[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and bridge-utils


  • Subject: Re: [Openvpn-users] OpenVPN and bridge-utils
  • From: Willy Offermans <Willy@xxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 9 Feb 2008 10:48:43 +0100

Hello Edo and OpenVPN friends,

On Thu, Feb 07, 2008 at 11:39:04AM -0800, scartomail wrote:
> I want bridging so the roadwarior can have full acces to the network.
> Just pushing routes seems to have a lot of limmitations.
>  
> Anyway, I did not set the push "redirect-gateway" option because I also want it to use the local network.
> But if it would resolve the problem... so I uncomented the push "redirect-gateway" option.
> Unfortunatly I still have the same problem.
> 
> The logfile on the server or the client are not giving me any errors on the gateway problem part(or any other).
> It's al handshake done wel, adding routes and gateway's???
> 
> Here is the last part of my client.log:
> Thu Feb 07 20:29:07 2008 [dewaal] Peer Connection Initiated with 10.0.0.20:1194
> Thu Feb 07 20:29:08 2008 SENT CONTROL [dewaal]: 'PUSH_REQUEST' (status=1)
> Thu Feb 07 20:29:08 2008 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route-gateway 10.8.0.4,ping 10,ping-restart 120,ifconfig 10.8.0.6 255.255.255.0'
> Thu Feb 07 20:29:08 2008 OPTIONS IMPORT: timers and/or timeouts modified
> Thu Feb 07 20:29:08 2008 OPTIONS IMPORT: --ifconfig/up options modified
> Thu Feb 07 20:29:08 2008 OPTIONS IMPORT: route options modified
> Thu Feb 07 20:29:08 2008 TAP-WIN32 device [Local Area Connection 10] opened: \\.\Global\{7379ADC9-0617-44B8-AFB0-93BD12DBF5BF}.tap
> Thu Feb 07 20:29:08 2008 TAP-Win32 Driver Version 8.4 
> Thu Feb 07 20:29:08 2008 TAP-Win32 MTU=1500
> Thu Feb 07 20:29:08 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.0 on interface {7379ADC9-0617-44B8-AFB0-93BD12DBF5BF} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
> Thu Feb 07 20:29:08 2008 Successful ARP Flush on interface [7] {7379ADC9-0617-44B8-AFB0-93BD12DBF5BF}
> Thu Feb 07 20:29:08 2008 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
> Thu Feb 07 20:29:08 2008 route ADD 10.0.0.20 MASK 255.255.255.255 10.0.0.1
> Thu Feb 07 20:29:08 2008 Route addition via IPAPI succeeded
> Thu Feb 07 20:29:08 2008 route DELETE 0.0.0.0 MASK 0.0.0.0 10.0.0.1
> Thu Feb 07 20:29:08 2008 Route deletion via IPAPI succeeded
> Thu Feb 07 20:29:08 2008 route ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.4
> Thu Feb 07 20:29:08 2008 Route addition via IPAPI succeeded
> Thu Feb 07 20:29:08 2008 Initialization Sequence Completed
> 
> I'm on a local lan and can not ping 10.8.0.4 as this line says it is my gateway.
> Thu Feb 07 20:29:08 2008 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route-gateway 10.8.0.4,ping 10,ping-restart 120,ifconfig 10.8.0.6 255.255.255.0'
> 
> 
> Any thoughts?
> 
> 
> Rgds Edo
> 
> 
> 
> ----- Original Message ----
> From: Willy Offermans <Willy@xxxxxxxxxxxxxxxxxxx>
> To: scartomail <scartomail@xxxxxxxxx>
> Sent: Thursday, February 7, 2008 1:12:40 PM
> Subject: Re: [Openvpn-users] OpenVPN and bridge-utils
> 
> Hello Edo and OpenVPN friends,
> 
> On Thu, Feb 07, 2008 at 03:27:18AM -0800, scartomail wrote:
> > Hi Everyone,
> > 
> > I have setup an OpenVPN server(debian/etch) and one client(winXP).
> > The client should be a roadwarrior and connect to the network behind the OpenVPN server.
> > 
> > First I setup the connection to the OpenVPN and this was without problems.
> > But after installing and setting up the bridge-utils I do get a connection with the
> > OpenVPN server and an ipadres but no gateway??
> > 
> > The client can not even ping the OpenVPN server on 10.8.0.1?
> > The last line in my client's OpenVPN log is: Unable to get a default gateway.
> > 
> > Debian has privided excelent scripts and an howto but it seems that something is still wrong.
> > Anybody any experiance with this kind of setup?
> > 
> > Thanks in advance.
> > 
> > Rgds Edo
> > 
> 
> Why do you need bridging?
> 
> In general, you do not need bridging to have proper vpn connection.
> 
> Maybe you forgot 
> push "redirect-gateway"
> in your server config file, but I'm not totally sure that this is what
> you want.
> 
> 
> -- 
> Met vriendelijke groeten,
> With kind regards,
> Mit freundlichen Gruessen,
> De jrus wah,
> 
> Willy
> 
> *************************************
> W.K. Offermans
> Home:  +31 45 544 49 44
> Mobile: +31 653 27 16 23
> e-mail: Willy@xxxxxxxxxxxxxxxxxxx
> 
>                                       Powered by ....
> 
>                                             (__)
>                                         \\\'',)
>                                           \/  \ ^
>                                           .\._/_)
> 
>                                       www.FreeBSD.org
> 
> 
>       ____________________________________________________________________________________
> Looking for last minute shopping deals?  
> Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

What find of limitations do pushing routes have?

I know my advice to you sounds silly, but forget about bridging for the
time being. Just setup a decent VPN connection with working pinging and
blahblah first. There are some pitfalls you will have to overcome
already, like Gateway, IP and routing problems, firewall, keys etc. If
you have overcome all these problems, then start playing with bridging.
At the end bridging isn't that hard at all, but if you have all
problems at the same time you don't know where to find the solutions.

It is very difficult for us to assist you, if you don't provide us with
detailed information. Most important are the client and server vpn
config files. Specification about OS and status of firewalls are also
interesting.


-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Willy

*************************************
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 653 27 16 23
e-mail: Willy@xxxxxxxxxxxxxxxxxxx

                                       Powered by ....

                                            (__)
                                         \\\'',)
                                           \/  \ ^
                                           .\._/_)
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users