|
|
First and foremost, I'm enormously grateful for your
effort of trying to help me. Thank you.
Below is my network.
10.13.38.6 - IP of VPN client
10.13.38.1 - IP of VPN server
10.11.38.100 - LAN IP of VPN server
10.11.38.101 - LAN IP
10.11.38.202 - LAN IP of SNMP box
Here's what I found: from the VPN client I can ping
everything on the LAN, ie. 10.11.38.100, 10.11.38.202,
etc. I can also telnet and ftp into 10.11.38.102. I
can telnet, ftp, and ssh into 10.11.38.101.
from SNMP box I can ping 10.11.38.100, 10.13.38.1 (VPN
side of server) but I cannot ping 10.13.38.6 (watching
packet sniffer I can say that 10.13.38.6 receives the
request but never replies). This box has 10.11.38.100
as its gateway.
from VPN server I can ping 10.11.38.202, but I cannot
across the VPN tunnel ping 10.13.38.6 (I can ping
10.1.1.8, which is the 'regular' IP of the VPN client
but not the VPN interface).
Also, once there actually was a communication between
the VPN client and the SNMP box. But then, when I
disconnected the VPN tunnel and reconnected it
(without changing any configurations) there was no
connection ever since (I have a GUI installed on the
VPN client that monitors the SNMP box. It uses SNMP as
its protocol.) I do appreciate any suggestions.
Below is my network topology:
ooooooooooooooooooooo
o o
o 10.11.38.202 o
o o
ooooooooooooooooooooo
||
|| (gateway/VPN server)
__________||_________ __________________
| | | |
| switch |======|10.11.38.100 |
|___________________| |_________________|
|| || VPN IP
|| || 10.13.38.1
|| ||
ooooooooooooooooooooo ||
o o ||
o 10.11.38.101 o || (VPN tunnel)
o o ||
ooooooooooooooooooooo ||
||
||
||
||
||
||
||
ooooooooooooooooooooo
o o
o 10.13.38.6 o
o o
ooooooooooooooooooooo
(VPN client)
Below is the output of tcpdump taken from the SNMP
box. I am also attaching the output of ethereal taken
from the VPN client.
15:53:05.308328 0:a0:24:a7:a6:a3 > 3:0:0:0:0:1 sap f0
ui/C len=184
2c00 ffef 0800 0000 0000 0000
4154 5343
2020 2020 2020 2020 2020 201e
4755 4920
5043 3530 2020 2020 2020 2000
ff53 4d42
2500 0000 0000 0000 0000 0000
0000 0000
0000 0000 0000 0000 0000 0000
1100 00
15:53:10.807952 10.11.38.4.netbios-dgm >
10.11.38.255.netbios-dgm: udp 222
15:53:51.761268 10.13.38.6.2112 > 10.11.38.202.snmp:
GetRequest(25) system.sysDescr.0
15:53:51.774509 10.11.38.202.snmp > 10.13.38.6.2112:
GetResponse(37) system.sysDescr.0="NetBSD fc"
15:53:52.760842 10.13.38.6.2112 > 10.11.38.202.snmp:
GetRequest(25) system.sysDescr.0
15:53:52.761656 10.11.38.202.snmp > 10.13.38.6.2112:
GetResponse(37) system.sysDescr.0="NetBSD fc"
15:53:52.767484 10.13.38.6.2113 > 10.11.38.202.snmp:
GetRequest(25) system.sysDescr.0
15:53:52.768240 10.11.38.202.snmp > 10.13.38.6.2113:
GetResponse(37) system.sysDescr.0="NetBSD fc"
15:53:53.767685 10.13.38.6.2113 > 10.11.38.202.snmp:
GetRequest(25) system.sysDescr.0
15:53:53.768490 10.11.38.202.snmp > 10.13.38.6.2113:
GetResponse(37) system.sysDescr.0="NetBSD fc"
15:53:56.760206 arp who-has 10.11.38.202 tell
10.11.38.100
15:53:56.760261 arp reply 10.11.38.202 is-at
0:2:c5:1:15:bd
15:53:56.768150 10.13.38.6.2113 > 10.11.38.202.snmp:
GetRequest(25) system.sysDescr.0
15:53:56.768949 10.11.38.202.snmp > 10.13.38.6.2113:
GetResponse(37) system.sysDescr.0="NetBSD fc"
15:53:57.768626 10.13.38.6.2113 > 10.11.38.202.snmp:
GetRequest(25) system.sysDescr.0
15:53:57.769433 10.11.38.202.snmp > 10.13.38.6.2113:
GetResponse(37) system.sysDescr.0="NetBSD fc"
--- Jon Bendtsen <jon.bendtsen@xxxxxxxxxx> wrote:
> Den tirsdag 4.apr kl. 21:49 skrev ... ...:
>
> > I've spoken with a guy that works with the
> equipment
> > that I'm trying to manage through the VPN tunnel.
> He
> > looked at the configuration of that equipment and
> he
> > says that it looks good. He says that it's the
> problem
> > with the VPN not passing the data. He says that it
> > might be a problem with configuring the VPN. Below
> is
> > my server and client config files. Could anyone
> look
> > at it and tell me if I'm missing something. I
> don't
> > have a single firewall on any of the machines on
> the
> > network, so I don't think it's a firewall issue. I
> > tried googling the problem but it looks like I'm
> the
> > only one that's trying to pass SNMP over VPN.
> Thank
> > you...
>
> Your config files for OpenVPN seems fine. Now start
> using a
> network sniffer and follow the packet path from end
> to end, along
> all possible computers/routers/network interfaces.
>
> A few things to look for.
>
> Since the equipment doing the SNMP is most likely
> not
> running openvpn, then i'd start thinking of the
> routing setup.
>
> On both LAN's, both the client and the server side.
> Make sure that
> the default gateway knows how to route packets to
> the other side.
> it should be sent through the openvpn client/server.
>
> Also notice that if you on the server side want to
> reach the client lan,
> you have to use an iroute directive to push it to
> the client.
>
> Maybe you should draw a map of your network setup so
> we can look
> at that and get a better understandig of the
> problem.
>
>
>
> JonB
>
>
>
-------------------------------------------------------
> This SF.Net email is sponsored by xPML, a
> groundbreaking scripting language
> that extends applications into web and mobile media.
> Attend the live webcast
> and join the prime developer group breaking into
> this new coding territory!
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com Attachment:
202
Description: 3650417695-202
|