[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] can ping and dns, but not pop or rdp.

  • Subject: RE: [Openvpn-users] can ping and dns, but not pop or rdp.
  • From: "Milton R. Calnek" <mcalnek@xxxxxxxxxx>
  • Date: Tue, 5 Apr 2005 14:22:57 -0600
Hi,

My internet in both cases is cable modems. CLAMPMSS is set to no on both
ends.

I tried setting CLAMPMSS=yes on both ends... but it didn't work.

Any other ideas?
--
Milton Calnek
mcalnek@xxxxxxxxxx
+1 306 359 6939


-----Original Message-----
From: Erich Titl [mailto:erich.titl@xxxxxxxx] 
Sent: Tuesday, April 05, 2005 1:00 PM
To: Milton R. Calnek
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] can ping and dns, but not pop or rdp.

Hi

just a shot in the dark, you did not tell us about your internet 
connection, could it be a fragmentation issue?
Did you set CLAMPMSS in shorewall.conf

cheers

Erich

Milton R. Calnek wrote:

>Hi all,
>
>I'm having trouble making openvpn to allow tcp connections.
>
>Here's my layout:
>
>winxp --------+
>linux wkstn --+
>win2k server -+-- openvpn server --+ internet
>
>win2k wkstn --+-- openvpn client --+ internet
>
>The ultimate goal is to allow the win2k wkstn to use the exchange
server
>on the win2k server and for the linux wkstn to rdp to the win2k wkstn.
>
>What works:
>Ping from win2k wkstn to win2k server
>Nslookup from win2k wkstn to win2k server
>
>Ping from linux wkstn to win2k wkstn
>[root@mrcwkstn nmap]# ping -f -s 1400 172.20.5.3
>PING 172.20.5.3 (172.20.5.3) 1400(1428) bytes of data.
>........        
>--- 172.20.5.3 ping statistics ---
>1071 packets transmitted, 1063 received, 0% packet loss, time 15405ms
>rtt min/avg/max/mdev = 31.857/74.165/192.469/33.227 ms, pipe 15,
>ipg/ewma 14.398/47.322 ms
>
>
>Openvpn server:
>RH Linux 9.
>Openvpn 2-rc16
>Shorewall 2.0.10
>
>Shorewall configuration:
>Policy
>#SOURCE         DEST            POLICY          LOG
>LIMIT:BURST
>#                                               LEVEL
>loc             vpn             ACCEPT
>vpn             loc             ACCEPT
>loc             all             DROP            info
>net             all             DROP            info
>
>all             all             DROP            info 
>
>interfaces
>#ZONE    INTERFACE      BROADCAST       OPTIONS
>net     eth0    detect # Relocated to hosts
>loc     eth1    detect
>vpn     tap0    detect
>vpn     tun0    detect
>
>tunnels
># TYPE                  ZONE    GATEWAY         GATEWAY
>#                                               ZONE
>openvpn:5000    net     ip_open_vpn_client
>
>Openvpn config:
>remote ip_open_vpn_client
>port 5000
>dev tun0
>ifconfig 192.168.0.1 192.168.0.2
>#dev tap0
>#ifconfig 192.168.0.1 255.255.255.252
>route 172.20.5.0 255.255.255.0 192.168.0.2
>secret keys/stoon.key
>ping 10
>comp-lzo
>verb 3
>
>Openvpn client
>Redhat linux 9
>Shorewall 2.0.10
>Openvpn 2-rc16
>
>Shorewall config:
>Policy
>#SOURCE         DEST            POLICY          LOG
>LIMIT:BURST
>#                                               LEVEL
>loc     vpn     ACCEPT
>loc     net     ACCEPT
>
>vpn     loc     ACCEPT
>vpn     net     REJECT
>
>net     all     DROP    info
>
>all     all     DROP    info 
>#LAST LINE -- DO NOT REMOVE
>
>tunnels
>openvpn:5000    net     ip_of_openvpn_server
>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
>interfaces
>#ZONE    INTERFACE      BROADCAST       OPTIONS
>#
>net     eth0    detect
>norfc1918,nobogons,routefilter,blacklist,tcpflags,routeback,nosmurfs
>loc     eth1    detect  routefilter,tcpflags,routeback,detectnets
>vpn     tap0    detect
>vpn     tun0    detect
>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
>Openvpn config:
>remote ip_of_openvpn_server
>port 5000
>dev tun0
>ifconfig 192.168.0.2 192.168.0.1
>#dev tap0
>#ifconfig 192.168.0.2 255.255.255.252
>route 198.73.67.0 255.255.255.0 192.168.0.1
>secret keys/regina.key
>ping 10
>comp-lzo
>verb 1
>mute 10
>
>--
>Milton Calnek
>mcalnek@xxxxxxxxxx
>+1 306 359 6939
>
>
>
>--
>DISCLAIMER: The information transmitted is intended only for the 
>addressee and may contain confidential, proprietary and/or privileged 
>material. Any unauthorized review, distribution or other use of or 
>the taking of any action in reliance upon this information is 
>prohibited. If you received this in error, please contact the sender 
>and delete or destroy this message and any copies.  
>
>  
>



--
DISCLAIMER: The information transmitted is intended only for the 
addressee and may contain confidential, proprietary and/or privileged 
material. Any unauthorized review, distribution or other use of or 
the taking of any action in reliance upon this information is 
prohibited. If you received this in error, please contact the sender 
and delete or destroy this message and any copies.  

-- 
This message has been scanned for viruses and dangerous content by 
MailScanner, and is believed to be clean.  MailScanner thanks transtec 
Computers for their support.


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users