[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] strage routing problem


  • Subject: Re: [Openvpn-users] strage routing problem
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Thu, 31 Jan 2008 15:13:24 +0000

Hi

Bonno Bloksma wrote:
> Hi,
>  
> I've attaches the message as a txt file as well to make sure all 
> loglines are readable.
>  
> Help, I'm at a loss. There is a lot of information in the mail, I've 
> tried to provide as much relevant information as possible.
> I've been using OpenVPN for several years but this time I'm at a loss. :-(
>  
> I've got several sites, most sites have a /20 network. For all sites but 
> one it works.
> In the server log I can see lot's of lines that tell me:
> Thu Jan 31 14:56:25 2008 linutr/194.109.163.129:63977 MULTI: bad source 
> address from client [172.16.128.98], packet dropped
> Thu Jan 31 14:56:25 2008 linein2/194.109.165.42:63736 MULTI: bad source 
> address from client [172.16.212.212], packet dropped
> Thu Jan 31 14:56:25 2008 linein2/194.109.165.42:63736 MULTI: bad source 
> address from client [172.16.212.26], packet dropped
> Thu Jan 31 14:56:25 2008 linein2/194.109.165.42:63736 MULTI: bad source 
> address from client [172.16.208.107], packet dropped
> Thu Jan 31 14:56:26 2008 linein2/194.109.165.42:63736 MULTI: bad source 
> address from client [172.16.212.207], packet dropped
>  
> Maybe the error is obvious, but in case it isn't, here is "some" ;-) 
> extra info:
>  
> At one site I was still using a ssh prt-redir (ppp) tunnel. The ppp 
> tunnel at that site crashed yesterday and for whatever reason the ppp 
> device refused to be created So...
> Today I wanted to switch that last site over to an OpenVPN (tun) tunnel 
> thinking that might solve the problem.
>  
> Alle client and server machines are Redhat 9 and Fedora versions (Will 
> be Debian in a few months but that is the next project)

> Server uses 172.16.1.64 255.255.255.192 for ip-numbers in the OpenVpn 
> network

> Server resides in 172.16.128.0/24 nertwork and has local ip 172.16.128.10

> The link comes up. Client side gets 172.16.1.101

> Client resides in 172.16.208.0/20 and has, among others, 172.16.208.1

> So ping 172.16.128.10 does work as does ping 172.16.128.3 (another server).

> However, ping 172.16.128.3 -I 172.16.208.1 does not work.

what does tcpdump on tun0 show

do the packets actually go through the tunnel
do they arrive at the server side?
are they forwarded to the respective server interface?
is 172.16.128.3 responding?
looking at the server side are the return packets entering the tunnel
and do they arrive at the client tunnel interface?

Please follow the packet trail :-)

cheers

Erich


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users