[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] problem with connecting to private network

Subject: Re: [Openvpn-users] problem with connecting to private network
From: samwun <samwun@xxxxxxxxxxxxxxxx>
Date: Sat, 15 May 2004 11:52:58 +0800

samwun wrote:

Julio Maidanik wrote:
Hi,
Your configuration seems wrong.
The configuration of OpenVPN in either machine is as follow:
FreeBSD:
=======
remote   192.168.1.91
#proto      upd
port        5000
dev         tun3
ifconfig   192.168.2.1 172.16.0.1
In your ifconfig the IP adresses should be the tun addresses of the endpoints. As far as I understand 192.168.2.1 is the LAN address of your gateway (as 192.168.2.2. is the WinXP on that same LAN), so the tun address should not be the same as your LAN address.

The same holds true for the other gateway, in general you need three sets of addresses, each on different subnets (network address): 1) local and remote - real IPs connecting to the internet, or the WAN (as seems to be your case) 2) tun addresses - virtual private IPs making the tunnel, which should not interfere with any of the other network address. Those are the addresses which are defined on ifconfig. 3) LAN addresses - real private IPs. If not bridging both LANs have to have subnet addresses. To enable access to those addresses, they need to be entered in the route command, using tun endpoint as gateway.

In short, IMHO, you need two tun addresses, one for each endpoint of the tunnel, for example 192.168.0.1 and 192.168.0.2
thanks for your help, I have changed the ifconfig in the server.conf according what you described: in FreeBSD: ========== remote 192.168.1.91 #proto upd port 5000 dev tun3
ifconfig   192.168.0.2 192.168.0.1
up /etc/openvpn/home.up
down /etc/openvpn/home.down
user nobody
group nobody
#comp-lzo
ping 10
verb 9
In Redhat:
=========
remote   192.168.1.1
#proto      upd
port        5000
dev         tun0
ifconfig   192.168.0.1 192.168.0.2
up /etc/openvpn/home.up
down /etc/openvpn/home.down
user nobody
group nobody
#comp-lzo
ping 10
verb 9
Now, ping from FreeBSD to Redhat does not receive echo, but Ping from Redhat to FreeBSD dose fine.
How can I further investigate this problem?
Sam

Here is result of the ifconfig/netstat in FreeBSD and Redhat:
In FreeBSD:
==========
root@fbsd [2:32pm] [...local/classlib-2.1]# ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
       inet6 fe80::202:b3ff:febb:a7a5%fxp0 prefixlen 64 scopeid 0x1
       ether 00:02:b3:bb:a7:a5
       media: Ethernet autoselect (10baseT/UTP)
       status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
       inet6 fe80::202:b3ff:fe8a:c348%fxp1 prefixlen 64 scopeid 0x2
       ether 00:02:b3:8a:c3:48
       media: Ethernet autoselect (none)
       status: no carrier
....
tun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
       inet6 fe80::202:b3ff:febb:a7a5%tun3 prefixlen 64 scopeid 0x8
       inet 192.168.0.2 --> 192.168.0.1 netmask 0xffffffff
       Opened by PID 265
root@fbsd [2:36pm] [...local/classlib-2.1]# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.254      UGSc        4        0   fxp0
127.0.0.1          127.0.0.1          UH          1       24    lo0
172.16/24          192.168.1.1        UGSc        0        0   fxp0
192.168.0.1        192.168.0.2        UH          0      223   tun3
192.168.1          link#1             UC          4        0   fxp0
192.168.1.1        00:02:b3:bb:a7:a5  UHLW        1        0    lo0
192.168.1.91       00:90:27:57:59:8c  UHLW        4     8770   fxp0   1131
192.168.1.128      00:09:6b:8d:b2:67  UHLW        0      343   fxp0    941
192.168.1.254      00:02:b3:0b:3c:d1  UHLW        5       53   fxp0     72
192.168.2          link#2             UC          0        0   fxp1

In Redhat: ============= root@redhat [11:46am] [~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:90:27:57:59:8C inet addr:192.168.1.91 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39507 errors:0 dropped:0 overruns:0 frame:0 TX packets:33214 errors:0 dropped:0 overruns:0 carrier:0 collisions:7756 txqueuelen:100 RX bytes:4654082 (4.4 Mb) TX bytes:5304575 (5.0 Mb) Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038

eth0:0 Link encap:Ethernet HWaddr 00:90:27:57:59:8C inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2936 (2.8 Kb) TX bytes:2414 (2.3 Kb) Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038 ..... tun0 Link encap:Point-to-Point Protocol inet addr:192.168.0.1 P-t-P:192.168.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2936 (2.8 Kb) TX bytes:2414 (2.3 Kb)

root@redhat [11:46am] [~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 192.168.0.2 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0

Thanks
Sam

Julio
----- Original Message ----- From: "samwun" <samwun@xxxxxxxxxxxxxxxx>
To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, May 14, 2004 1:06 PM
Subject: [Openvpn-users] problem with connecting to private network

Dear all,

I have setup openvpn p-t-p connection between tow openvpn gateways and
running fine when executing connection from the openvpn gateway.
But when I tried to connect to a remote openvpn server thru a client
behind the openvpn gateway, the connection failed. Here is the diagram:

172.16.0.1 --- 192.168.1.91 (redhat 9.0)<---> 192.168.1.1(freeBSD 4.9)
--- 192.168.2.1 --- 192.168.2.2 (WindowsXP client)

where 192.168.1.91 (redhat 9.0) and 192.168.1.1 (freeBSD 4.9) are two
openvpn gateways,
172.16.0.1 is an alias IP address of 192.168.1.91. ( because lack of
nework card)
192.168.2.1 is a second nework card in the same box of 192.168.1.1
(freeBSD).
192.168.2.2 (WindowsXP) is a client machine without OpenVPN installed
and sit behind 192.168.1.1 gateway.

