[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping


  • Subject: Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Sun, 13 Jan 2008 03:01:37 +0100

OK then plz remove the 'topology subnet' line from the server config, 
restart the server and post the log file of an unsuccessful client 
login. Note that the default mode is 'net30' which means that each 
client is assigned a /30 subnet. The server is always reachable at 
10.8.0.1 for your config file. The first client would be 10.8.0.6 ; you 
will not be able to ping the other 'endpoint', 10.8.0.5, but 10.8.0.1 
should definitely be reachable.

HTH,

JJK


Tavin Cole wrote:
> i couldn't get it to work at all until i set topology subnet (i.e. the
> first client couldn't ping across the tunnel).  otherwise i would say
> no, it's not required ;)
>
> but i do need a topology that works with windows as well as nix clients.
>
> thanks
>
> Jan Just Keijser wrote:
>   
>> Is the 'topology subnet' thing required for your setup? Have you tried
>> it without? If it works without 'topology subnet' and does not work
>> with that option that would make troubleshooting a heck of a lot easier.
>>
>> HTH,
>>
>> JJK
>>
>> Tavin Cole wrote:
>>     
>>> Greetings,
>>>
>>> I'm attaching server and client config files for a setup that has worked
>>> flawlessly during testing with a single client.  We're using subnet
>>> topology.  All hosts on the server-side LAN have been accessible.
>>>
>>> I have found that when a second client connects, regardless of whether
>>> it's from behind the same NAT or an entirely different location, that
>>> second client cannot ping the OpenVPN server endpoint (10.8.0.1), nor
>>> any hosts on the server-side LAN.  However the second client seems to
>>> get all the routing table entries it's supposed to and its interface
>>> seems to get configured correctly (10.8.0.3 netmask 255.255.255.0).  I
>>> haven't been able to spot any errors in the log files on either side;
>>> TLS negotiations work and the options get pushed to the client.
>>>
>>> It hasn't made any difference whether the clients involved are Linux
>>> or XP.
>>>
>>> We are using separate certs for each client.
>>>
>>> Any ideas?
>>>
>>> Thanks!
>>>
>>>  
>>> ------------------------------------------------------------------------
>>>
>>> remote x.x.x.x
>>> ns-cert-type server
>>>
>>> client
>>> nobind
>>>
>>> dev tun
>>> comp-lzo
>>> keepalive 11 121
>>> ping-timer-rem
>>> persist-key
>>> persist-tun
>>>
>>> ca ca.crt
>>> cert client.crt
>>> key client.key
>>> tls-auth ta.key 1
>>>
>>>  
>>> ------------------------------------------------------------------------
>>>
>>> server 10.8.0.0 255.255.255.0
>>> topology subnet
>>>
>>> push "route 192.168.1.0 255.255.255.0"
>>> push "dhcp-option DNS 192.168.1.2"
>>> push "dhcp-option WINS 192.168.1.2"
>>> push "dhcp-option DOMAIN x.y.com"
>>>
>>> dev tun
>>> comp-lzo
>>> keepalive 11 121
>>> ping-timer-rem
>>> persist-key
>>> persist-tun
>>>
>>> ca ca.crt
>>> cert server.crt
>>> key server.key
>>> dh dh1024.pem
>>> tls-auth ta.key 0
>>>
>>> status openvpn-status.log
>>> verb 4
>>>
>>>  
>>>       

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users