[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Openvpn on openbsd, ifconfig-push problems

  • Subject: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
  • From: John Allman <allmanj@xxxxxxxxxx>
  • Date: Tue, 01 Nov 2005 13:13:31 +0000
Hi All,

New to OpenVPN, but it looks like a really excellent package. I'm liking
the idea of assigning specific ip addresses to each of my users so i can
identify them individually on the internal network. I've read the
documentation and as far as i understand it, what i've done *should* work.

I'm using openvpn-2.0.2 from ports on openbsd

The below shows my server configuration.

# egrep -v "(^#|^ *$|^;)" server.conf
port 1194
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 10.9.0.0 255.255.255.252
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

# egrep -v "(^#|^ *$|^;)" ccd/allmanj
ifconfig-push 10.9.0.1 10.9.0.2

My client config (linux) looks like this:

egrep -v "(^#|^ *$|^;)" /etc/openvpn/client.conf
client
dev tun
proto udp
remote <REMOVED> 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert allmanj.crt
key allmanj.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3

When i connect as allmanj (from linux or windows) i get assigned
10.9.0.1 all right, but i can't connect to 10.9.0.2.

Once connected, my routing table looks like this on the server:

route show |head -14
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu
Interface
default            <REMOVED>       UGS         0  2208131      -   vr0
10.8.0/24          10.8.0.2           UGS         0        0      -   tun0
10.8.0.2           10.8.0.1           UH          0        0      -   tun0
10.9.0.0/30        10.8.0.2           UGS         0        0      -   tun0
loopback           localhost          UGRS        0        0  33224   lo0
localhost          localhost          UH          0        0  33224   lo0
<REMOVED>        link#1             UC          0        0      -   vr0
<REMOVED>       <REMOVED>  UHLc        0        0      -   vr0
BASE-ADDRESS.MCAST localhost          URS         0        0  33224   lo0

On the client (linux) it looks like this:

 route
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
 10.8.0.1        10.9.0.2        255.255.255.255 UGH   0      0        0
tun0
 10.9.0.2        *               255.255.255.255 UH    0      0        0
tun0
 10.0.1.0        *               255.255.255.0   U     0      0        0
wlan0
 default         10.0.1.1        0.0.0.0         UG    0      0        0
wlan0

Can anyone indicate what i've done wrong? If i leave out the
ifconfig-push bit it all works fine. Ideally i'd like a situation where
no clients get assigned an address from a pool - every user should have
an ip address that they're guaranteed to get. I'm assuming i'm going
about this the right way?

I'm not subscribed, so please cc me in any replies.

Thanks,

John

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users