[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn 2.0 rc6 config trouble

  • Subject: [Openvpn-users] openvpn 2.0 rc6 config trouble
  • From: "Alexey Amerik" <alex@xxxxxxxxxxxxxx>
  • Date: Wed, 2 Feb 2005 14:40:32 -0500
  • Importance: Normal

Hello, I’m trying to set up OpenVPN between office running debian linux and home running xp, however I’m unable to get my vpn clients talking to my office lan.

 

I’m using etherner bridge br0, it contains my office private lan eth0 [192.168.111.x], and tapX devices for vpn clients [192.168.222.x].

 

OpenVPN creates a virtual lan 192.168.222.x for vpn clients.

 

Theres several issues I cannot figure out. When OpenVPN starts, it ignores all tapX devices that are a part of br0, and instead creates a new one. Is that normal behavior?

When clients connect, they get an IP from the vpn range, but no default gateway gets set for them…is this normal?

Upon a successful connection I am able to ping my private lans gateway 192.168.111.1 from my vpn client, but no other machine can be reached on the private lan. The reverse is not true, as I’m able to ping the vpn clients from my internal machines and my gateway.

 

I’d like for someone to check over my configs below, suggest what routes need to be set? Ive modified my iptables setup according to the HOWTO, how can I test if my firewall is indeed blocking access to 192.168.111.x?

 

Any help would be appreciated.

Thanks,

Alex Amerik

 

My server.conf:

---------------------------------------------

port 1194

dev tap

tls-server

dh dh1024.pem

ca ca.crt

cert server.crt

key server.key

 

auth-user-pass-verify ./validate.sh via-env

client-disconnect ./logoff.sh

up ./openvpn.up

 

mode server

duplicate-cn

ifconfig 192.168.222.1 255.255.255.0

ifconfig-pool 192.168.222.10 192.168.222.50 255.255.255.0   #ip pool for VPN clients

 

mtu-test

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

ping 10

ping-restart 120

push "ping 10"

push "ping-restart 60"

push "dhcp-option DOMAIN domain.com"   

push "dhcp-option DNS 192.168.111.10”

push "route 192.168.111.0 255.255.255.0 192.168.222.1 #push real private lan to ovpn gw

 

comp-lzo

status-version 2

status openvpn-status.log

verb 3

---------------------------------------------

 

openvpn.up contents:

 

#!/bin/sh

 

route del -net 192.168.222.0 netmask 255.255.255.0 gw 192.168.111.1

route del -net 192.168.222.0 netmask 255.255.255.0 dev tap0

route add -net 192.168.222.0 netmask 255.255.255.0 gw 192.168.222.1

---------------------------------------------

client.conf:

 

port 1194

dev tap

remote vpn.domain.com

tls-client

auth-user-pass

ca ca.crt

cert client.crt

key client.key

mtu-test

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

pull

comp-lzo

verb 4