[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN client can only reached by OpenVPN serveritself


  • Subject: Re: [Openvpn-users] OpenVPN client can only reached by OpenVPN serveritself
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 6 Feb 2008 11:28:49 +0100

It seems the Echo packets never reach the VM guest.
Try sniffing for them on the VM host.

Also sniff a "ping .10.1" , for comparison.

"Follow the packets..." ;-)


> -----Original Message-----
> From: Frank [mailto:openvpn@xxxxxxxxxxxxxxxx] 
> Sent: Wednesday, February 06, 2008 10:55 AM
> To: David Balazic
> Subject: Re: [Openvpn-users] OpenVPN client can only reached 
> by OpenVPN serveritself
> 
> Yes, that is really weird.
> 
> I hope I did it right... ;)
> 
> 192.168.10.50:# ping 192.168.10.5
> 
> router-vm:~# tshark -i br0 -f 'host 192.168.10.50'
> Capturing on br0
>   6.134509 00:1a:92:06:a3:c4 -> Broadcast    ARP Who has 
> 192.168.10.5?  
> Tell 192.168.10.50
>   6.221588 c6:50:4b:e9:cf:bb -> 00:1a:92:06:a3:c4 ARP 
> 192.168.10.5 is at 
> c6:50:4b:e9:cf:bb
> 
> 
> 
> 192.168.10.50:# ping 192.168.20.5
> 
> router-vm:~# tshark -i br0 -f 'host 192.168.10.50'
> Capturing on br0
> 15.064024 192.168.10.50 -> 192.168.20.5 ICMP Echo (ping) request
>  15.064264 192.168.10.50 -> 192.168.20.5 ICMP Echo (ping) request
>  15.116495 192.168.20.5 -> 192.168.10.50 ICMP Echo (ping) reply
>  15.116570 192.168.20.5 -> 192.168.10.50 ICMP Echo (ping) reply
> 
> 
> router-vm:~# arp -a
> hex.local (192.168.10.5) auf C6:50:4B:E9:CF:BB [ether] auf br0
> naxxramas.local (192.168.10.50) auf 00:1A:92:06:A3:C4 [ether] auf br0
> 
> 
> 192.168.10.50:#arp -a
> Schnittstelle: 192.168.10.50 --- 0x8
>   Internetadresse       Physikal. Adresse     Typ
>   192.168.10.1          00-0c-29-57-8b-67     dynamisch
>   192.168.10.5          c6-50-4b-e9-cf-bb     dynamisch
> 
> 
> Looks all right to me.
> 
> 
> David Balazic schrieb:
> > Weird.
> >
> > Can you try running a sniffer (like WireShark) on the VM guest
> > on the br0 interface ? And then try pinging .20.5 and .10.5 from 
> > the other PC.
> >
> > David
> >  
> >
> >   
> >> -----Original Message-----
> >> From: Frank [mailto:openvpn@xxxxxxxxxxxxxxxx] 
> >> Sent: Wednesday, February 06, 2008 9:43 AM
> >> To: David Balazic
> >> Subject: Re: [Openvpn-users] OpenVPN client can only reached 
> >> by OpenVPN serveritself
> >>
> >> Hi, sorry for the late response.
> >>
> >> Yes, I did a traceroute from 192.168.10.50.
> >>
> >> C:\>tracert 192.168.10.5
> >> Routenverfolgung zu hex.local [192.168.10.5] über maximal 30 
> >> Abschnitte:
> >>
> >>   1     *        *        *     Zeitüberschreitung der Anforderung.
> >>   2     *        *        *     Zeitüberschreitung der Anforderung.
> >>   3     *        *        *     Zeitüberschreitung der Anforderung.
> >>   4     *        *        *     Zeitüberschreitung der Anforderung.
