[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]
[Openvpn-users] can't ping anything on server side of VPN

Subject: [Openvpn-users] can't ping anything on server side of VPN
From: Matthew Clarkson <mwclarks@xxxxxxxxxxx>
Date: Thu, 10 Nov 2005 10:18:49 -0700 (MST)
Hello, my VPN setup is as follows
                                             (OpenVPN 2.0.4)
  ---------              (Internet)            ------------  206.x.x.x
  |  NAT  | ------------............-----------| Charriot |---------X
  --------- 68.147.93.10         136.159.94.17|------------
      |                                       |       * 10.9.0.1
      |192.168.1.1        ********************|******** 
      |                   *                   |
      |                   *                   |--------
      |192.168.1.32       *                           |
      |                   *            136.159.94.20  |
  ---------------         *                   ----------------
  | Workstation | *********                   | Samba Server |
  --------------- 10.9.0.6                    ----------------
  (OpenVPN 2.0.2)

That is my current setup, what I am trying to do is set up openVPN on 
charriot so that the workstation in this diagram can access the samba 
server.
With the current configuration that I have, from the Workstation I can 
ping 10.9.0.1, but I can't ping anything else.  When I ping 136.159.94.20 
and tcpcump the samba server (on eth0, 136.159.94.20), I can see the send 
and replys to and from 10.9.0.6 (I have a route back to 136.159.94.17 for 
the 10.9.0.0/24 subnet), so then when I tcpdump eth1 on Charriot 
(136.159.94.17) I can see the send and replys still (so it's all good up 
to this point).  But when I tcpdump tun0 I don't get any of the replys 
back, so it seems as though it's not forwarding the packets properly on 
the way back.  
Can anyone tell me what I might have wrong with this?  I will post up my 
client and server configurations, and since I am no the most fluent with 
iptables, I will also post a description of that for Charriot also, since 
I believe that may be the culprit.

Server (Charriot) - OpenVPN 2.0.4 (Server Configuration)
--------------------------------------------------------

local 136.159.94.17
port 1194
proto udp
dev tun

ca /data1/openvpn-2.0.4/easy-rsa/136/keys/ca.crt
cert /data1/openvpn-2.0.4/easy-rsa/136/keys/server.crt
key /data1/openvpn-2.0.4/easy-rsa/136/keys/server.key  
dh /data1/openvpn-2.0.4/easy-rsa/136/keys/dh1024.pem

server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 136.159.94.20 255.255.255.255"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn.136.-status.log
log         /var/log/openvpn.136.log
verb 3

Server (Charriot) - Route Table ($route -n)
--------------------------------------------

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
10.9.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 
tun0
206.75.91.0     0.0.0.0         255.255.255.0   U     0      0        0 
eth0
136.159.94.0    0.0.0.0         255.255.255.0   U     0      0        0 
eth1
10.9.0.0        10.9.0.2        255.255.255.0   UG    0      0        0 
tun0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         136.159.94.1    0.0.0.0         UG    1      0        0 
eth1

Server (Charriot) - IPTables (#iptables -L)
-------------------------------------------

Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  localhost            anywhere
DROP       all  --  anywhere             localhost
DROP       all  --  192.168.0.0/16       anywhere
DROP       all  --  172.16.0.0/12        anywhere
DROP       all  --  10.0.0.0/8           anywhere
ACCEPT     all  --  localhost            anywhere
ACCEPT     all  --  anywhere             localhost
ACCEPT     icmp --  anywhere             anywhere            icmp 
echo-request
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            udp dpt:1194
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTAB                                                                             
LISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  localhost            anywhere
DROP       all  --  anywhere             localhost
DROP       all  --  192.168.0.0/16       anywhere
DROP       all  --  172.16.0.0/12        anywhere
DROP       all  --  10.0.0.0/8           anywhere
DROP       tcp  --  anywhere             anywhere            tcp 
spts:netbios-ns                                                                             
:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp 
spts:netbios-ns                                                                             
:netbios-ssn
DROP       all  -- !10.0.0.0/24          anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state NEW
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTAB                                                                             
LISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp 
spts:netbios-ns                                                                             
:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp 
spts:netbios-ns                                                                             
:netbios-ssn
ACCEPT     all  --  anywhere             anywhere            state NEW


Client (Workstation) - OpenVPN 2.0.2 (Client Configuration)
----------------------------------------------------------

client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/work/ca.crt
cert /etc/openvpn/work/matt.crt
key /etc/openvpn/work/matt.key
ns-cert-type server
comp-lzo
verb 3


Client (Workstation) - Route Table ($route -n)
----------------------------------------------

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
136.159.94.20   10.9.0.5        255.255.255.255 UGH   0      0        0 
tun0
10.9.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 
tun0
10.9.0.1        10.9.0.5        255.255.255.255 UGH   0      0        0 
tun0
136.159.94.17   192.168.1.1     255.255.255.255 UGH   0      0        0 
eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 
eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 
eth0


If anyone can help me with this it would be greatly appreciated, I've 
spent so much time on this and havne't been able to get it working (and 
it's almost there!)


Thanks in advnace

--
Matthew Clarkson


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Prev by Date: Re: [Openvpn-users] Openvpn on openbsd, ifconfig-push problems
Next by Date: Re: [Openvpn-users] openvpn and time changes
Previous by thread: [Openvpn-users] OpenVPN + Solaris 9 issue
Next by thread: [Openvpn-users] cont...problems only on windows server....
Index(es):
- Date
- Thread