|
|
Hi,James Yonan Thank your help. Today, I am in the lab, so I test the openvpn between two subnetworks. The client side is a WindowsXP box, and the server side is a linux box, which is another subnetwork's gateway. 192.168.201.2(linux boxB) -- 192.1.68.201.1 && 10.1.0.232 (linux boxA)------- 10.1.0.176(windows xp) On the xp box, remote 10.1.0.232 dev tap dev-node my-tap secret key.txt ping 10 verb 5 myroute.bat route add 192.168.201.0 mask 255.255.255.0 192.168.1.2 On the linux boxA, remote 10.1.1.176 dev tap up ./tap.up secret key.txt verb 5 and the tap.up: #!/bin/bash ifconfig $1 192.168.1.1 netmask 255.255.255.0 mtu $2 About the iptables: I write the firewall rules based on sample-config-files/firewall.sh. I can ping from 192.168.201.2 to the network 10.1.0.0/23. From my xp box, I can ping 192.168.201.1, but I can not ping the 192.168.201.2 box. When I ping 192.168.1.1 or 192.168.201.1 from 10.1.0.176, both sides show RWRW..... When I ping 192.168.201.2 from 10.1.0.176, the client side shows WWWW...., and the server side shows RRRRR.... What's problem about my configuration? If it is the filewall rule problem, why can I ping 192.168.201.1? Thank you! Best Regards Ouyang Kai >Ouyang, > >You have some errors in your configuration. You should try to follow one of >the Windows <-> Linux examples in the Windows README as closely as possible, >as these examples are known to work. > >First of all you, you have --dev tap on one end and --dev tun on the other. >This alone will kill the tunnel. If Windows is involved in the link, you need >to have --dev tap on each side of the connection, at least until a tun device >is implemented for Windows (which hasn't happened yet). > >On windows you set the TAP-Win32 adapter IP address using either the network >control panel or the netssh command. This is discussed in the OpenVPN Windows >README: > >http://openvpn.sourceforge.net/install32.html > >On FreeBSD you need to have an --up script as well to configure the tap device >(The --ifconfig option on OpenVPN is just a helper for the ifconfig command -- >but it does not do TAP devices yet). You need to adapt the --up script used >in the README from Linux to FreeBSD. The conversion is really just making >sure the format of the ifconfig command is correct for FreeBSD (annoyingly, >ifconfig tends to have to have small incompatibilities across different OSes). > >Once you get this worked out, run with --verb 5 on each side and you will get >'R' and 'W' chars output for each packet read and written. If you get 'R' >chars on each end of the connection, it means that both sides are actually >talking to each other. > >James > |