> >>   5     *     ^C
> >>
> >> C:\>tracert 192.168.20.5
> >> Routenverfolgung zu HEX [192.168.20.5] über maximal 30 Abschnitte:
> >>
> >>   1    <1 ms    <1 ms    <1 ms  router-vm.local [192.168.10.1]
> >>   2    55 ms    55 ms    55 ms  HEX [192.168.20.5]
> >>
> >> Ablaufverfolgung beendet.
> >>
> >>
> >> Frank
> >>
> >>
> >> David Balazic schrieb:
> >>     
> >>> Did you traceroute the nonworking ping ?
> >>>  
> >>>
> >>>   
> >>>       
> >>>> -----Original Message-----
> >>>> From: Frank [mailto:openvpn@xxxxxxxxxxxxxxxx] 
> >>>> Sent: Tuesday, February 05, 2008 5:24 PM
> >>>> To: David Balazic
> >>>> Subject: Re: [Openvpn-users] OpenVPN client can only reached 
> >>>> by OpenVPN serveritself
> >>>>
> >>>> Sorry, all these IPs...
> >>>> 192.168.10.50 is a PC in my network. It can ping the client 
> >>>> with it's 192.168.20.5 IP but not with the 192.168.10.5 IP 
> >>>> from the OpenVPN connection.
> >>>>
> >>>> This works:
> >>>> 192.168.10.1# ping 192.168.10.5
> >>>> 192.168.10.1# ping 192.168.20.5
> >>>> 192.168.10.50# ping 192.168.20.5
> >>>>
> >>>> This does not work (but worked on the old non-VM server):
> >>>> 192.168.10.50# ping 192.168.10.5
> >>>>
> >>>> Frank
> >>>>
> >>>>
> >>>>
> >>>> David Balazic schrieb:
> >>>>     
> >>>>         
> >>>>> Hi!
> >>>>>
> >>>>> What does this mean :
> >>>>>
> >>>>>   
> >>>>>       
> >>>>>           
> >>>>>> This does not work (but worked on the old non-VM server):
> >>>>>> 192.168.10.5# ping 192.168.10.5 
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>> The VPN client can not ping itself ?
> >>>>>
> >>>>> Regards,
> >>>>> David
> >>>>>
> >>>>>   
> >>>>>       
> >>>>>           
> >>>>>> -----Original Message-----
> >>>>>> From: Frank [mailto:openvpn@xxxxxxxxxxxxxxxx] 
> >>>>>> Sent: Tuesday, February 05, 2008 5:05 PM
> >>>>>> To: David Balazic
> >>>>>> Subject: Re: [Openvpn-users] OpenVPN client can only reached 
> >>>>>> by OpenVPN serveritself
> >>>>>>
> >>>>>> Yes they do.
> >>>>>>
> >>>>>> David Balazic schrieb:
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>> And the VM host and other PCs can ping 192.168.10.1 ?
> >>>>>>>
> >>>>>>>
> >>>>>>>   
> >>>>>>>       
> >>>>>>>           
> >>>>>>>               
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: Frank [mailto:openvpn@xxxxxxxxxxxxxxxx] 
> >>>>>>>> Sent: Tuesday, February 05, 2008 4:54 PM
> >>>>>>>> To: David Balazic
> >>>>>>>> Subject: Re: [Openvpn-users] OpenVPN client can only reached 
> >>>>>>>> by OpenVPN serveritself
> >>>>>>>>
> >>>>>>>> router-vm:~# route
> >>>>>>>> Kernel IP Routentabelle
> >>>>>>>> Ziel            Router          Genmask         Flags Metric 
> >>>>>>>> Ref    Use 
> >>>>>>>> Iface
> >>>>>>>> 62.214.64.189   *               255.255.255.255 UH    0      
> >>>>>>>> 0        0 ppp0
> >>>>>>>> 192.168.10.0    *               255.255.255.0   U     0      
> >>>>>>>> 0        0 br0
> >>>>>>>> 192.168.20.0    192.168.10.5    255.255.255.0   UG    0      
> >>>>>>>> 0        0 br0
> >>>>>>>> default         *               0.0.0.0         U     0      
> >>>>>>>> 0        0 ppp0
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> router-vm:~# brctl show
> >>>>>>>> bridge name     bridge id               STP enabled     
> >>>>>>>>             
> >>>>>>>>                 
> >>>> interfaces
> >>>>     
> >>>>         
> >>>>>>>> br0             8000.000c29578b67       no              eth0
> >>>>>>>>                                                         tap0
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> router-vm:~# ifconfig
> >>>>>>>> br0       Protokoll:Ethernet  Hardware Adresse 
> >>>>>>>>                 
> >> 00:0C:29:57:8B:67
> >>     
> >>>>>>>>           inet Adresse:192.168.10.1  Bcast:192.168.10.255  
> >>>>>>>> Maske:255.255.255.0
> >>>>>>>>           inet6 Adresse: fe80::20c:29ff:fe57:8b67/64 
> >>>>>>>> Gültigkeitsbereich:Verbindung
> >>>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >>>>>>>>           RX packets:191 errors:0 dropped:0 
> overruns:0 frame:0
> >>>>>>>>           TX packets:122 errors:0 dropped:0 overruns:0 
> >>>>>>>>                 
> >> carrier:0
> >>     
> >>>>>>>>           Kollisionen:0 Sendewarteschlangenlänge:0
> >>>>>>>>           RX bytes:19395 (18.9 KiB)  TX bytes:22315 
> (21.7 KiB)
> >>>>>>>>
> >>>>>>>> eth0      Protokoll:Ethernet  Hardware Adresse 
> >>>>>>>>                 
> >> 00:0C:29:57:8B:67
> >>     
> >>>>>>>>           inet6 Adresse: fe80::20c:29ff:fe57:8b67/64 
> >>>>>>>> Gültigkeitsbereich:Verbindung
> >>>>>>>>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500 
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>  Metric:1
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>>>           RX packets:194 errors:0 dropped:0 
> overruns:0 frame:0
> >>>>>>>>           TX packets:122 errors:0 dropped:0 overruns:0 
> >>>>>>>>                 
> >> carrier:0
> >>     
> >>>>>>>>           Kollisionen:0 Sendewarteschlangenlänge:1000
> >>>>>>>>           RX bytes:22873 (22.3 KiB)  TX bytes:22315 
> (21.7 KiB)
> >>>>>>>>           Interrupt:177 Basisadresse:0x1400
> >>>>>>>>
> >>>>>>>> eth1      Protokoll:Ethernet  Hardware Adresse 
> >>>>>>>>                 
> >> 00:0C:29:57:8B:71
> >>     
> >>>>>>>>           inet6 Adresse: fe80::20c:29ff:fe57:8b71/64 
> >>>>>>>> Gültigkeitsbereich:Verbindung
> >>>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >>>>>>>>           RX packets:74 errors:0 dropped:0 overruns:0 frame:0
> >>>>>>>>           TX packets:96 errors:0 dropped:0 
> overruns:0 carrier:0
> >>>>>>>>           Kollisionen:0 Sendewarteschlangenlänge:1000
> >>>>>>>>           RX bytes:15581 (15.2 KiB)  TX bytes:8380 (8.1 KiB)
> >>>>>>>>           Interrupt:185 Basisadresse:0x1480
> >>>>>>>>
> >>>>>>>> lo        Protokoll:Lokale Schleife
> >>>>>>>>           inet Adresse:127.0.0.1  Maske:255.0.0.0
> >>>>>>>>           inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
> >>>>>>>>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >>>>>>>>           RX packets:6 errors:0 dropped:0 overruns:0 frame:0
> >>>>>>>>           TX packets:6 errors:0 dropped:0 overruns:0 
> carrier:0
> >>>>>>>>           Kollisionen:0 Sendewarteschlangenlänge:0
> >>>>>>>>           RX bytes:420 (420.0 b)  TX bytes:420 (420.0 b)
> >>>>>>>>
> >>>>>>>> ppp0      Protokoll:Punkt-zu-Punkt Verbindung
> >>>>>>>>           inet Adresse:83.135.254.169  P-z-P:62.214.64.189  
> >>>>>>>> Maske:255.255.255.255
> >>>>>>>>           UP PUNKTZUPUNKT RUNNING NOARP MULTICAST  
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>> MTU:1492  Metric:1
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>>>           RX packets:65 errors:0 dropped:0 overruns:0 frame:0
> >>>>>>>>           TX packets:73 errors:0 dropped:0 
