[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping


  • Subject: Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping
  • From: Tavin Cole <tavin.cole@xxxxxxxxx>
  • Date: Sat, 12 Jan 2008 18:22:51 -0500

i couldn't get it to work at all until i set topology subnet (i.e. the
first client couldn't ping across the tunnel).  otherwise i would say
no, it's not required ;)

but i do need a topology that works with windows as well as nix clients.

thanks

Jan Just Keijser wrote:
> Is the 'topology subnet' thing required for your setup? Have you tried
> it without? If it works without 'topology subnet' and does not work
> with that option that would make troubleshooting a heck of a lot easier.
>
> HTH,
>
> JJK
>
> Tavin Cole wrote:
>> Greetings,
>>
>> I'm attaching server and client config files for a setup that has worked
>> flawlessly during testing with a single client.  We're using subnet
>> topology.  All hosts on the server-side LAN have been accessible.
>>
>> I have found that when a second client connects, regardless of whether
>> it's from behind the same NAT or an entirely different location, that
>> second client cannot ping the OpenVPN server endpoint (10.8.0.1), nor
>> any hosts on the server-side LAN.  However the second client seems to
>> get all the routing table entries it's supposed to and its interface
>> seems to get configured correctly (10.8.0.3 netmask 255.255.255.0).  I
>> haven't been able to spot any errors in the log files on either side;
>> TLS negotiations work and the options get pushed to the client.
>>
>> It hasn't made any difference whether the clients involved are Linux
>> or XP.
>>
>> We are using separate certs for each client.
>>
>> Any ideas?
>>
>> Thanks!
>>
>>  
>> ------------------------------------------------------------------------
>>
>> remote x.x.x.x
>> ns-cert-type server
>>
>> client
>> nobind
>>
>> dev tun
>> comp-lzo
>> keepalive 11 121
>> ping-timer-rem
>> persist-key
>> persist-tun
>>
>> ca ca.crt
>> cert client.crt
>> key client.key
>> tls-auth ta.key 1
>>
>>  
>> ------------------------------------------------------------------------
>>
>> server 10.8.0.0 255.255.255.0
>> topology subnet
>>
>> push "route 192.168.1.0 255.255.255.0"
>> push "dhcp-option DNS 192.168.1.2"
>> push "dhcp-option WINS 192.168.1.2"
>> push "dhcp-option DOMAIN x.y.com"
>>
>> dev tun
>> comp-lzo
>> keepalive 11 121
>> ping-timer-rem
>> persist-key
>> persist-tun
>>
>> ca ca.crt
>> cert server.crt
>> key server.key
>> dh dh1024.pem
>> tls-auth ta.key 0
>>
>> status openvpn-status.log
>> verb 4
>>
>>  
>
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users