.168.1.210 ?
Are you using masquerading or NAT'ting at all? Have you set up a routing 
rule on your internal network such that hosts on your LAN know that all 
traffic intended for 192.168.2.6 has to go through the VPN server 
instead of the default gateway? Esp if you have changed the address of 
your OpenVPN server itself this could cause routing problems,

cheers,

JJK

Niels Peeters wrote:
> Yeah I can ping .1, but can't ping the rest of the network.
> Weird thing is, when I do ipconfig /all I get .5 as DHCP server, but I cant
> ping it....
>
> The OpenVPN server has no firewall, since I filter on the internet router.
> I only accept port 1194 UDP incoming, and it worked with this setting..
>
>
>
> -----Oorspronkelijk bericht-----
> Van: Jan Just Keijser [mailto:janjust@xxxxxxxxx] 
> Verzonden: vrijdag 21 december 2007 12:22
> Aan: Niels Peeters
> CC: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Onderwerp: Re: [Openvpn-users] No router/default gateway after connect.
>
> what happens if you try to ping
>   192.168.2.1
> instead of .5 ?
> also, your client connect log looks fine, so my bet is that you're 
> looking at a firewalling issue.
>
> HTH/groetjes,
>
> JJK
>
> Niels Peeters wrote:
>   
>> Hello,
>>
>> I've got OpenVPN 2.0.6_7 installed on a FreeBSD 6.2-STABLE box and it ran
>> fine for a while.
>> However, since today when I connect a client it doesn't get any default
>> gateway.
>> The only change done is an IP change of the server from 192.168.1.200 to
>> 192.168.1.210.
>> The OpenVPN server pushes the rules, and they get applied proper, but I
>> still cant ping the gateway (192.168.2.5)
>> I've tried Windows client and the OSX client (tunnelblick), both with same
>> result.
>> Normally I could ping 192.168.2.5 and even 192.168.1.210.
>> What could this be all of the sudden?
>> Info below.
>>
>>
>> Net info:
>>
>> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>         options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
>>         inet 192.168.1.210 netmask 0xffffff00 broadcast 192.168.1.255
>>         ether 00:11:85:c4:04:63
>>         media: Ethernet autoselect (100baseTX <full-duplex>)
>>         status: active
>> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>>         inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff
>>         Opened by PID 691
>>
>>
>>
>>
>> Log of a client:
>>
>> Thu Dec 20 21:42:48 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
>>     
> Oct
>   
>> 1 2006
>> Thu Dec 20 21:42:48 2007 IMPORTANT: OpenVPN's default port number is now
>> 1194, based on an official port number assignment by IANA.  OpenVPN
>> 2.0-beta16 and earlier used 5000 as the default port.
>> Thu Dec 20 21:42:48 2007 Control Channel Authentication: using 'ta.key' as
>>     
> a
>   
>> OpenVPN static key file
>> Thu Dec 20 21:42:48 2007 Outgoing Control Channel Authentication: Using
>>     
> 160
>   
>> bit message hash 'SHA1' for HMAC authentication
>> Thu Dec 20 21:42:48 2007 Incoming Control Channel Authentication: Using
>>     
> 160
>   
>> bit message hash 'SHA1' for HMAC authentication
>> Thu Dec 20 21:42:48 2007 LZO compression initialized
>> Thu Dec 20 21:42:48 2007 Control Channel MTU parms [ L:1542 D:166 EF:66
>>     
> EB:0
>   
>> ET:0 EL:0 ]
>> Thu Dec 20 21:42:48 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
>>     
> EB:135
>   
>> ET:0 EL:0 AF:3/1 ]
>> Thu Dec 20 21:42:48 2007 Local Options hash (VER=V4): '504e774e'
>> Thu Dec 20 21:42:48 2007 Expected Remote Options hash (VER=V4): '14168603'
>> Thu Dec 20 21:42:48 2007 UDPv4 link local (bound): [undef]:1194
>> Thu Dec 20 21:42:48 2007 UDPv4 link remote: 192.168.1.210:1194
>> Thu Dec 20 21:42:48 2007 TLS: Initial packet from 192.168.1.210:1194,
>> sid=9beba790 17452984
>> Thu Dec 20 21:42:48 2007 VERIFY OK: depth=1, blahblah
>> Thu Dec 20 21:42:48 2007 VERIFY OK: nsCertType=SERVER
>> Thu Dec 20 21:42:48 2007 VERIFY OK: depth=0, blahblah 
>> Thu Dec 20 21:42:48 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized
>> with 128 bit key
>> Thu Dec 20 21:42:48 2007 Data Channel Encrypt: Using 160 bit message hash
>> 'SHA1' for HMAC authentication
>> Thu Dec 20 21:42:48 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized
>> with 128 bit key
>> Thu Dec 20 21:42:48 2007 Data Channel Decrypt: Using 160 bit message hash
>> 'SHA1' for HMAC authentication
>> Thu Dec 20 21:42:48 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
>> DHE-RSA-AES256-SHA, 1024 bit RSA
>> Thu Dec 20 21:42:48 2007 [Server01] Peer Connection Initiated with
>> 192.168.1.210:1194
>> Thu Dec 20 21:42:49 2007 SENT CONTROL [Server01]: 'PUSH_REQUEST'
>>     
> (status=1)
>   
>> Thu Dec 20 21:42:49 2007 PUSH: Received control message: 'PUSH_REPLY,route
>> 192.168.1.0 255.255.255.0,route 192.168.2.0 255.255.255.0,ping
>> 10,ping-restart 120,ifconfig 192.168.2.6 192.168.2.5'
>> Thu Dec 20 21:42:49 2007 OPTIONS IMPORT: timers and/or timeouts modified
>> Thu Dec 20 21:42:49 2007 OPTIONS IMPORT: --ifconfig/up options modified
>> Thu Dec 20 21:42:49 2007 OPTIONS IMPORT: route options modified
>> Thu Dec 20 21:42:49 2007 TAP-WIN32 device [Local Area Connection 7]
>>     
> opened:
>   
>> \\.\Global\{5EB96B73-7605-4C58-9846-408ED84AB740}.tap
>> Thu Dec 20 21:42:49 2007 TAP-Win32 Driver Version 8.4 
>> Thu Dec 20 21:42:49 2007 TAP-Win32 MTU=1500
>> Thu Dec 20 21:42:49 2007 Notified TAP-Win32 driver to set a DHCP
>>     
> IP/netmask
>   
>> of 192.168.2.6/255.255.255.252 on interface
>> {5EB96B73-7605-4C58-9846-408ED84AB740} [DHCP-serv: 192.168.2.5,
>>     
> lease-time:
>   
>> 31536000]
>> Thu Dec 20 21:42:49 2007 Successful ARP Flush on interface [131076]
>> {5EB96B73-7605-4C58-9846-408ED84AB740}
>> Thu Dec 20 21:42:49 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0
>>     
> u/d=down
>   
>> Thu Dec 20 21:42:49 2007 Route: Waiting for TUN/TAP interface to come
>>     
> up...
>   
>> Thu Dec 20 21:42:51 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0
>>     
> u/d=down
>   
>> Thu Dec 20 21:42:51 2007 Route: Waiting for TUN/TAP interface to come
>>     
> up...
>   
>> Thu Dec 20 21:42:52 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0
>>     
> u/d=down
>   
>> Thu Dec 20 21:42:52 2007 Route: Waiting for TUN/TAP interface to come
>>     
> up...
>   
>> Thu Dec 20 21:42:53 2007 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
>> Thu Dec 20 21:42:53 2007 route ADD 192.168.1.0 MASK 255.255.255.0
>> 192.168.2.5
>> Thu Dec 20 21:42:53 2007 Route addition via IPAPI succeeded
>> Thu Dec 20 21:42:53 2007 route ADD 192.168.2.0 MASK 255.255.255.0
>> 192.168.2.5
>> Thu Dec 20 21:42:53 2007 Route addition via IPAPI succeeded
>> Thu Dec 20 21:42:53 2007 Initialization Sequence Completed
>>
>>
>>
>>
>>
>> Route print @ client:
>>
>> Network Destination        Netmask          Gateway       Interface
>>     
> Metric
>   
>>           0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.64
>>     
> 1
>   
>>         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
>>     
> 1
>   
>>       192.168.1.0    255.255.255.0     192.168.1.64    192.168.1.64
>>     
> 20
>   
>>       192.168.1.0    255.255.255.0      192.168.2.5     192.168.2.6
>>     
> 1
>   
>>      192.168.1.64  255.255.255.255        127.0.0.1       127.0.0.1
>>     
> 20
>   
>>     192.168.1.255  255.255.255.255     192.168.1.64    192.168.1.64
>>     
> 20
>   
>>       192.168.2.0    255.255.255.0      192.168.2.5     192.168.2.6
>>     
> 1
>   
>>       192.168.2.4  255.255.255.252      192.168.2.6     192.168.2.6
>>     
> 30
>   
>>       192.168.2.6  255.255.255.255        127.0.0.1       127.0.0.1
>>     
> 30
>   
>>     192.168.2.255  255.255.255.255      192.168.2.6     192.168.2.6
>>     
> 30
>   
>>         224.0.0.0        240.0.0.0     192.168.1.64    192.168.1.64
>>     
> 20
>   
>>         224.0.0.0        240.0.0.0      192.168.2.6     192.168.2.6
>>     
> 30
>   
>>   255.255.255.255  255.255.255.255     192.168.1.64    192.168.1.64
>>     
> 1
>   
>>   255.255.255.255  255.255.255.255      192.168.2.6     192.168.2.6
>>     
> 1
>   
>> Default Gateway:     192.168.1.254
>>
>>
>>
>>
>>
>> Ipconfig @ client:
>>
>> Ethernet adapter Local Area Connection 7:
>>
>>         Connection-specific DNS Suffix  . :
>>         IP Address. . . . . . . . . . . . : 192.168.2.6
>>         Subnet Mask . . . . . . . . . . . : 255.255.255.252
>>         Default Gateway . . . . . . . . . :
>>
>>
>>
>>
>>
>>
>>
>>   
>>     
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users