> overruns:0 carrier:0
> >>>>>>>>           Kollisionen:0 Sendewarteschlangenlänge:3
> >>>>>>>>           RX bytes:13543 (13.2 KiB)  TX bytes:5719 (5.5 KiB)
> >>>>>>>>
> >>>>>>>> tap0      Protokoll:Ethernet  Hardware Adresse 
> >>>>>>>>                 
> >> 0A:67:5F:74:62:88
> >>     
> >>>>>>>>           inet6 Adresse: fe80::867:5fff:fe74:6288/64 
> >>>>>>>> Gültigkeitsbereich:Verbindung
> >>>>>>>>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500 
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>  Metric:1
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >>>>>>>>           TX packets:76 errors:0 dropped:0 
> overruns:0 carrier:0
> >>>>>>>>           Kollisionen:0 Sendewarteschlangenlänge:100
> >>>>>>>>           RX bytes:0 (0.0 b)  TX bytes:10675 (10.4 KiB)
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> David Balazic schrieb:
> >>>>>>>>     
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>>>> ifconfig and route of the VM guest.
> >>>>>>>>>
> >>>>>>>>>   
> >>>>>>>>>       
> >>>>>>>>>           
> >>>>>>>>>               
> >>>>>>>>>                   
> >>>>>>>>>> -----Original Message-----
> >>>>>>>>>> From: Frank [mailto:openvpn@xxxxxxxxxxxxxxxx] 
> >>>>>>>>>> Sent: Tuesday, February 05, 2008 4:22 PM
> >>>>>>>>>> To: David Balazic
> >>>>>>>>>> Subject: Re: [Openvpn-users] OpenVPN client can 
> only reached 
> >>>>>>>>>> by OpenVPN serveritself
> >>>>>>>>>>
> >>>>>>>>>> Hi!
> >>>>>>>>>>
> >>>>>>>>>> Yes, all VM machines can be reached from any PC in 
> >>>>>>>>>>                     
> >> my network 
> >>     
> >>>>>>>>>> and the VM 
> >>>>>>>>>> host reachable by it's IP.
> >>>>>>>>>>
> >>>>>>>>>> VMWare Server: 192.168.10.41
> >>>>>>>>>> eth0 bridged to vmnet0 --> my network: 192.168.10.0
> >>>>>>>>>> eth1 bridged to vmnet2 --> ADSL modem: dynamic IP
> >>>>>>>>>>
> >>>>>>>>>> Route on the VMServer host:
> >>>>>>>>>> Kernel IP routing table
> >>>>>>>>>> Destination     Gateway         Genmask         
> Flags Metric 
> >>>>>>>>>> Ref    Use 
> >>>>>>>>>> Iface
> >>>>>>>>>> 192.168.71.0    *               255.255.255.0   U  
>    0      
> >>>>>>>>>> 0        0 
> >>>>>>>>>> vmnet1
> >>>>>>>>>> 192.168.10.0    *               255.255.255.0   U  
>    0      
> >>>>>>>>>> 0        0 eth0
> >>>>>>>>>> 192.168.237.0   *               255.255.255.0   U  
>    0      
> >>>>>>>>>> 0        0 
> >>>>>>>>>> vmnet8
> >>>>>>>>>> default         192.168.10.1    0.0.0.0         UG 
>    100    
> >>>>>>>>>> 0        0 eth0
> >>>>>>>>>>
> >>>>>>>>>> Interfaces on the VMServer host:
> >>>>>>>>>> eth0      Link encap:Ethernet  HWaddr 00:E0:18:F7:BF:BF
> >>>>>>>>>>           inet addr:192.168.10.41  Bcast:192.168.10.255  
> >>>>>>>>>> Mask:255.255.255.0
> >>>>>>>>>>           inet6 addr: fe80::2e0:18ff:fef7:bfbf/64 
> Scope:Link
> >>>>>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500 
>  Metric:1
> >>>>>>>>>>           RX packets:32630 errors:0 dropped:0 
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>> overruns:0 frame:0
> >>>>     
> >>>>         
> >>>>>>>>>>           TX packets:56891 errors:0 dropped:0 overruns:0 
> >>>>>>>>>>             
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>>>> carrier:0
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>>>>>           collisions:19415 txqueuelen:1000
> >>>>>>>>>>           RX bytes:2207567 (2.1 MB)  TX bytes:85031519 
