[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Serving only Static IP Addresses to Linux clients


  • Subject: Re: [Openvpn-users] Serving only Static IP Addresses to Linux clients
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Fri, 08 Feb 2008 13:30:32 +0100

Hi Matthew,

looks like your server config file has an error. instead of using
  mode server
  tls-server
  ifconfig 10.200.33.6 10.200.33.5
  push "route 10.200.33.0 255.255.255.0"
use
  server 10.200.33.0 255.255.255.0
  tls-server

please try this and see if you can connect with this config...

HTH,

JJK


Matthew Macdonald-Wallace wrote:
> On Fri, 08 Feb 2008 11:46:03 +0100
> Jan Just Keijser <janjust@xxxxxxxxx> wrote:
>
>   
>> Hi Matthew,
>>
>> your current setup is a routed OpenVPN setup, which requires an extra 
>> subnet (172.16.16.0/24) to make things work. You can eliminate this 
>> extra subnet by switching to bridged mode, but there's one thing I
>> don't understand about your setup:
>>
>> the vpn client lan space is 192.168.2.0/24
>> the vpn server lan space is 192.168.3.0/24
>> the vpn lan is 172.16.16.0/24
>>
>> where does 172.16.17.0 come from? on which sides of the setup does
>> this lan space live? I assume/hope that it's only on the server side.
>>     
>
>
> This is half my problem!  This appears to be required to use the VPN
> and I don't know why!
>
>
> In our labs, I now have a testbed setup with the configs as follows:
>
> Server.conf:
>
> port 1194
> proto udp
> dev tun
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/server.crt
> key /etc/openvpn/keys/server.key
> dh /etc/openvpn/keys/dh1024.pem
> mode server
> tls-server
> ifconfig 10.200.33.6 10.200.33.5
> push "route 10.200.33.0 255.255.255.0"
> keepalive 10 120
> comp-lzo
> persist-key
> persist-tun
> status openvpn-status.log
> verb 5
> user nobody
> group nogroup
> daemon
> client-config-dir ccd/
>
>
>
> ccd/desktop
> push "ifconfig 10.200.33.5 10.200.33.6"
>
>
>
> client.conf:
>
> client
> dev tun
> proto udp
> remote 192.168.5.142 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca ca.crt
> cert client1.crt
> key client1.key
> comp-lzo
> verb 5
>
>
>
> When I ping the remote VPN address (10.200.33.6 from the client) I get
> the following in the logs:
>
> Feb  8 11:34:04 demobuild openvpn[17787]: desktop/192.168.5.69:40148
> MULTI: bad source address from client [10.200.33.5], packet dropped
>
> This is repeated over and over again until I stop the ping.
>
> Thanks in advance for all help,
>
> Matt.
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users