The connection from 192.168.1.1 to 172.16.0.1 usingi ssh works fine:
root@fbsd [2:46am] [/etc/openvpn]# ssh 172.16.0.1
root@xxxxxxxxxx's password:

ip forwarding in Redhat is turnned on:
root@redhat [12:36am] [/etc/openvpn]# cat /proc/sys/net/ipv4/ip_forward
1
ip forwarding in FreeBSD is also turned on:
root@fbsd [2:52am] [/etc/openvpn]# sysctl -a | grep forward
net.inet.ip.forwarding: 1

But login attempt from 192.168.2.2 (windows xp) to 172.16.0.1 is failed.

What is wrong with the configuration I have in 2 openvpn gateways?

The configuration of OpenVPN in either machine is as follow:
FreeBSD:
=======
/etc/openvpn/server.conf:
remote   192.168.1.91
#proto      upd
port        5000
dev         tun3

ifconfig   192.168.2.1 172.16.0.1
up /etc/openvpn/home.up

user nobody
group nobody

#comp-lzo
ping 10
verb 9

/etc/openvpn/home.up:
#!/bin/bash
route add -net 172.16.0 192.168.1.1 255.255.255.0

result of ifconfig -a in freeBSD:
root@fbsd [2:45am] [/etc/openvpn]# ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
       inet6 fe80::202:b3ff:febb:a7a5%fxp0 prefixlen 64 scopeid 0x1
       ether 00:02:b3:bb:a7:a5
       media: Ethernet autoselect (10baseT/UTP)
       status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
       inet6 fe80::202:b3ff:fe8a:c348%fxp1 prefixlen 64 scopeid 0x2
       inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
       ether 00:02:b3:8a:c3:48
       media: Ethernet autoselect (10baseT/UTP)
       status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
       inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
tun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
       inet6 fe80::202:b3ff:febb:a7a5%tun3 prefixlen 64 scopeid 0x8
       inet 192.168.2.1 --> 172.16.0.1 netmask 0xffffffff
       Opened by PID 264

Redhat:
======
/etc/openvpn/server.conf:
remote   192.168.1.1
#proto      upd
port        5000
dev         tun0

ifconfig   172.16.0.1 192.168.2.1
up /etc/openvpn/home.up

user nobody
group nobody

#comp-lzo
ping 10
verb 9

/etc/openvpn/home.up:
#!/bin/bash
route add -net 192.168.2.0 netmask 255.255.255.0 gw $5

result of ipconfig -a in Redhat: root@redhat [12:34am] [/etc/openvpn]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:90:27:57:59:8C inet addr:192.168.1.91 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7908 errors:0 dropped:0 overruns:0 frame:0 TX packets:6289 errors:0 dropped:0 overruns:0 carrier:0 collisions:2065 txqueuelen:100 RX bytes:1112845 (1.0 Mb) TX bytes:1205461 (1.1 Mb) Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038

eth0:0    Link encap:Ethernet  HWaddr 00:90:27:57:59:8C
         inet addr:172.16.0.1  Bcast:172.16.0.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:153 errors:0 dropped:0 overruns:0 frame:0
         TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)
         Interrupt:11 Base address:0xc400 Memory:e5104000-e5104038

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:184 errors:0 dropped:0 overruns:0 frame:0
         TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:112144 (109.5 Kb)  TX bytes:112144 (109.5 Kb)

tun0      Link encap:Point-to-Point Protocol
         inet addr:172.16.0.1  P-t-P:192.168.2.1  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:153 errors:0 dropped:0 overruns:0 frame:0
         TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:15009 (14.6 Kb)  TX bytes:22816 (22.2 Kb)

Thanks
Sam

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] problem with connecting to private network
  - From: Julio Maidanik

References:
- Re: [Openvpn-users] Connecting 2 private networks (problem)
  - From: Frank Elsner
- Re: [Openvpn-users] Connecting 2 private networks (problem)
  - From: Doug Lytle
- [Openvpn-users] problem with connecting to private network
  - From: samwun
- Re: [Openvpn-users] problem with connecting to private network
  - From: Julio Maidanik
- Re: [Openvpn-users] problem with connecting to private network
  - From: samwun

Prev by Date: Re: [Openvpn-users] problem with connecting to private network
Next by Date: [Openvpn-users] OpenVPN 2.0-beta2 released
Previous by thread: Re: [Openvpn-users] problem with connecting to private network
Next by thread: Re: [Openvpn-users] problem with connecting to private network
Index(es):
- Date
- Thread