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>> (81.0 MB)
> >>>>     
> >>>>         
> >>>>>>>>>>           Interrupt:19 Base address:0xdc00
> >>>>>>>>>>
> >>>>>>>>>> eth1      Link encap:Ethernet  HWaddr 00:30:4F:02:F2:E5
> >>>>>>>>>>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
> >>>>>>>>>>           RX packets:0 errors:0 dropped:0 
> overruns:0 frame:0
> >>>>>>>>>>           TX packets:0 errors:0 dropped:0 overruns:0 
> >>>>>>>>>>                     
> >> carrier:0
> >>     
> >>>>>>>>>>           collisions:0 txqueuelen:1000
> >>>>>>>>>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> >>>>>>>>>>           Interrupt:20 Base address:0xaf00
> >>>>>>>>>>
> >>>>>>>>>> lo        Link encap:Local Loopback
> >>>>>>>>>>           inet addr:127.0.0.1  Mask:255.0.0.0
> >>>>>>>>>>           inet6 addr: ::1/128 Scope:Host
> >>>>>>>>>>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >>>>>>>>>>           RX packets:66 errors:0 dropped:0 
> overruns:0 frame:0
> >>>>>>>>>>           TX packets:66 errors:0 dropped:0 
> >>>>>>>>>>                     
> >> overruns:0 carrier:0
> >>     
> >>>>>>>>>>           collisions:0 txqueuelen:0
> >>>>>>>>>>           RX bytes:5176 (5.0 KB)  TX bytes:5176 (5.0 KB)
> >>>>>>>>>>
> >>>>>>>>>> vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01
> >>>>>>>>>>           inet addr:192.168.71.1  Bcast:192.168.71.255  
> >>>>>>>>>> Mask:255.255.255.0
> >>>>>>>>>>           inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
> >>>>>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500 
>  Metric:1
> >>>>>>>>>>           RX packets:0 errors:0 dropped:0 
> overruns:0 frame:0
> >>>>>>>>>>           TX packets:6 errors:0 dropped:0 overruns:0 
> >>>>>>>>>>                     
> >> carrier:0
> >>     
> >>>>>>>>>>           collisions:0 txqueuelen:1000
> >>>>>>>>>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> >>>>>>>>>>
> >>>>>>>>>> vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08
> >>>>>>>>>>           inet addr:192.168.237.1  Bcast:192.168.237.255  
> >>>>>>>>>> Mask:255.255.255.0
> >>>>>>>>>>           inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
> >>>>>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500 
>  Metric:1
> >>>>>>>>>>           RX packets:0 errors:0 dropped:0 
> overruns:0 frame:0
> >>>>>>>>>>           TX packets:6 errors:0 dropped:0 overruns:0 
> >>>>>>>>>>                     
> >> carrier:0
> >>     
> >>>>>>>>>>           collisions:0 txqueuelen:1000
> >>>>>>>>>>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> VM client:
> >>>>>>>>>> Debian server with DHCP server, ADSL connection and 
> >>>>>>>>>>         
> >>>>>>>>>>             
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>>>>>> OpenVPN server: 
> >>>>>>>>     
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>>>>> 192.168.10.1
> >>>>>>>>>>
> >>>>>>>>>> OpenVPN client get's a fixed IP 192.168.10.5 after 
> >>>>>>>>>>                     
> >> connecting 
> >>     
> >>>>>>>>>> which is 
> >>>>>>>>>> not reachable by any of my PCs than the OpenVPN server 
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>> itself if 
> >>>>     
> >>>>         
> >>>>>>>>>> connected over OpenVPN. This worked with my old non-VM 
> >>>>>>>>>>         
> >>>>>>>>>>             
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>>>>>> Debian server.
> >>>>>>>>     
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>>>>> I hope you did mean this kind of informations. If not 
> >>>>>>>>>>         
> >>>>>>>>>>             
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>>>>>> please be more 
> >>>>>>>>     
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>>>>> specific.
> >>>>>>>>>>
> >>>>>>>>>> Frank
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> David Balazic schrieb:
> >>>>>>>>>>     
> >>>>>>>>>>         
> >>>>>>>>>>             
> >>>>>>>>>>                 
> >>>>>>>>>>                     
> >>>>>>>>>>> How is the VM machine set up ?
> >>>>>>>>>>> IPs ? (real and virtual/gust-host)
> >>>>>>>>>>> Can other PCs access the VM host via network ? 
> >>>>>>>>>>>
> >>>>>>>>>>> Regards,
> >>>>>>>>>>> David
> >>>>>>>>>>>
> >>>>>>>>>>> PS: Did I mention "don't use bridging" ? ;-)
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>   
> >>>>>>>>>>>       
> >>>>>>>>>>>           
> >>>>>>>>>>>               
> >>>>>>>>>>>                   
> >>>>>>>>>>>                       
> >>>>>>>>>>>> -----Original Message-----
> >>>>>>>>>>>> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx 
> >>>>>>>>>>>> [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On 
> >>>>>>>>>>>> Behalf Of Frank
> >>>>>>>>>>>> Sent: Tuesday, February 05, 2008 3:50 PM
> >>>>>>>>>>>> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> >>>>>>>>>>>> Subject: [Openvpn-users] OpenVPN client can only 
> >>>>>>>>>>>>                         
> >> reached by 
> >>     
> >>>>>>>>>>>> OpenVPN serveritself
> >>>>>>>>>>>>
> >>>>>>>>>>>> Hi!
> >>>>>>>>>>>>
> >>>>>>>>>>>> I've got a big problem reaching a connected client 
> >>>>>>>>>>>>                     
> >>>>>>>>>>>>                         
> >>>> from other 
> >>>>     
> >>>>         
> >>>>>>>>>>>> PCs than the
> >>>>>>>>>>>> OpenVPN server by it's OpenVPN IP address.
> >>>>>>>>>>>>
> >>>>>>>>>>>> First I should mention I installed a new Debian 
> >>>>>>>>>>>>                         
> >> server as VM 
> >>     
> >>>>>>>>>>>> in VMWare Server
> >>>>>>>>>>>> 1.04. eth0 is bridged via vmnet0 to the real eth0 
> >>>>>>>>>>>>                     
> >>>>>>>>>>>>                         
> >>>> and eth1 is 
> >>>>     
> >>>>         
> >>>>>>>>>>>> bridged via vmnet2
> >>>>>>>>>>>> to the real eth1. The real eth0 is connected to 
> my network 
> >>>>>>>>>>>> and the real eth1 is
> >>>>>>>>>>>> connected to an ADSL modem because this server is 
> >>>>>>>>>>>>                         
> >> also used 
> >>     
> >>>>>>>>>>>> as internet router
> >>>>>>>>>>>> for my network.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Then I copied all OpenVPN configuration files 
> from my old 
> >>>>>>>>>>>> server (which wasn't a
> >>>>>>>>>>>> VM) to this server and configured the bridging 
> and routing 
> >>>>>>>>>>>> like it was on the
> >>>>>>>>>>>> old server.
