|
|
On Friday 02 March 2007 10:39, Silver Salonen wrote:
> On Tuesday 27 February 2007 11:26, Willy Offermans wrote:
> > On Mon, Feb 26, 2007 at 12:36:38PM +0200, Silver Salonen wrote:
> > > Hello!
> > >
> > > I'm running 2.0.6 as server on FreeBSD-4.9 and 2.0.6 as client on
> FreeBSD-6.1
> > > (as well as on another FreeBSD-6.2). I'm using dev tap and bridging.
> > >
> > > The problem is that although VPN is successfully established and seems
to
> > > work, clients can't ping server (nor reach it any other way). Clients
(as
> > > well as LANs behind them) can reach LAN behind the server though.
Client's
> > > Firewall (PF) doesn't block anything and tcpdump on client's tap0 shows
> icmp
> > > request going to server and icmp reply coming back, but ping just
doesn't
> see
> > > it.
> > >
> > > The problem occured after changing server's hardware (the old machine
> died, so
> > > the HDD was moved into another machine with other network cards). After
> > > changing the according interface names in server's configurations,
> everything
> > > else is OK, but only this doesn't work.
> > >
> > > Any ideas?
> > >
> > > Silver
> > >
> >
> > Hello Silver,
> >
> > Did you check the route tables as well?
> >
> > netstat -rn
> >
> > The appropriate routes should be available.
>
> Hi,
>
> Sorry, I just now noticed somebody had replied me :)
>
> But yes, routes and everything is OK. Server is 192.168.111.10/24 and
OpenVPN
> client's tap0 is 192.168.111.225, int_if is 192.168.64.1
>
> Route in server: 192.168.64 192.168.111.225 UGSc 1 3 xl1 (xl1 is bridged
with
> tap0 so the packets are sent along VPN)
> Route in client: 192.168.111 link#7 UC 0 0 tap0
> Route in client: 192.168.111.10 00:bd:3a:3a:00:00 UHLW 1 26 tap0 1174 (this
is
> getting moved after a while from server's tap0 MAC to 192.168.111.10's real
> MAC).
> Route in client: 192.168.111.200 00:16:76:4a:5c:f5 UHLW 1 223 tap0 973
>
> Client's tcpdump while pinging server:
> listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
> 10:28:23.895842 arp who-has 192.168.111.10 tell 192.168.111.225
> 10:28:23.912701 arp reply 192.168.111.10 is-at 00:bd:3a:3a:00:00 (oui
Unknown)
> 10:28:23.912719 IP 192.168.111.225 > 192.168.111.10: ICMP echo request, id
> 27344, seq 0, length 64
> 10:28:23.928005 IP 192.168.111.10 > 192.168.111.225: ICMP echo reply, id
> 27344, seq 0, length 64
>
> But well.. nothing is received by ping :(
>
> But pinging some other IP is OK.. it's tcpdump:
> listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
> 10:31:29.236614 arp who-has 192.168.111.201 tell 192.168.111.197
> 10:31:29.707347 arp who-has 192.168.111.200 tell 192.168.111.225
> 10:31:29.784753 arp reply 192.168.111.200 is-at 00:16:76:4a:5c:f5 (oui
> Unknown)
> 10:31:29.784770 IP 192.168.111.225 > 192.168.111.200: ICMP echo request, id
> 31696, seq 0, length 64
> 10:31:29.818018 IP 192.168.111.200 > 192.168.111.225: ICMP echo reply, id
> 31696, seq 0, length 64
>
> I just don't get it. I turned on verbosity in ping ("ICMP packets other than
> ECHO_RESPONSE that are received are listed"), but there's nothing..
>
> Any debugging suggestions?
>
> Silver
Heelloo.
Any debuggers?
Silver
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|