|
|
Hi, openvpn-users.
I got a problem with connecting a clients and servers subnets.
The topology is:
Server
subnet: 192.168.2.0/24
local addr: 192.168.2.1
Client
subnet: 192.168.1.0/24
local addr: 192.168.1.1
My server config file:
dev tun
# Run as a single instance server
mode server
proto udp
ifconfig 10.1.0.1 10.1.0.2
ifconfig-pool 10.1.0.4 10.1.0.254
route 10.1.0.0 255.255.255.0
route 192.168.1.0 255.255.255.0
#route 192.168.2.0 255.255.255.0 -- if enabled brokes routing to local subnet
push "route 10.1.0.1 255.255.255.255"
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
tls-server
dh /usr/share/ssl/CA-DB/dh1024.pem
ca /usr/share/ssl/CA-DB/cacert.pem
cert /usr/share/ssl/CA-DB/vpncert.pem
key /usr/share/ssl/CA-DB/vpnkey.pem
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/openvpn-status.log
crl-verify /usr/share/ssl/CA-DB/crl/crl.pem
comp-lzo
client-to-client
client-config-dir /etc/openvpn/ccd
management localhost 7505
client1 configuration on server:
iroute 192.168.1.0 255.255.255.0
client1 configuration:
dev tun
remote 195.138.94.154
tls-client
ca /etc/openvpn/cacert.pem
cert /etc/openvpn/client1cert.pem
key /etc/openvpn/client1key.pem
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/openvpn-status.log
pull
comp-lzo
The symptom:
[root@client] ping 192.168.2.8 ## (a machine from servers subnet)
PING 129.168.2.8 (129.168.2.8) 56(84) bytes of data.
.......and nothing.....
but the server:
[root@client] ping 192.168.2.1 ## (servers IP in subnet)
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=9.89 ms
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=9.79 ms
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1005ms
rtt min/avg/max/mdev = 9.795/9.844/9.893/0.049 ms, pipe 2
The same situation from the server:
[root@server]# ping 192.168.1.12 ##(a machone in clients subnet)
....and nothing......
But the client's ip in subnet:
[root@server] ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=11.7 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=9.61 ms
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 9.613/10.687/11.762/1.079 ms, pipe 2
Forwarding and masquerading are disabled on this networks and device tun0
Distro: Fedora Core 3 (both and server and client)
routing tables
client:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.1.0.1 10.1.0.5 255.255.255.255 UGH 0 0 0 tun0
my_outer_ip 0.0.0.0 255.255.255.252 U 0 0 0 eth0
192.168.2.0 10.1.0.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 my_gateway 0.0.0.0 UG 0 0 0 eth0
server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
my_outer_ip 0.0.0.0 255.255.255.252 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 10.1.0.2 255.255.255.0 UG 0 0 0 tun0
10.1.0.0 10.1.0.2 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 my_gateway 0.0.0.0 UG 0 0 0 eth1
Both tables are shown when OpenVPN is working.
OpenVPN version is: 2.0.7
What should I do to make it work and how should I do that?
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|