> >>>>>>>>>>>>
> >>>>>>>>>>>> All is working well, the OpenVPN client connects, 
> >>>>>>>>>>>>                         
> >> gets an IP 
> >>     
> >>>>>>>>>>>> address, and I can
> >>>>>>>>>>>> reach it from the OpenVPN server itself. But 
> when I try to 
> >>>>>>>>>>>> reach it from another
> >>>>>>>>>>>> PC (using it's OpenVPN IP address) of my network it 
> >>>>>>>>>>>>                     
> >>>>>>>>>>>>                         
> >>>> cannot be 
> >>>>     
> >>>>         
> >>>>>>>>>>>> found. This was
> >>>>>>>>>>>> working on the old server. When I use it's IP 
> >>>>>>>>>>>>                         
> >> address of the 
> >>     
> >>>>>>>>>>>> clients network it
> >>>>>>>>>>>> works well from every PC in my network.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Here is how the networks looks like:
> >>>>>>>>>>>>
> >>>>>>>>>>>> 192.168.10.0: my network
> >>>>>>>>>>>> 192.168.20.0: clients network
> >>>>>>>>>>>>
> >>>>>>>>>>>> 192.168.10.1: OpenVPN server and internet router
> >>>>>>>>>>>> <---> Internet <--->
> >>>>>>>>>>>> 192.168.20.5: OpenVPN client and internet router, gets 
> >>>>>>>>>>>> 192.168.10.5 after
> >>>>>>>>>>>> connecting in my network
> >>>>>>>>>>>>
> >>>>>>>>>>>> There is a route to 192.168.10.5 for the 
> >>>>>>>>>>>>                     
> >>>>>>>>>>>>                         
> >>>> 192.168.20.0 network.
> >>>>     
> >>>>         
> >>>>>>>>>>>> This works:
> >>>>>>>>>>>> 192.168.10.1# ping 192.168.10.5
> >>>>>>>>>>>> 192.168.10.1# ping 192.168.20.5
> >>>>>>>>>>>> 192.168.10.5# ping 192.168.20.5
> >>>>>>>>>>>>
> >>>>>>>>>>>> This does not work (but worked on the old non-VM server):
> >>>>>>>>>>>> 192.168.10.5# ping 192.168.10.5
> >>>>>>>>>>>>
> >>>>>>>>>>>> I think because of this problem PCs of the 
> client network 
> >>>>>>>>>>>> cannot reach any PC in
> >>>>>>>>>>>> my network except the OpenVPN server because 
> >>>>>>>>>>>>                         
> >> answers from my 
> >>     
> >>>>>>>>>>>> PCs are sent back
> >>>>>>>>>>>> to 192.168.10.5 (I think so) which cannot be 
> >>>>>>>>>>>>                         
> >> reached by any 
> >>     
> >>>>>>>>>>>> of my PCs except the
> >>>>>>>>>>>> OpenVPN server itself.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Does anyone know what is happening? Is it because it 
> >>>>>>>>>>>>                 
> >>>>>>>>>>>>                     
> >>>>>>>>>>>>                         
> >>>>>> runs as VM?
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>>>>>>> Frank
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>                     
> >>>>>>>>>>>>                         
> >>>> --------------------------------------------------------------
> >>>>     
> >>>>         
> >>>>>>>>>>>> -----------
> >>>>>>>>>>>> This SF.net email is sponsored by: Microsoft
> >>>>>>>>>>>> Defy all challenges. Microsoft(R) Visual Studio 2008.
> >>>>>>>>>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >>>>>>>>>>>> _______________________________________________
> >>>>>>>>>>>> Openvpn-users mailing list
> >>>>>>>>>>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users