[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Ping test succeeds, but only to internal network

Subject: [Openvpn-users] Ping test succeeds, but only to internal network
From: Jeff Mitchell <kde-dev@xxxxxxxxxxxxxxxxx>
Date: Mon, 16 Oct 2006 14:32:51 +0000

Hello--

I'm attempting to set up OpenVPN in a bridging configuration, and when  
the user is connected, I want all traffic to be routed through the VPN.

The client successfully connects, and the default routes on the client  
system point to the VPN box, but while traffic to internal nodes on  
the network works, traffic anywhere outside does not.  I believe I've  
set up forwarding correctly with iptables and such, but if someone can  
take a look at my configuration and tell me what's wrong, it'd be great.

My tap device is tap0, and the bridge is br0.  IP Address set on the  
bridge, etc.  Server is a Gentoo Linux box, x86_64, running openvpn  
2.0.6.  Client is a Windows XP box running openvpn 2.0.7 included from  
openvpn gui 1.0.3.

/proc/sys/net/ipv4/ip_forward is, of course, set to 1

Relevant section from iptables-save:
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
.....other rules for other services.....
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -i tap0 -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A FORWARD -i tap0 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT

Server openvpn config:
dev tap0
proto udp
port 1194
mode server
server-bridge 192.168.1.19 255.255.255.0 192.168.1.200 192.168.1.205
push "redirect-gateway"
client-to-client
status /tmp/vpn-my_network.status
tls-auth /usr/share/openvpn/easy-rsa/keys/ta.key 0
keepalive 10 30
max-clients 5
verb 3
tls-server
dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem
ca /usr/share/openvpn/easy-rsa/keys/ca.crt
cert /usr/share/openvpn/easy-rsa/keys/server.crt
key /usr/share/openvpn/easy-rsa/keys/server.key
comp-lzo
user nobody
group nobody
persist-key
persist-tun
push "dhcp-option DNS 192.168.1.1"

Client config:
port 1194
proto udp
dev tap
resolv-retry infinite
remote (my server here)
float
tls-client
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
verb 3
comp-lzo
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
mute 20
pull

Thanks in advance,
Jeff
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Ping test succeeds, but only to internal network
  - From: Christoph Haas

Prev by Date: Re: [Openvpn-users] HOWTO: Integrating client names into server-side DNS
Next by Date: [Openvpn-users] Server public ip same like lan ip
Previous by thread: [Openvpn-users] Does OpenVPN 2.0/2.1 support ECDH?
Next by thread: Re: [Openvpn-users] Ping test succeeds, but only to internal network
Index(es):
- Date
- Thread