[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping


  • Subject: Re: [Openvpn-users] 2.1rc4 server mode: second client can't ping
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Fri, 18 Jan 2008 03:33:00 +0100

Hi,

looked at the log files and everything looks fine but all the way at the 
end it dies: The client gets an interrupt system call (don't know why) 
and decides to break the connection:
  us=396496 event_wait : Interrupted system call (code=4)

don't know what caused this and I must add that I have never seen this 
myself.
I did notice that your openvpn server is running a) windows and b) 
routing&remote access. Try disabling the routing&remote access service.
Other than that, I am clueless (you could try long-shots such as 
downgrading the server to 2.0.9).

cheers,

JJK

Tavin Cole wrote:
> ok, i have attached client and server log files at verbosity 6 for a
> session using net30 topology.  this was identical to my subnet topology
> setup in every other way.
>
> i started the server and client, waited, did ping -c 2 10.8.0.1 from the
> client, waited, and then stopped them.  no ping replies were received.
>
> thanks!
>
> Jan Just Keijser wrote:
>   
>> OK then plz remove the 'topology subnet' line from the server config,
>> restart the server and post the log file of an unsuccessful client
>> login. Note that the default mode is 'net30' which means that each
>> client is assigned a /30 subnet. The server is always reachable at
>> 10.8.0.1 for your config file. The first client would be 10.8.0.6 ;
>> you will not be able to ping the other 'endpoint', 10.8.0.5, but
>> 10.8.0.1 should definitely be reachable.
>>
>> HTH,
>>
>> JJK
>>
>>
>> Tavin Cole wrote:
>>     
>>> i couldn't get it to work at all until i set topology subnet (i.e. the
>>> first client couldn't ping across the tunnel).  otherwise i would say
>>> no, it's not required ;)
>>>
>>> but i do need a topology that works with windows as well as nix clients.
>>>
>>> thanks
>>>
>>> Jan Just Keijser wrote:
>>>  
>>>       
>>>> Is the 'topology subnet' thing required for your setup? Have you tried
>>>> it without? If it works without 'topology subnet' and does not work
>>>> with that option that would make troubleshooting a heck of a lot
>>>> easier.
>>>>
>>>> HTH,
>>>>
>>>> JJK
>>>>
>>>> Tavin Cole wrote:
>>>>    
>>>>         
>>>>> Greetings,
>>>>>
>>>>> I'm attaching server and client config files for a setup that has
>>>>> worked
>>>>> flawlessly during testing with a single client.  We're using subnet
>>>>> topology.  All hosts on the server-side LAN have been accessible.
>>>>>
>>>>> I have found that when a second client connects, regardless of whether
>>>>> it's from behind the same NAT or an entirely different location, that
>>>>> second client cannot ping the OpenVPN server endpoint (10.8.0.1), nor
>>>>> any hosts on the server-side LAN.  However the second client seems to
>>>>> get all the routing table entries it's supposed to and its interface
>>>>> seems to get configured correctly (10.8.0.3 netmask 255.255.255.0).  I
>>>>> haven't been able to spot any errors in the log files on either side;
>>>>> TLS negotiations work and the options get pushed to the client.
>>>>>
>>>>> It hasn't made any difference whether the clients involved are Linux
>>>>> or XP.
>>>>>
>>>>> We are using separate certs for each client.
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> Thanks!
>>>>>
>>>>>  
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> remote x.x.x.x
>>>>> ns-cert-type server
>>>>>
>>>>> client
>>>>> nobind
>>>>>
>>>>> dev tun
>>>>> comp-lzo
>>>>> keepalive 11 121
>>>>> ping-timer-rem
>>>>> persist-key
>>>>> persist-tun
>>>>>
>>>>> ca ca.crt
>>>>> cert client.crt
>>>>> key client.key
>>>>> tls-auth ta.key 1
>>>>>
>>>>>  
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> server 10.8.0.0 255.255.255.0
>>>>> topology subnet
>>>>>
>>>>> push "route 192.168.1.0 255.255.255.0"
>>>>> push "dhcp-option DNS 192.168.1.2"
>>>>> push "dhcp-option WINS 192.168.1.2"
>>>>> push "dhcp-option DOMAIN x.y.com"
>>>>>
>>>>> dev tun
>>>>> comp-lzo
>>>>> keepalive 11 121
>>>>> ping-timer-rem
>>>>> persist-key
>>>>> persist-tun
>>>>>
>>>>> ca ca.crt
>>>>> cert server.crt
>>>>> key server.key
>>>>> dh dh1024.pem
>>>>> tls-auth ta.key 0
>>>>>
>>>>> status openvpn-status.log
>>>>> verb 4
>>>>>
>>>>>  
>>>>>       
>>>>>           
>> ------------------------------------------------------------------------
>>
>> remote x.x.x.x
>> ns-cert-type server
>>
>> client
>> nobind
>>
>> dev tun
>> comp-lzo
>> keepalive 11 121
>> ping-timer-rem
>> persist-key
>> persist-tun
>>
>> ca ca.crt
>> cert client.crt
>> key client.key
>> tls-auth ta.key 1
>>
>> verb 6
>>
>>     
>> ------------------------------------------------------------------------
>>
>> server 10.8.0.0 255.255.255.0
>>
>> push "route 192.168.1.0 255.255.255.0"
>> push "dhcp-option DNS 192.168.1.2"
>> push "dhcp-option WINS 192.168.1.2"
>> push "dhcp-option DOMAIN x.x.com"
>>
>> dev tun
>> comp-lzo
>> keepalive 11 121
>> ping-timer-rem
>> persist-key
>> persist-tun
>>
>> ca ca.crt
>> cert server.crt
>> key server.key
>> dh dh1024.pem
>> tls-auth ta.key 0
>>
>> status ..\\log\\openvpn-status.log
>> verb 6
>>
>>     

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users