|
|
David Balazic wrote: > Does the client run with administrator rights ? > > I believe this line in the server config is unneeded : > push "route 192.168.141.0 255.255.255.0" We've checked - it runs with administrator rights (it can create the tap device) and I've removed teh offending line; no joy. Tunnel is created, no traffic flows, no gateway for tap device. :-( Do we need to add route-delay 60 or something to the client? Is there a script or something we can use to create it 'by hand' after the connection is up? --Yan > > Regards, > David > > *From:* openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Yan > Seiner > *Sent:* Wed 07-Nov-07 03:41 > *To:* openvpn-users@xxxxxxxxxxxxxxxxxxxxx > *Cc:* Johan Niemand > *Subject:* [Openvpn-users] route not being pushed to client > > We're trying to bridge a linux box to a windows road warrior. > > We need to bridge because of some software on the road warrior that > won't work with routed networks. > > So far we've established the tunnel and we can get an IP, but no data > flows. No pings, no nothing. > > We've figured out that this is most likely due to to gateway not being > pushed to the client. I've posted a screenshot at > http://www.seiner.com/screenshot.png > > From the manpage, > > server-bridge gateway netmask pool-start-IP pool-end-IP > > For example, server-bridge 10.8.0.4 255.255.255.0 > 10.8.0.128 > 10.8.0.254 expands as follows: > > mode server > tls-server > > ifconfig-pool 10.8.0.128 10.8.0.254 255.255.255.0 > push "route-gateway 10.8.0.4" > > So the client should get a default route of 10.8.0.4 > > On our system, the route for the tap interface is set but the default > gateway for the tap adapter remains empty, and the default route is set > to the physical NIC. > > Can anyone suggest what we need to set, for either the client or the > server? > > Server conf: > port 1194 > proto tcp > dev tap > ca /etc/openvpn/easy-rsa/keys/ca.crt > cert /etc/openvpn/easy-rsa/keys/server.crt > key /etc/openvpn/easy-rsa/keys/server.key > dh /etc/openvpn/easy-rsa/keys/dh1024.pem > ifconfig-pool-persist ipp.txt > server-bridge 192.168.141.3 255.255.255.0 192.168.141.120 192.168.141.127 > push "route 192.168.141.0 255.255.255.0" > keepalive 10 120 > comp-lzo > persist-key > status openvpn-status.log > verb 3 > > client conf: > client > dev tap > proto tcp > remote x.x.x.x 1194 > resolv-retry infinite > nobind > persist-key > persist-tun > ca ca.crt > cert tiffini.crt > key tiffini.key > comp-lzo > verb 3 > > Thanks, > > --Yan > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > !DSPAM:473174ed241271804284693! ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |
