|
|
ah OK, so I have the network layout correct... next, on the server, with the openvpn server running, try ping 10.8.0.128 (or any other vmware client) ping -I 10.1.0.2 10.8.0.128 do both work? cheers, JJK Rida wrote: > Hi, > > Sorry for the late answer. Here are the answers to your questions: > > * The openvpn server is running on the host running vmware, binded > to the public address only > * The subnet for the openvpn clients is 10.1.0.0/24 > <http://10.1.0.0/24>, right > * The subet for vmnet8 is 10.8.0.0/24 <http://10.8.0.0/24>, right > again > > And here is the output of the "netstat -rn" command: > > > ~# netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS > Window irtt Iface > 10.1.0.2 <http://10.1.0.2> 0.0.0.0 <http://0.0.0.0> > 255.255.255.255 <http://255.255.255.255> UH 0 0 0 tun0 > 10.8.0.0 <http://10.8.0.0> 0.0.0.0 <http://0.0.0.0> > 255.255.255.0 <http://255.255.255.0> U 0 0 0 vmnet8 > <public address> 0.0.0.0 <http://0.0.0.0> > 255.255.255.0 <http://255.255.255.0> U 0 0 0 eth0 > 10.1.0.0 <http://10.1.0.0> 10.1.0.2 > <http://10.1.0.2> 255.255.255.0 <http://255.255.255.0> > UG 0 0 0 tun0 > 0.0.0.0 <http://0.0.0.0> <public address> 0.0.0.0 > <http://0.0.0.0> UG 0 0 0 eth0 > > > Thank you in advance, > Rida. > > On Jan 18, 2008 3:37 AM, Jan Just Keijser <janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx>> wrote: > > Hi Rida, > > I just reread the entire thread and am still confused... can you > please > tell me/us > > - on which server (incl IP address) the openvpn server is running > - what the subnet for the openvpn is (10.1.0.0/24 > <http://10.1.0.0/24>, right?) > - what the subnet for vmnet8 is ( 10.8.0.0/24 > <http://10.8.0.0/24>, right) > > and/or could you post the output of > netstat -rn > after the openvpn server has started. > > cheers, > > JJK > > Rida wrote: > > Hi, > > > > Yep, routing is enabled on the server (echo 1 > > > /proc/sys/net/ipv4/ip_forward). I understand what you meant by the > > route subnet pointing to itself. I removed the routes from the > server > > configuration (those pushed to the client) and... it still > doesn't work. > > > > Regards, > > Rida. > > > > On Jan 12, 2008 3:09 AM, Jan Just Keijser < janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx> > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>>> wrote: > > > > Hi Rida, > > > > I am not surprised that that route statement did not work: > it's a > > route > > to a subnet pointing to itself! > > If the host running the openvpn software is 10.8.0.1 > <http://10.8.0.1/> > > <http://10.8.0.1/> itself then no > > extra route statement should be required. > > However, how vmware routes traffic between the different VMs > is a > > different matter; is routing enabled on the server? > > > > HTH, > > > > JJK > > > > Rida wrote: > > > Hi, > > > > > > Thanks for the quick answer. Actually, i tried to "fix" this > > (because > > > i've seen the tip in the openvpn faq), but impossible to > add the > > route > > > on the virtual machines. ie "route add -net 10.1.0.0 > <http://10.1.0.0/> > > <http://10.1.0.0/> <http://10.1.0.0 <http://10.1.0.0/> > <http://10.1.0.0/ <http://10.1.0.0/>>> > > > netmask 255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/>> gw 10.1.0.1 <http://10.1.0.1/> > > <http://10.1.0.1/> > > > <http://10.1.0.1 <http://10.1.0.1/> < http://10.1.0.1/>>" > tells me "Network > > unreachable" (but i can ping it > > > from there). And yes, there is a default gateway ( > 10.8.0.1 <http://10.8.0.1/> > > < http://10.8.0.1/> > > > <http://10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/>>) > > > > > > Regards, > > > Rida. > > > > > > On Jan 11, 2008 2:30 AM, Jan Just Keijser > <janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>> > > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>>>> wrote: > > > > > > Hi Rida, > > > > > > this does not sound like an VMware issue but more like a > > routing > > > issue. > > > How would clients in the vmnet8 domain ( 10.8.0.128 > <http://10.8.0.128/> > > <http://10.8.0.128/> > > > <http://10.8.0.128/ >) know where to send > > > stuff back to? Do they know that all packets intended for > > 10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > > > < http://10.1.0.6/> > > > should be fed back to the openvpn server? In most > cases the > > > clients on > > > your LAN (vmnet LAN in this case) will not know any route > > for the > > > 10.1.0 > > > net and will return packets thru the default gateway. > Again, > > in most > > > cases that is not what you want ;-) > > > > > > HTH, > > > > > > JJK > > > > > > PS I use a openvpn-on-vmware setup all the time without > > problems (tun > > > setup). > > > > > > > > > Rida wrote: > > > > > > > > Hello everybody, > > > > > > > > I want, first, to say thank you to all openvpn > developers > > for this > > > > very useful > > > > piece of software! Happy new year too. > > > > > > > > So, i got a very strange problem that is getting on > my nerve > > > because i > > > > can't > > > > resolve the issue. I got vmware server running on a > basic > > server ; > > > > there is 1 > > > > virtual network (in NAT mode). Here are the routes > on the > > server > > > > (after vmware > > > > and openvpn are started): > > > > > > > > 10.1.0.2 <http://10.1.0.2/> < http://10.1.0.2/> > <http://10.1.0.2/> > > <http://10.1.0.2 <http://10.1.0.2/> <http://10.1.0.2/> < > http://10.1.0.2/>> > > > dev tun0 proto kernel scope link src > > > > 10.1.0.1 <http://10.1.0.1/> <http://10.1.0.1/ > <http://10.1.0.1/>> <http://10.1.0.1/> < > > http://10.1.0.1 <http://10.1.0.1/> <http://10.1.0.1/ > <http://10.1.0.1/>> <http://10.1.0.1/>> > > > > 10.8.0.0/24 <http://10.8.0.0/24> > <http://10.8.0.0/24> < http://10.8.0.0/24> < > > http://10.8.0.0/24> dev > > > vmnet8 proto kernel scope link > > > > src 10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/> > <http://10.8.0.1/> < > > http://10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/> > <http://10.8.0.1/>> > > > > <public-ip> dev eth0 proto kernel scope link src > > <public-ip> > > > > 10.1.0.0/24 <http://10.1.0.0/24> < > http://10.1.0.0/24> < http://10.1.0.0/24> < > > http://10.1.0.0/24 <http://10.1.0.0/24>> via > > > 10.1.0.2 <http://10.1.0.2/> <http://10.1.0.2/> < > http://10.1.0.2/ <http://10.1.0.2/>> > > <http://10.1.0.2 <http://10.1.0.2/> <http://10.1.0.2/> > <http://10.1.0.2/ <http://10.1.0.2/>>> > > > dev tun0 > > > > default via 91.121.95.254 <http://91.121.95.254/> > <http://91.121.95.254/ <http://91.121.95.254/>> > > <http://91.121.95.254/> > > > <http://91.121.95.254 <http://91.121.95.254/> < > http://91.121.95.254/> < > > http://91.121.95.254/>> dev eth0 > > > > > > > > Nothing special then (the only thing to keep in mind is > > that vmware > > > > uses source > > > > routing). I set up an openvpn server on the server (the > > one with the > > > > public IP), > > > > and it is working fine, because i can connect to it > and i > > got an IP > > > > address on > > > > windows clients. Here's the server's configuration file: > > > > > > > > local <public-ip> > > > > port 1194 > > > > proto tcp > > > > dev tun > > > > ca keys/ca.crt > > > > cert keys/server.crt > > > > key keys/server.key > > > > dh keys/dh1024.pem > > > > server 10.1.0.0 <http://10.1.0.0/> > <http://10.1.0.0/> < http://10.1.0.0/> < > > http://10.1.0.0 <http://10.1.0.0/> <http://10.1.0.0/> > > > <http://10.1.0.0/>> 255.255.255.0 > <http://255.255.255.0/> < http://255.255.255.0/> < > > http://255.255.255.0/> > > > <http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/>> > > > > ifconfig-pool-persist ipp.txt > > > > push "route 10.2.0.0 <http://10.2.0.0/> > <http://10.2.0.0/> <http://10.2.0.0/ > > <http://10.2.0.0/ <http://10.2.0.0/>>> <http://10.2.0.0 > <http://10.2.0.0/> <http://10.2.0.0/> > > > <http://10.2.0.0/>> 255.255.255.0 > <http://255.255.255.0/> < http://255.255.255.0/> > > <http://255.255.255.0/> > > > > <http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> < > > http://255.255.255.0/>>" > > > > push "route 10.8.0.0 <http://10.8.0.0/> < > http://10.8.0.0/> <http://10.8.0.0/> > > < http://10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0/> > > > <http://10.8.0.0/>> 255.255.255.0 > <http://255.255.255.0/> < http://255.255.255.0/> < > > http://255.255.255.0/> > > > > <http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/>>" > > > > push "route-delay 2 600" > > > > client-to-client > > > > keepalive 10 120 > > > > tls-auth keys/ta.key 0 > > > > cipher AES-128-CBC # AES > > > > comp-lzo > > > > max-clients 250 > > > > user nobody > > > > group nobody > > > > persist-key > > > > persist-tun > > > > status /var/log/openvpn-status.log > > > > log-append /var/log/openvpn.log > > > > verb 6 > > > > mute 20 > > > > > > > > Now the clients one: > > > > > > > > client > > > > dev tun0 > > > > proto tcp > > > > remote 91.121.95.16 <http://91.121.95.16/> > <http://91.121.95.16/> > > <http://91.121.95.16/> < http://91.121.95.16 > <http://91.121.95.16/> <http://91.121.95.16/ <http://91.121.95.16/>> > > > <http://91.121.95.16/>> 1194 > > > > resolv-retry infinite > > > > nobind > > > > persist-key > > > > persist-tun > > > > ca ca.crt > > > > cert client.crt > > > > key client.key > > > > ns-cert-type server > > > > tls-auth ta.key 1 > > > > cipher AES-128-CBC # AES > > > > comp-lzo > > > > verb 3 > > > > > > > > Still nothing special, these are basic configuration > > files. Before > > > > i'll "draw" a > > > > network topology so you'll have a better idea of how > vmware > > > implement > > > > their NAT > > > > (hope there is no error): > > > > > > > > [Windows client](10.1.0.6/30 <http://10.1.0.6/30> < > http://10.1.0.6/30> < > > http://10.1.0.6/30> > > > <http://10.1.0.6/30 > tap) <-> > > > > (10.1.0.5/30 <http://10.1.0.5/30> > <http://10.1.0.5/30> < http://10.1.0.5/30 <http://10.1.0.5/30>> > > <http://10.1.0.5/30> tap gw) > > > <-> ( 10.1.0.2/24 <http://10.1.0.2/24> < > http://10.1.0.2/24> <http://10.1.0.2/24> > > > > < http://10.1.0.2/24> vpn > > > > real gw) <-> ( 10.1.0.1/24 <http://10.1.0.1/24> > <http://10.1.0.1/24> > > <http://10.1.0.1/24> < > > > http://10.1.0.1/24> tun) [server] > > > > (10.8.0.1/24 <http://10.8.0.1/24> < > http://10.8.0.1/24> < http://10.8.0.1/24 > > <http://10.8.0.1/24>> < http://10.8.0.1/24> vmnet8) > > > <-> [virtual > > > > machine]( 10.8.0.128/24 <http://10.8.0.128/24> < > http://10.8.0.128/24> > > <http://10.8.0.128/24> > > > <http://10.8.0.128/24> gw 10.8.0.1/24 > <http://10.8.0.1/24> <http://10.8.0.1/24> > > <http://10.8.0.1/24 <http://10.8.0.1/24> <http://10.8.0.1/24>> > > > > < http://10.8.0.1/24>) > > > > > > > > The virtual machine route is just a default gw to > > 10.8.0.1/24 <http://10.8.0.1/24> <http://10.8.0.1/24> > > > <http://10.8.0.1/24 <http://10.8.0.1/24>> > > > > <http://10.8.0.1/24 < http://10.8.0.1/24>>. Routes > on the > > > > client : > > > > > > > > Active Routes: > > > > Network Destination Netmask Gateway > > Interface > > > > Metric > > > > 0.0.0.0 <http://0.0.0.0/> > <http://0.0.0.0/> <http://0.0.0.0/> > > < http://0.0.0.0 <http://0.0.0.0/> <http://0.0.0.0/> > > > < http://0.0.0.0/>> 0.0.0.0 <http://0.0.0.0/> > < http://0.0.0.0/> > > <http://0.0.0.0/> > > > > < http://0.0.0.0 <http://0.0.0.0/> < > http://0.0.0.0/> <http://0.0.0.0/>> > > 192.168.0.1 <http://192.168.0.1/> <http://192.168.0.1/> > > > < http://192.168.0.1/> <http://192.168.0.1 > <http://192.168.0.1/> > > <http://192.168.0.1/> < http://192.168.0.1/>> > > > 192.168.0.117 <http://192.168.0.117/> > <http://192.168.0.117/> < http://192.168.0.117/> > > > > < http://192.168.0.117 <http://192.168.0.117/> > <http://192.168.0.117/> < > > http://192.168.0.117/>> 25 > > > > 10.1.0.0 <http://10.1.0.0/> < > http://10.1.0.0/> <http://10.1.0.0/> < > > http://10.1.0.0 <http://10.1.0.0/> < http://10.1.0.0/> > > > <http://10.1.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > < http://255.255.255.0/> < http://255.255.255.0/> > > > > <http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/>> 10.1.0.5 <http://10.1.0.5/> > < http://10.1.0.5/> > > > <http://10.1.0.5/> <http://10.1.0.5 <http://10.1.0.5/> > < http://10.1.0.5/> > > <http://10.1.0.5/ <http://10.1.0.5/>>> > > > > 10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > <http://10.1.0.6/> > > < http://10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > <http://10.1.0.6/>> > > > 1 > > > > 10.1.0.4 <http://10.1.0.4/> > <http://10.1.0.4/> < http://10.1.0.4/> > > <http://10.1.0.4 <http://10.1.0.4/> <http://10.1.0.4/> > > > <http://10.1.0.4/>> 255.255.255.252 > <http://255.255.255.252/> > > < http://255.255.255.252/> <http://255.255.255.252/> > > > > <http://255.255.255.252 <http://255.255.255.252/> > <http://255.255.255.252/> < > > http://255.255.255.252/>> > > > 10.1.0.6 <http://10.1.0.6/> < http://10.1.0.6/> > <http://10.1.0.6/> < > > http://10.1.0.6 <http://10.1.0.6/> < http://10.1.0.6/> > <http://10.1.0.6/>> > > > > 10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > <http://10.1.0.6/ <http://10.1.0.6/> > > <http://10.1.0.6/>> < http://10.1.0.6 <http://10.1.0.6/> > <http://10.1.0.6/ <http://10.1.0.6/>> > > > <http://10.1.0.6/>> 30 > > > > 10.1.0.6 <http://10.1.0.6/> < > http://10.1.0.6/> < http://10.1.0.6/> > > <http://10.1.0.6 <http://10.1.0.6/> < http://10.1.0.6/> > > > <http://10.1.0.6/>> 255.255.255.255 > <http://255.255.255.255/> > > < http://255.255.255.255/> <http://255.255.255.255/> > > > > <http://255.255.255.255 <http://255.255.255.255/> > <http://255.255.255.255/> < > > http://255.255.255.255/>> > > > 127.0.0.1 <http://127.0.0.1/> < http://127.0.0.1/> > <http://127.0.0.1/> < > > http://127.0.0.1 <http://127.0.0.1/> < http://127.0.0.1/> > <http://127.0.0.1/>> > > > > 127.0.0.1 <http://127.0.0.1/> <http://127.0.0.1/> < > http://127.0.0.1/> > > <http://127.0.0.1 <http://127.0.0.1/> <http://127.0.0.1/> > > > <http://127.0.0.1/>> 30 > > > > 10.8.0.0 <http://10.8.0.0/> < > http://10.8.0.0/> < http://10.8.0.0/> > > <http://10.8.0.0 <http://10.8.0.0/> < http://10.8.0.0/> > > > <http://10.8.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > < http://255.255.255.0/> <http://255.255.255.0/> > > > > <http://255.255.255.0 <http://255.255.255.0/> < > http://255.255.255.0/> < > > http://255.255.255.0/>> 10.1.0.5 <http://10.1.0.5/> > < http://10.1.0.5/> > > > <http://10.1.0.5/> < http://10.1.0.5 > <http://10.1.0.5/> < http://10.1.0.5/> > > <http://10.1.0.5/>> > > > > 10.1.0.6 <http://10.1.0.6/> < http://10.1.0.6/> > <http://10.1.0.6/ > > <http://10.1.0.6/>> < http://10.1.0.6 <http://10.1.0.6/> > <http://10.1.0.6/> > > > <http://10.1.0.6/>> 1 > > > > ... > > > > > > > > Client's output: > > > > > > > > Thu Jan 10 00:25:21 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] > > [LZO] built > > > > on Oct 1 > > > > 2006 > > > > Thu Jan 10 00:25:21 2008 IMPORTANT: OpenVPN's > default port > > > number is > > > > now 1194, > > > > based on an official port number assignment by IANA. > OpenVPN > > > > 2.0-beta16 and > > > > earlier used 5000 as the default port. > > > > Thu Jan 10 00:25:21 2008 Control Channel > Authentication: using > > > > 'ta.key' as a > > > > OpenVPN static key file > > > > Thu Jan 10 00:25:21 2008 Outgoing Control Channel > > Authentication: > > > > Using 160 bit > > > > message hash 'SHA1' for HMAC authentication > > > > Thu Jan 10 00:25:21 2008 Incoming Control Channel > > Authentication: > > > > Using 160 bit > > > > message hash 'SHA1' for HMAC authentication > > > > Thu Jan 10 00:25:21 2008 LZO compression initialized > > > > Thu Jan 10 00:25:21 2008 Control Channel MTU parms [ > > L:1560 D:168 > > > > EF:68 EB:0 > > > > ET:0 EL:0 ] > > > > Thu Jan 10 00:25:21 2008 Data Channel MTU parms [ > L:1560 > > D:1450 > > > EF:60 > > > > EB:135 > > > > ET:0 EL:0 AF:3/1 ] > > > > Thu Jan 10 00:25:21 2008 Local Options hash (VER=V4): > > '<hash>' > > > > Thu Jan 10 00:25:21 2008 Expected Remote Options hash > > (VER=V4): > > > '<hash>' > > > > Thu Jan 10 00:25:21 2008 Attempting to establish TCP > > connection with > > > > 91.121.95.16:1194 <http://91.121.95.16:1194/> > <http://91.121.95.16:1194/> > > <http://91.121.95.16:1194/> > > > < http://91.121.95.16:1194 <http://91.121.95.16:1194/> > < http://91.121.95.16:1194/> > > <http://91.121.95.16:1194/>> > > > > Thu Jan 10 00:25:21 2008 TCP connection established with > > > <public-ip>:1194 > > > > Thu Jan 10 00:25:21 2008 TCPv4_CLIENT link local: > [undef] > > > > Thu Jan 10 00:25:21 2008 TCPv4_CLIENT link remote: > > <public-ip>:1194 > > > > Thu Jan 10 00:25:21 2008 TLS: Initial packet from > > <public-ip>:1194, > > > > sid=<hash> > > > > Thu Jan 10 00:25:22 2008 VERIFY OK: depth=1, > <certificate fqn> > > > > Thu Jan 10 00:25:22 2008 VERIFY OK: nsCertType=SERVER > > > > Thu Jan 10 00:25:22 2008 VERIFY OK: depth=0, > <certificate fqn> > > > > Thu Jan 10 00:25:25 2008 Data Channel Encrypt: Cipher > > 'AES-128-CBC' > > > > initialized > > > > with 128 bit key > > > > Thu Jan 10 00:25:25 2008 Data Channel Encrypt: Using > 160 bit > > > message > > > > hash 'SHA1' > > > > for HMAC authentication > > > > Thu Jan 10 00:25:25 2008 Data Channel Decrypt: Cipher > > 'AES-128-CBC' > > > > initialized > > > > with 128 bit key > > > > Thu Jan 10 00:25:25 2008 Data Channel Decrypt: Using > 160 bit > > > message > > > > hash 'SHA1' > > > > for HMAC authentication > > > > Thu Jan 10 00:25:25 2008 Control Channel: TLSv1, cipher > > TLSv1/SSLv3 > > > > DHE-RSA-AES256-SHA, 1024 bit RSA > > > > Thu Jan 10 00:25:25 2008 [client] Peer Connection > > Initiated with > > > > <public-ip>:1194 > > > > Thu Jan 10 00:25:27 2008 SENT CONTROL [client]: > 'PUSH_REQUEST' > > > (status=1) > > > > Thu Jan 10 00:25:27 2008 PUSH: Received control message: > > > 'PUSH_REPLY,route > > > > 10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0/> > <http://10.8.0.0/> < > > http://10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0/> > <http://10.8.0.0/>> > > > 255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> < http://255.255.255.0/> > > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/>>,route-delay 2 > > > 600,route 10.1.0.0 <http://10.1.0.0/> < > http://10.1.0.0/> <http://10.1.0.0/> > > > > <http://10.1.0.0 <http://10.1.0.0/> > <http://10.1.0.0/> <http://10.1.0.0/>> > > 255.255.255.0 <http://255.255.255.0/> <http://255.255.255.0/> > > > < http://255.255.255.0/ <http://255.255.255.0/>> > > <http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > > < http://255.255.255.0/>>,ping > > > > 10,ping-restart 120,ifconfig 10.1.0.6 > <http://10.1.0.6/> <http://10.1.0.6/> > > <http://10.1.0.6/> < > > > http://10.1.0.6 <http://10.1.0.6/> < http://10.1.0.6/> > <http://10.1.0.6/ > > <http://10.1.0.6/>>> 10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/ <http://10.1.0.5/>> <http://10.1.0.5/> > > > > <http://10.1.0.5 <http://10.1.0.5/> < > http://10.1.0.5/> < http://10.1.0.5/>>' > > > > Thu Jan 10 00:25:27 2008 OPTIONS IMPORT: timers and/or > > timeouts > > > modified > > > > Thu Jan 10 00:25:27 2008 OPTIONS IMPORT: > --ifconfig/up options > > > modified > > > > Thu Jan 10 00:25:27 2008 OPTIONS IMPORT: route options > > modified > > > > Thu Jan 10 00:25:27 2008 TAP-WIN32 device [Local Area > > Connection 5] > > > > opened: > > > > \\.\Global\{F71B3A07-5805-4B69-97C9-73926191180F}.tap > > > > > > > <file:////Global/%7BF71B3A07-5805-4B69-97C9-73926191180F%7D.tap> > > > > Thu Jan 10 00:25:27 2008 TAP-Win32 Driver Version 8.4 > > > > Thu Jan 10 00:25:27 2008 TAP-Win32 MTU=1500 > > > > Thu Jan 10 00:25:27 2008 Notified TAP-Win32 driver > to set > > a DHCP > > > > IP/netmask of > > > > 10.1.0.6/255.255.255.252 > <http://10.1.0.6/255.255.255.252> < http://10.1.0.6/255.255.255.252> > > < http://10.1.0.6/255.255.255.252> > > > < http://10.1.0.6/255.255.255.252> on > > > > interface {F71B3A07-5805-4B69-97C9-73926191180F} > > > > [DHCP-serv: 10.1.0.5 <http://10.1.0.5/> < > http://10.1.0.5/> <http://10.1.0.5/> > > <http://10.1.0.5 <http://10.1.0.5/> < http://10.1.0.5/> > > > <http://10.1.0.5/> >, lease-time: 31536000] > > > > Thu Jan 10 00:25:27 2008 Successful ARP Flush on > interface [7] > > > > {F71B3A07-5805-4B69-97C9-73926191180F} > > > > Thu Jan 10 00:25:29 2008 TEST ROUTES: 0/0 succeeded > len=3 > > ret=0 a=0 > > > > u/d=down > > > > Thu Jan 10 00:25:29 2008 Route: Waiting for TUN/TAP > > interface to > > > come > > > > up... > > > > Thu Jan 10 00:25:31 2008 TEST ROUTES: 3/3 succeeded > len=3 > > ret=1 > > > a=0 u/d=up > > > > Thu Jan 10 00:25:31 2008 route ADD 10.8.0.0 > <http://10.8.0.0/> > > <http://10.8.0.0/> < http://10.8.0.0/> > > > <http://10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0/> > < http://10.8.0.0/>> MASK > > > > 255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > < http://255.255.255.0/> < http://255.255.255.0 > <http://255.255.255.0/> <http://255.255.255.0/> > > > <http://255.255.255.0/>> 10.1.0.5 <http://10.1.0.5/> < > http://10.1.0.5/> > > <http://10.1.0.5/ <http://10.1.0.5/>> > > > <http://10.1.0.5 <http://10.1.0.5/> <http://10.1.0.5/> > < http://10.1.0.5/>> > > > > Thu Jan 10 00:25:31 2008 Route addition via IPAPI > succeeded > > > > Thu Jan 10 00:25:31 2008 route ADD 10.1.0.0 > <http://10.1.0.0/> > > <http://10.1.0.0/> < http://10.1.0.0/> < > > > http://10.1.0.0 <http://10.1.0.0/> <http://10.1.0.0/> > <http://10.1.0.0/>> MASK > > > > 255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > < http://255.255.255.0/> <http://255.255.255.0 > <http://255.255.255.0/> <http://255.255.255.0/> > > > < http://255.255.255.0/>> 10.1.0.5 <http://10.1.0.5/> > < http://10.1.0.5/> > > <http://10.1.0.5/> > > > < http://10.1.0.5 <http://10.1.0.5/> < > http://10.1.0.5/> <http://10.1.0.5/>> > > > > Thu Jan 10 00:25:31 2008 Route addition via IPAPI > succeeded > > > > Thu Jan 10 00:25:31 2008 Initialization Sequence > Completed > > > > > > > > Now the issue... From the client, i can ping > 10.1.0.5 <http://10.1.0.5/> > > <http://10.1.0.5/> > > > <http://10.1.0.5/ <http://10.1.0.5/>> > > > > <http://10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/> < http://10.1.0.5/>> > > (tap gw), 10.1.0.1 <http://10.1.0.1/> <http://10.1.0.1/> > > > < http://10.1.0.1/ <http://10.1.0.1/>> > <http://10.1.0.1 <http://10.1.0.1/> > > <http://10.1.0.1/> <http://10.1.0.1/>> (vpn > > > > gw), 10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/> > <http://10.8.0.1/> > > < http://10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/> > > > <http://10.8.0.1/>> (vmnet8, but on server's side) but not > > > > in vmnet8's network > > > > ( 10.8.0.128 <http://10.8.0.128/> > <http://10.8.0.128/> <http://10.8.0.128/> > > <http://10.8.0.128 <http://10.8.0.128/> <http://10.8.0.128/> > > > <http://10.8.0.128/>> for example). > > > > > > > > I've tried everything.... Here are some: > > > > * Set up a virtual interface (on eth0:0) with IP > 10.1.0.1 <http://10.1.0.1/> > > <http://10.1.0.1/> > > > < http://10.1.0.1/> > > > > < http://10.1.0.1 <http://10.1.0.1/> > <http://10.1.0.1/ <http://10.1.0.1/>> <http://10.1.0.1/>>, > > > > * Put the openvpn network in vmware's network subnet > (i think > > > openvpn > > > > won't > > > > understand, well it didn't work anyway), > > > > * pushed gw for routes to the client (the client is slow > > to connect > > > > and tells me > > > > that the gw doesn't exists) > > > > > > > > I'm lost. Please help. > > > > > > > > > > > > > > -- > Cordialement, > Ait Boufrad Rida. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |