|
|
Okay, I've been asked to get openvpn working for a new client. Someone previously setup the vpn but never got it working. I'm thinking there must be something really simple that I am overlooking, anyone see anything obvious that I am missing? Setup - 2 Debian servers behind a Linksys Nat firewall, the BEFSR41 IIRC - lan has a mix of windows, mac os and linux machines, primarily ubuntu with one or 2 other distros. One server is just acting as the openvpn endpoint while the other is the file, print etc server. - linksys firewall is the dhcp server for the lan - linksys firewall has port forwarding for defalt openvpn port to the openvpn server - currently using the tun interface, have also tried using tap (which is what it was originally set for) - the lan scope is 192.168.1.0/24 (will be changed once the basic config is working), I am connecting from very different lan scopes - port forwarding is enabled on the machine (single physical interface) - iptables is set to accept for all chains on both servers, ie no rules - disabling the firewall on the xp machine (forticlient) has no impact on the issue I am connecting from an XP machine behind another Linksys Nat router (I've tried 2 the BEFVP41 and the WRV54G) The problem, I can bring up the connection from the XP machine successfully, I can then ping from the openvpn server to the client machine and vice versa, interactive ssh etc, all works fine. However I cannot get access to the other machines on the same lan as the openvpn server. Configuration is as follows, note some items obscured. Server openvpn.conf port 1194 proto tcp dev tap0 tls-server ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/vpnserv.crt dh /etc/openvpn/easy-rsa/keys/dh1024.pem key /etc/openvpn/easy-rsa/keys/vpnserv.key server 10.34.55.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS xxx.xxx.xxx.xxx" push "dhcp-option DNS xxx.xxx.xxx.xxx" push "route 192.168.1.0 255.255.255.0" keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 4 Client config client dev tun ;dev-node MyTap proto tcp remote my.remote.server.ip 1194 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca ca.crt cert vpnserv.crt key vpnserv.key ;ns-cert-type server ;tls-auth ta.key 1 ;cipher x comp-lzo verb 4 ;mute 20 -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@xxxxxxxxx (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |