|
|
Hi Rida, sorry for the delay but I was away for a while; I've got a vmware server here now and have tried your setup; indeed, routing does not work (as the docs for vmnet8 NAT'ting state). A work-around is to add an iptable NATting rule on the vmnet8 NAT device ;-) : iptables -t nat -I POSTROUTING -o vmnet8 -j MASQUERADE that solved the routing issue on my setup. This is not an OpenVPN issue, really, but a vmware NATting+routing issue. HTH, JJK Rida wrote: > Request timeout for the first ping (from an openvpn client to a > virtual machine) and can't try the second one because i only have > windows clients (there's no equivalent to -I in windows) > If i do these pings on the server running vmware, it works for both. > > On Jan 19, 2008 3:48 AM, Jan Just Keijser <janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx>> wrote: > > ah OK, so I have the network layout correct... next, on the > server, with > the openvpn server running, try > > ping 10.8.0.128 <http://10.8.0.128/> (or any other vmware client) > ping -I 10.1.0.2 <http://10.1.0.2/> 10.8.0.128 <http://10.8.0.128/> > > do both work? > > cheers, > > JJK > > Rida wrote: > > Hi, > > > > Sorry for the late answer. Here are the answers to your questions: > > > > * The openvpn server is running on the host running vmware, > binded > > to the public address only > > * The subnet for the openvpn clients is 10.1.0.0/24 > <http://10.1.0.0/24> > > <http://10.1.0.0/24>, right > > * The subet for vmnet8 is 10.8.0.0/24 <http://10.8.0.0/24> > <http://10.8.0.0/24>, right > > again > > > > And here is the output of the "netstat -rn" command: > > > > > > ~# netstat -rn > > Kernel IP routing table > > Destination Gateway Genmask Flags MSS > > Window irtt Iface > > 10.1.0.2 <http://10.1.0.2/> <http://10.1.0.2 > <http://10.1.0.2/>> 0.0.0.0 <http://0.0.0.0/> > <http://0.0.0.0 <http://0.0.0.0/>> > > 255.255.255.255 <http://255.255.255.255/> > <http://255.255.255.255 <http://255.255.255.255/>> UH 0 0 > 0 tun0 > > 10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0 > <http://10.8.0.0/>> 0.0.0.0 <http://0.0.0.0/> > <http://0.0.0.0 <http://0.0.0.0/>> > > 255.255.255.0 <http://255.255.255.0/> <http://255.255.255.0 > <http://255.255.255.0/>> U 0 0 0 vmnet8 > > <public address> 0.0.0.0 <http://0.0.0.0/> > <http://0.0.0.0 <http://0.0.0.0/>> > > 255.255.255.0 <http://255.255.255.0/> <http://255.255.255.0 > <http://255.255.255.0/>> U 0 0 0 eth0 > > 10.1.0.0 <http://10.1.0.0/> < http://10.1.0.0 > <http://10.1.0.0/>> 10.1.0.2 <http://10.1.0.2/> > > <http://10.1.0.2 <http://10.1.0.2/>> 255.255.255.0 > <http://255.255.255.0/> <http://255.255.255.0 <http://255.255.255.0/>> > > UG 0 0 0 tun0 > > 0.0.0.0 <http://0.0.0.0/> <http://0.0.0.0 <http://0.0.0.0/>> > <public address> 0.0.0.0 <http://0.0.0.0/> > > <http://0.0.0.0 <http://0.0.0.0/>> UG 0 0 > 0 eth0 > > > > > > Thank you in advance, > > Rida. > > > > On Jan 18, 2008 3:37 AM, Jan Just Keijser <janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx> > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>>> wrote: > > > > Hi Rida, > > > > I just reread the entire thread and am still confused... can you > > please > > tell me/us > > > > - on which server (incl IP address) the openvpn server is > running > > - what the subnet for the openvpn is (10.1.0.0/24 > <http://10.1.0.0/24> > > <http://10.1.0.0/24>, right?) > > - what the subnet for vmnet8 is ( 10.8.0.0/24 > <http://10.8.0.0/24> > > <http://10.8.0.0/24>, right) > > > > and/or could you post the output of > > netstat -rn > > after the openvpn server has started. > > > > cheers, > > > > JJK > > > > Rida wrote: > > > Hi, > > > > > > Yep, routing is enabled on the server (echo 1 > > > > /proc/sys/net/ipv4/ip_forward). I understand what you > meant by the > > > route subnet pointing to itself. I removed the routes from > the > > server > > > configuration (those pushed to the client) and... it still > > doesn't work. > > > > > > Regards, > > > Rida. > > > > > > On Jan 12, 2008 3:09 AM, Jan Just Keijser < > janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>> > > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>>>> wrote: > > > > > > Hi Rida, > > > > > > I am not surprised that that route statement did not work: > > it's a > > > route > > > to a subnet pointing to itself! > > > If the host running the openvpn software is 10.8.0.1 > <http://10.8.0.1/> > > <http://10.8.0.1/> > > > <http://10.8.0.1/ <http://10.8.0.1/>> itself then no > > > extra route statement should be required. > > > However, how vmware routes traffic between the > different VMs > > is a > > > different matter; is routing enabled on the server? > > > > > > HTH, > > > > > > JJK > > > > > > Rida wrote: > > > > Hi, > > > > > > > > Thanks for the quick answer. Actually, i tried to > "fix" this > > > (because > > > > i've seen the tip in the openvpn faq), but impossible to > > add the > > > route > > > > on the virtual machines. ie "route add -net 10.1.0.0 > <http://10.1.0.0/> > > <http://10.1.0.0/> > > > <http://10.1.0.0/ <http://10.1.0.0/>> <http://10.1.0.0 > <http://10.1.0.0/> <http://10.1.0.0/> > > <http://10.1.0.0/ <http://10.1.0.0/>>> > > > > netmask 255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/> > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/>> gw 10.1.0.1 <http://10.1.0.1/> < > http://10.1.0.1/> > > > <http://10.1.0.1/> > > > > <http://10.1.0.1 <http://10.1.0.1/> < > http://10.1.0.1/> < http://10.1.0.1/>>" > > tells me "Network > > > unreachable" (but i can ping it > > > > from there). And yes, there is a default gateway ( > > 10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/> > > > < http://10.8.0.1/> > > > > < http://10.8.0.1 <http://10.8.0.1/> > <http://10.8.0.1/> <http://10.8.0.1/>>) > > > > > > > > Regards, > > > > Rida. > > > > > > > > On Jan 11, 2008 2:30 AM, Jan Just Keijser > > < janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>> > > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > <mailto: janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>>> > > > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>> > > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx> > <mailto:janjust@xxxxxxxxx <mailto:janjust@xxxxxxxxx>>>>> wrote: > > > > > > > > Hi Rida, > > > > > > > > this does not sound like an VMware issue but > more like a > > > routing > > > > issue. > > > > How would clients in the vmnet8 domain ( > 10.8.0.128 <http://10.8.0.128/> > > <http://10.8.0.128/> > > > <http://10.8.0.128/ <http://10.8.0.128/>> > > > > <http://10.8.0.128/ >) know where to send > > > > stuff back to? Do they know that all packets > intended for > > > 10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > <http://10.1.0.6/> > > > > < http://10.1.0.6/> > > > > should be fed back to the openvpn server? In most > > cases the > > > > clients on > > > > your LAN (vmnet LAN in this case) will not know > any route > > > for the > > > > 10.1.0 > > > > net and will return packets thru the default > gateway. > > Again, > > > in most > > > > cases that is not what you want ;-) > > > > > > > > HTH, > > > > > > > > JJK > > > > > > > > PS I use a openvpn-on-vmware setup all the time > without > > > problems (tun > > > > setup). > > > > > > > > > > > > Rida wrote: > > > > > > > > > > Hello everybody, > > > > > > > > > > I want, first, to say thank you to all openvpn > > developers > > > for this > > > > > very useful > > > > > piece of software! Happy new year too. > > > > > > > > > > So, i got a very strange problem that is > getting on > > my nerve > > > > because i > > > > > can't > > > > > resolve the issue. I got vmware server running > on a > > basic > > > server ; > > > > > there is 1 > > > > > virtual network (in NAT mode). Here are the routes > > on the > > > server > > > > > (after vmware > > > > > and openvpn are started): > > > > > > > > > > 10.1.0.2 <http://10.1.0.2/> < > http://10.1.0.2/> < http://10.1.0.2/> > > <http://10.1.0.2/> > > > < http://10.1.0.2 <http://10.1.0.2/> > <http://10.1.0.2/> <http://10.1.0.2/> < > > http://10.1.0.2/>> > > > > dev tun0 proto kernel scope link src > > > > > 10.1.0.1 <http://10.1.0.1/> <http://10.1.0.1/> > <http://10.1.0.1/ > > <http://10.1.0.1/ <http://10.1.0.1/>>> <http://10.1.0.1/> < > > > http://10.1.0.1 <http://10.1.0.1/> < http://10.1.0.1/> > <http://10.1.0.1/ > > <http://10.1.0.1/>> <http://10.1.0.1/>> > > > > > 10.8.0.0/24 <http://10.8.0.0/24> > <http://10.8.0.0/24> > > <http://10.8.0.0/24> < http://10.8.0.0/24> < > > > http://10.8.0.0/24> dev > > > > vmnet8 proto kernel scope link > > > > > src 10.8.0.1 <http://10.8.0.1/> > <http://10.8.0.1/> <http://10.8.0.1/> > > < http://10.8.0.1/> < > > > http://10.8.0.1 <http://10.8.0.1/> <http://10.8.0.1/> > < http://10.8.0.1/> > > <http://10.8.0.1/>> > > > > > <public-ip> dev eth0 proto kernel scope link > src > > > <public-ip> > > > > > 10.1.0.0/24 <http://10.1.0.0/24> > <http://10.1.0.0/24> < > > http://10.1.0.0/24> < http://10.1.0.0/24> < > > > http://10.1.0.0/24 < http://10.1.0.0/24>> via > > > > 10.1.0.2 <http://10.1.0.2/> <http://10.1.0.2/> < > http://10.1.0.2/> < > > http://10.1.0.2/ <http://10.1.0.2/>> > > > < http://10.1.0.2 <http://10.1.0.2/> > <http://10.1.0.2/> <http://10.1.0.2/> > > <http://10.1.0.2/ <http://10.1.0.2/>>> > > > > dev tun0 > > > > > default via 91.121.95.254 > <http://91.121.95.254/> <http://91.121.95.254/> > > <http://91.121.95.254/ <http://91.121.95.254/> > <http://91.121.95.254/>> > > > <http://91.121.95.254/> > > > > < http://91.121.95.254 <http://91.121.95.254/> > <http://91.121.95.254/> < > > http://91.121.95.254/> < > > > http://91.121.95.254/>> dev eth0 > > > > > > > > > > Nothing special then (the only thing to keep > in mind is > > > that vmware > > > > > uses source > > > > > routing). I set up an openvpn server on the > server (the > > > one with the > > > > > public IP), > > > > > and it is working fine, because i can connect > to it > > and i > > > got an IP > > > > > address on > > > > > windows clients. Here's the server's > configuration file: > > > > > > > > > > local <public-ip> > > > > > port 1194 > > > > > proto tcp > > > > > dev tun > > > > > ca keys/ca.crt > > > > > cert keys/server.crt > > > > > key keys/server.key > > > > > dh keys/dh1024.pem > > > > > server 10.1.0.0 <http://10.1.0.0/> < > http://10.1.0.0/> > > <http://10.1.0.0/> < http://10.1.0.0/> < > > > http://10.1.0.0 <http://10.1.0.0/> <http://10.1.0.0/> > <http://10.1.0.0/> > > > > <http://10.1.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > < http://255.255.255.0/> < http://255.255.255.0/> < > > > http://255.255.255.0/> > > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/ <http://255.255.255.0/>> > > > <http://255.255.255.0/>> > > > > > ifconfig-pool-persist ipp.txt > > > > > push "route 10.2.0.0 <http://10.2.0.0/> > <http://10.2.0.0/> > > <http://10.2.0.0/> < http://10.2.0.0/ > > > <http://10.2.0.0/ <http://10.2.0.0/>>> < > http://10.2.0.0 <http://10.2.0.0/> > > <http://10.2.0.0/> <http://10.2.0.0/> > > > > < http://10.2.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > <http://255.255.255.0/> < http://255.255.255.0/> > > > <http://255.255.255.0/> > > > > > <http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/> < > > > http://255.255.255.0/>>" > > > > > push "route 10.8.0.0 <http://10.8.0.0/> > <http://10.8.0.0/> < > > http://10.8.0.0/> <http://10.8.0.0/> > > > < http://10.8.0.0 <http://10.8.0.0/> > <http://10.8.0.0/> <http://10.8.0.0/> > > > > <http://10.8.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > < http://255.255.255.0/> < http://255.255.255.0/> < > > > http://255.255.255.0/> > > > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/ <http://255.255.255.0/>> > > > <http://255.255.255.0/>>" > > > > > push "route-delay 2 600" > > > > > client-to-client > > > > > keepalive 10 120 > > > > > tls-auth keys/ta.key 0 > > > > > cipher AES-128-CBC # AES > > > > > comp-lzo > > > > > max-clients 250 > > > > > user nobody > > > > > group nobody > > > > > persist-key > > > > > persist-tun > > > > > status /var/log/openvpn- status.log > > > > > log-append /var/log/openvpn.log > > > > > verb 6 > > > > > mute 20 > > > > > > > > > > Now the clients one: > > > > > > > > > > client > > > > > dev tun0 > > > > > proto tcp > > > > > remote 91.121.95.16 <http://91.121.95.16/> > <http://91.121.95.16/> > > <http://91.121.95.16/> > > > < http://91.121.95.16/> < http://91.121.95.16 > <http://91.121.95.16/> > > <http://91.121.95.16/> < http://91.121.95.16/ > <http://91.121.95.16/>> > > > > <http://91.121.95.16/>> 1194 > > > > > resolv-retry infinite > > > > > nobind > > > > > persist-key > > > > > persist-tun > > > > > ca ca.crt > > > > > cert client.crt > > > > > key client.key > > > > > ns-cert-type server > > > > > tls-auth ta.key 1 > > > > > cipher AES-128-CBC # AES > > > > > comp-lzo > > > > > verb 3 > > > > > > > > > > Still nothing special, these are basic > configuration > > > files. Before > > > > > i'll "draw" a > > > > > network topology so you'll have a better idea > of how > > vmware > > > > implement > > > > > their NAT > > > > > (hope there is no error): > > > > > > > > > > [Windows client](10.1.0.6/30 > <http://10.1.0.6/30> < http://10.1.0.6/30> < > > http://10.1.0.6/30> < > > > http://10.1.0.6/30> > > > > < http://10.1.0.6/30 > tap) <-> > > > > > (10.1.0.5/30 <http://10.1.0.5/30> < > http://10.1.0.5/30> > > <http://10.1.0.5/30> < http://10.1.0.5/30 < http://10.1.0.5/30>> > > > <http://10.1.0.5/30> tap gw) > > > > <-> ( 10.1.0.2/24 <http://10.1.0.2/24> > <http://10.1.0.2/24> < > > http://10.1.0.2/24> <http://10.1.0.2/24 <http://10.1.0.2/24>> > > > > > < http://10.1.0.2/24> vpn > > > > > real gw) <-> ( 10.1.0.1/24 > <http://10.1.0.1/24> <http://10.1.0.1/24> > > <http://10.1.0.1/24> > > > < http://10.1.0.1/24> < > > > > http://10.1.0.1/24> tun) [server] > > > > > ( 10.8.0.1/24 <http://10.8.0.1/24> > <http://10.8.0.1/24> < > > http://10.8.0.1/24> < http://10.8.0.1/24 > > > <http://10.8.0.1/24>> < http://10.8.0.1/24> vmnet8) > > > > <-> [virtual > > > > > machine]( 10.8.0.128/24 <http://10.8.0.128/24> > <http://10.8.0.128/24> < > > http://10.8.0.128/24> > > > <http://10.8.0.128/24> > > > > <http://10.8.0.128/24 <http://10.8.0.128/24>> gw > 10.8.0.1/24 <http://10.8.0.1/24> > > <http://10.8.0.1/24> <http://10.8.0.1/24 <http://10.8.0.1/24>> > > > <http://10.8.0.1/24 <http://10.8.0.1/24> < > http://10.8.0.1/24>> > > > > > < http://10.8.0.1/24>) > > > > > > > > > > The virtual machine route is just a default gw to > > > 10.8.0.1/24 <http://10.8.0.1/24> <http://10.8.0.1/24> > <http://10.8.0.1/24 <http://10.8.0.1/24>> > > > > <http://10.8.0.1/24 <http://10.8.0.1/24>> > > > > > < http://10.8.0.1/24 < http://10.8.0.1/24>>. > Routes > > on the > > > > > client : > > > > > > > > > > Active Routes: > > > > > Network Destination Netmask > Gateway > > > Interface > > > > > Metric > > > > > 0.0.0.0 <http://0.0.0.0/> > <http://0.0.0.0/> > > < http://0.0.0.0/> <http://0.0.0.0/> > > > < http://0.0.0.0 <http://0.0.0.0/> < http://0.0.0.0/> > <http://0.0.0.0/> > > > > < http://0.0.0.0/>> 0.0.0.0 > <http://0.0.0.0/> < http://0.0.0.0/> > > < http://0.0.0.0/> > > > <http://0.0.0.0/> > > > > > < http://0.0.0.0 <http://0.0.0.0/> > <http://0.0.0.0/> < > > http://0.0.0.0/> < http://0.0.0.0/>> > > > 192.168.0.1 <http://192.168.0.1/> > <http://192.168.0.1/> < http://192.168.0.1/> > > > > < http://192.168.0.1/> <http://192.168.0.1 > <http://192.168.0.1/> > > < http://192.168.0.1/> > > > <http://192.168.0.1/> < http://192.168.0.1/>> > > > > 192.168.0.117 <http://192.168.0.117/> > <http://192.168.0.117/> > > < http://192.168.0.117/> < http://192.168.0.117/> > > > > > < http://192.168.0.117 <http://192.168.0.117/> > <http://192.168.0.117/> > > <http://192.168.0.117/> < > > > http://192.168.0.117/>> 25 > > > > > 10.1.0.0 <http://10.1.0.0/> < > http://10.1.0.0/> < > > http://10.1.0.0/> <http://10.1.0.0/> < > > > http://10.1.0.0 <http://10.1.0.0/> <http://10.1.0.0/> > < http://10.1.0.0/> > > > > <http://10.1.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > < http://255.255.255.0/> > > > < http://255.255.255.0/> < http://255.255.255.0/> > > > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/ <http://255.255.255.0/>> > > > <http://255.255.255.0/>> 10.1.0.5 > <http://10.1.0.5/> < http://10.1.0.5/> > > < http://10.1.0.5/> > > > > <http://10.1.0.5/> < http://10.1.0.5 > <http://10.1.0.5/> <http://10.1.0.5/> > > < http://10.1.0.5/> > > > <http://10.1.0.5/ <http://10.1.0.5/>>> > > > > > 10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > <http://10.1.0.6/> > > < http://10.1.0.6/> > > > < http://10.1.0.6 <http://10.1.0.6/> > <http://10.1.0.6/> < http://10.1.0.6/> > > <http://10.1.0.6/>> > > > > 1 > > > > > 10.1.0.4 <http://10.1.0.4/> > <http://10.1.0.4/> > > <http://10.1.0.4/> < http://10.1.0.4/ <http://10.1.0.4/>> > > > <http://10.1.0.4 <http://10.1.0.4/> <http://10.1.0.4/> > < http://10.1.0.4/> > > > > <http://10.1.0.4/>> 255.255.255.252 > <http://255.255.255.252/> > > < http://255.255.255.252/> > > > < http://255.255.255.252/> <http://255.255.255.252/ > > > > > > <http://255.255.255.252 > <http://255.255.255.252/> <http://255.255.255.252/> > > < http://255.255.255.252/> < > > > http://255.255.255.252/>> > > > > 10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> < > http://10.1.0.6/> > > < http://10.1.0.6/> < > > > http://10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > < http://10.1.0.6/> > > <http://10.1.0.6/>> > > > > > 10.1.0.6 <http://10.1.0.6/> < > http://10.1.0.6/> <http://10.1.0.6/> > > <http://10.1.0.6/ < http://10.1.0.6/> > > > <http://10.1.0.6/>> < http://10.1.0.6 > <http://10.1.0.6/> < http://10.1.0.6/> > > <http://10.1.0.6/ <http://10.1.0.6/>> > > > > < http://10.1.0.6/>> 30 > > > > > 10.1.0.6 <http://10.1.0.6/> > <http://10.1.0.6/> < > > http://10.1.0.6/> < http://10.1.0.6/> > > > <http://10.1.0.6 <http://10.1.0.6/> <http://10.1.0.6/> > < http://10.1.0.6/> > > > > <http://10.1.0.6/>> 255.255.255.255 > <http://255.255.255.255/> > > < http://255.255.255.255/> > > > < http://255.255.255.255/> <http://255.255.255.255/ > > > > > > <http://255.255.255.255 > <http://255.255.255.255/> <http://255.255.255.255/> > > < http://255.255.255.255/> < > > > http://255.255.255.255/>> > > > > 127.0.0.1 <http://127.0.0.1/> > <http://127.0.0.1/> < http://127.0.0.1/> > > < http://127.0.0.1/> < > > > http://127.0.0.1 <http://127.0.0.1/> > <http://127.0.0.1/ <http://127.0.0.1/>> < http://127.0.0.1/> > > <http://127.0.0.1/>> > > > > > 127.0.0.1 <http://127.0.0.1/> < > http://127.0.0.1/> <http://127.0.0.1/> < > > http://127.0.0.1/> > > > < http://127.0.0.1 <http://127.0.0.1/> > <http://127.0.0.1/> <http://127.0.0.1/> > > > > <http://127.0.0.1/>> 30 > > > > > 10.8.0.0 <http://10.8.0.0/> > <http://10.8.0.0/> < > > http://10.8.0.0/> < http://10.8.0.0/ <http://10.8.0.0/>> > > > <http://10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0/> > < http://10.8.0.0/> > > > > <http://10.8.0.0/>> 255.255.255.0 > <http://255.255.255.0/> > > < http://255.255.255.0/> > > > < http://255.255.255.0/> <http://255.255.255.0/> > > > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> < > > http://255.255.255.0/> < > > > http://255.255.255.0/>> 10.1.0.5 > <http://10.1.0.5/> <http://10.1.0.5/> > > < http://10.1.0.5/> > > > > < http://10.1.0.5/> < http://10.1.0.5 > <http://10.1.0.5/> > > <http://10.1.0.5/> < http://10.1.0.5/> > > > <http://10.1.0.5/>> > > > > > 10.1.0.6 <http://10.1.0.6/> < > http://10.1.0.6/> < http://10.1.0.6/> > > <http://10.1.0.6/ > > > < http://10.1.0.6/>> < http://10.1.0.6 > <http://10.1.0.6/> <http://10.1.0.6/> > > < http://10.1.0.6/> > > > > <http://10.1.0.6/>> 1 > > > > > ... > > > > > > > > > > Client's output: > > > > > > > > > > Thu Jan 10 00:25:21 2008 OpenVPN 2.0.9 > Win32-MinGW [SSL] > > > [LZO] built > > > > > on Oct 1 > > > > > 2006 > > > > > Thu Jan 10 00:25:21 2008 IMPORTANT: OpenVPN's > > default port > > > > number is > > > > > now 1194, > > > > > based on an official port number assignment by > IANA. > > OpenVPN > > > > > 2.0-beta16 and > > > > > earlier used 5000 as the default port. > > > > > Thu Jan 10 00:25:21 2008 Control Channel > > Authentication: using > > > > > 'ta.key' as a > > > > > OpenVPN static key file > > > > > Thu Jan 10 00:25:21 2008 Outgoing Control Channel > > > Authentication: > > > > > Using 160 bit > > > > > message hash 'SHA1' for HMAC authentication > > > > > Thu Jan 10 00:25:21 2008 Incoming Control Channel > > > Authentication: > > > > > Using 160 bit > > > > > message hash 'SHA1' for HMAC authentication > > > > > Thu Jan 10 00:25:21 2008 LZO compression > initialized > > > > > Thu Jan 10 00:25:21 2008 Control Channel MTU > parms [ > > > L:1560 D:168 > > > > > EF:68 EB:0 > > > > > ET:0 EL:0 ] > > > > > Thu Jan 10 00:25:21 2008 Data Channel MTU parms [ > > L:1560 > > > D:1450 > > > > EF:60 > > > > > EB:135 > > > > > ET:0 EL:0 AF:3/1 ] > > > > > Thu Jan 10 00:25:21 2008 Local Options hash > (VER=V4): > > > '<hash>' > > > > > Thu Jan 10 00:25:21 2008 Expected Remote > Options hash > > > (VER=V4): > > > > '<hash>' > > > > > Thu Jan 10 00:25:21 2008 Attempting to > establish TCP > > > connection with > > > > > 91.121.95.16:1194 <http://91.121.95.16:1194/> > <http://91.121.95.16:1194/> > > <http://91.121.95.16:1194/> > > > < http://91.121.95.16:1194/> > > > > < http://91.121.95.16:1194 > <http://91.121.95.16:1194/> < http://91.121.95.16:1194/> > > < http://91.121.95.16:1194/> > > > <http://91.121.95.16:1194/ <http://91.121.95.16:1194/>>> > > > > > Thu Jan 10 00:25:21 2008 TCP connection > established with > > > > <public-ip>:1194 > > > > > Thu Jan 10 00:25:21 2008 TCPv4_CLIENT link local: > > [undef] > > > > > Thu Jan 10 00:25:21 2008 TCPv4_CLIENT link remote: > > > <public-ip>:1194 > > > > > Thu Jan 10 00:25:21 2008 TLS: Initial packet from > > > <public-ip>:1194, > > > > > sid=<hash> > > > > > Thu Jan 10 00:25:22 2008 VERIFY OK: depth=1, > > <certificate fqn> > > > > > Thu Jan 10 00:25:22 2008 VERIFY OK: > nsCertType=SERVER > > > > > Thu Jan 10 00:25:22 2008 VERIFY OK: depth=0, > > <certificate fqn> > > > > > Thu Jan 10 00:25:25 2008 Data Channel Encrypt: > Cipher > > > 'AES-128-CBC' > > > > > initialized > > > > > with 128 bit key > > > > > Thu Jan 10 00:25:25 2008 Data Channel Encrypt: > Using > > 160 bit > > > > message > > > > > hash 'SHA1' > > > > > for HMAC authentication > > > > > Thu Jan 10 00:25:25 2008 Data Channel Decrypt: > Cipher > > > 'AES-128-CBC' > > > > > initialized > > > > > with 128 bit key > > > > > Thu Jan 10 00:25:25 2008 Data Channel Decrypt: > Using > > 160 bit > > > > message > > > > > hash 'SHA1' > > > > > for HMAC authentication > > > > > Thu Jan 10 00:25:25 2008 Control Channel: > TLSv1, cipher > > > TLSv1/SSLv3 > > > > > DHE-RSA-AES256-SHA, 1024 bit RSA > > > > > Thu Jan 10 00:25:25 2008 [client] Peer Connection > > > Initiated with > > > > > <public-ip>:1194 > > > > > Thu Jan 10 00:25:27 2008 SENT CONTROL [client]: > > 'PUSH_REQUEST' > > > > (status=1) > > > > > Thu Jan 10 00:25:27 2008 PUSH: Received > control message: > > > > 'PUSH_REPLY,route > > > > > 10.8.0.0 <http://10.8.0.0/> <http://10.8.0.0/> > < http://10.8.0.0/> > > <http://10.8.0.0/> < > > > http://10.8.0.0 <http://10.8.0.0/> < http://10.8.0.0/> > <http://10.8.0.0/> > > <http://10.8.0.0/>> > > > > 255.255.255.0 <http://255.255.255.0/> < > http://255.255.255.0/> > > <http://255.255.255.0/> < http://255.255.255.0/> > > > > > < http://255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> > > <http://255.255.255.0/> > > > <http://255.255.255.0/>>,route-delay 2 > > > > 600,route 10.1.0.0 <http://10.1.0.0/> > <http://10.1.0.0/> < > > http://10.1.0.0/> <http://10.1.0.0/> > > > > > <http://10.1.0.0 <http://10.1.0.0/> < > http://10.1.0.0/> > > <http://10.1.0.0/> <http://10.1.0.0/>> > > > 255.255.255.0 <http://255.255.255.0/> > <http://255.255.255.0/> <http://255.255.255.0/> > > > > < http://255.255.255.0/ <http://255.255.255.0/>> > > > <http://255.255.255.0 <http://255.255.255.0/> < > http://255.255.255.0/> > > <http://255.255.255.0/> > > > > < http://255.255.255.0/ > <http://255.255.255.0/>>>,ping > > > > > 10,ping-restart 120,ifconfig 10.1.0.6 > <http://10.1.0.6/> > > <http://10.1.0.6/> < http://10.1.0.6/> > > > <http://10.1.0.6/> < > > > > http://10.1.0.6 <http://10.1.0.6/> > <http://10.1.0.6/> < http://10.1.0.6/> > > < http://10.1.0.6/ > > > <http://10.1.0.6/>>> 10.1.0.5 <http://10.1.0.5/> < > http://10.1.0.5/> > > <http://10.1.0.5/ <http://10.1.0.5/>> < http://10.1.0.5/> > > > > > <http://10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/> < > > http://10.1.0.5/> < http://10.1.0.5/>>' > > > > > Thu Jan 10 00:25:27 2008 OPTIONS IMPORT: > timers and/or > > > timeouts > > > > modified > > > > > Thu Jan 10 00:25:27 2008 OPTIONS IMPORT: > > --ifconfig/up options > > > > modified > > > > > Thu Jan 10 00:25:27 2008 OPTIONS IMPORT: route > options > > > modified > > > > > Thu Jan 10 00:25:27 2008 TAP-WIN32 device > [Local Area > > > Connection 5] > > > > > opened: > > > > > > \\.\Global\{F71B3A07-5805-4B69-97C9-73926191180F}.tap > > > > > > > > > > > <file:////Global/%7BF71B3A07-5805-4B69-97C9-73926191180F%7D.tap> > > > > > Thu Jan 10 00:25:27 2008 TAP-Win32 Driver > Version 8.4 > > > > > Thu Jan 10 00:25:27 2008 TAP-Win32 MTU=1500 > > > > > Thu Jan 10 00:25:27 2008 Notified TAP-Win32 > driver > > to set > > > a DHCP > > > > > IP/netmask of > > > > > 10.1.0.6/255.255.255.252 > <http://10.1.0.6/255.255.255.252> > > <http://10.1.0.6/255.255.255.252> < > http://10.1.0.6/255.255.255.252> > > > < http://10.1.0.6/255.255.255.252> > > > > < http://10.1.0.6/255.255.255.252 > <http://10.1.0.6/255.255.255.252>> on > > > > > interface {F71B3A07-5805-4B69-97C9-73926191180F} > > > > > [DHCP-serv: 10.1.0.5 <http://10.1.0.5/> < > http://10.1.0.5/> < > > http://10.1.0.5/> <http://10.1.0.5/> > > > < http://10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/> < http://10.1.0.5/> > > > > <http://10.1.0.5/> >, lease-time: 31536000] > > > > > Thu Jan 10 00:25:27 2008 Successful ARP Flush on > > interface [7] > > > > > {F71B3A07-5805-4B69-97C9-73926191180F} > > > > > Thu Jan 10 00:25:29 2008 TEST ROUTES: 0/0 > succeeded > > len=3 > > > ret=0 a=0 > > > > > u/d=down > > > > > Thu Jan 10 00:25:29 2008 Route: Waiting for > TUN/TAP > > > interface to > > > > come > > > > > up... > > > > > Thu Jan 10 00:25:31 2008 TEST ROUTES: 3/3 > succeeded > > len=3 > > > ret=1 > > > > a=0 u/d=up > > > > > Thu Jan 10 00:25:31 2008 route ADD 10.8.0.0 > <http://10.8.0.0/> > > <http://10.8.0.0/> > > > <http://10.8.0.0/ <http://10.8.0.0/>> < http://10.8.0.0/> > > > > <http://10.8.0.0 <http://10.8.0.0/> < > http://10.8.0.0/> <http://10.8.0.0/> > > < http://10.8.0.0/>> MASK > > > > > 255.255.255.0 <http://255.255.255.0/> < > http://255.255.255.0/> > > <http://255.255.255.0/> > > > < http://255.255.255.0/ > < http://255.255.255.0 > <http://255.255.255.0/> > > <http://255.255.255.0/> < http://255.255.255.0/> > > > > <http://255.255.255.0/>> 10.1.0.5 > <http://10.1.0.5/> < http://10.1.0.5/> < > > http://10.1.0.5/> > > > <http://10.1.0.5/ < http://10.1.0.5/>> > > > > <http://10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/> < http://10.1.0.5/> > > < http://10.1.0.5/>> > > > > > Thu Jan 10 00:25:31 2008 Route addition via IPAPI > > succeeded > > > > > Thu Jan 10 00:25:31 2008 route ADD 10.1.0.0 > <http://10.1.0.0/> > > <http://10.1.0.0/> > > > <http://10.1.0.0/ <http://10.1.0.0/>> < > http://10.1.0.0/> < > > > > http://10.1.0.0 <http://10.1.0.0/> < > http://10.1.0.0/> <http://10.1.0.0/> > > <http://10.1.0.0/>> MASK > > > > > 255.255.255.0 <http://255.255.255.0/> < > http://255.255.255.0/> > > <http://255.255.255.0/> > > > < http://255.255.255.0/ > <http://255.255.255.0 > <http://255.255.255.0/> > > <http://255.255.255.0/> < http://255.255.255.0/> > > > > < http://255.255.255.0/>> 10.1.0.5 > <http://10.1.0.5/> < http://10.1.0.5/> > > < http://10.1.0.5/> > > > <http://10.1.0.5/> > > > > < http://10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/> < > > http://10.1.0.5/> <http://10.1.0.5/>> > > > > > Thu Jan 10 00:25:31 2008 Route addition via IPAPI > > succeeded > > > > > Thu Jan 10 00:25:31 2008 Initialization Sequence > > Completed > > > > > > > > > > Now the issue... From the client, i can ping > > 10.1.0.5 <http://10.1.0.5/> <http://10.1.0.5/> > > > <http://10.1.0.5/ <http://10.1.0.5/>> > > > > <http://10.1.0.5/ <http://10.1.0.5/>> > > > > > < http://10.1.0.5 <http://10.1.0.5/> > <http://10.1.0.5/> > > <http://10.1.0.5/> < http://10.1.0.5/>> > > > (tap gw), 10.1.0.1 <http://10.1.0.1/> > <http://10.1.0.1/> <http://10.1.0.1/> > > > > < http://10.1.0.1/ <http://10.1.0.1/>> > > <http://10.1.0.1 <http://10.1.0.1/> < http://10.1.0.1/> > > > <http://10.1.0.1/> <http://10.1.0.1/>> (vpn > > > > > gw), 10.8.0.1 <http://10.8.0.1/> > <http://10.8.0.1/> <http://10.8.0.1/> > > < http://10.8.0.1/> > > > < http://10.8.0.1 <http://10.8.0.1/> > <http://10.8.0.1/> < http://10.8.0.1/> > > > > <http://10.8.0.1/>> (vmnet8, but on server's > side) but not > > > > > in vmnet8's network > > > > > ( 10.8.0.128 <http://10.8.0.128/> > <http://10.8.0.128/> > > < http://10.8.0.128/> <http://10.8.0.128/> > > > <http://10.8.0.128 <http://10.8.0.128/> < > http://10.8.0.128/> <http://10.8.0.128/> > > > > <http://10.8.0.128/>> for example). > > > > > > > > > > I've tried everything.... Here are some: > > > > > * Set up a virtual interface (on eth0:0) with IP > > 10.1.0.1 <http://10.1.0.1/> <http://10.1.0.1/> > > > <http://10.1.0.1/> > > > > < http://10.1.0.1/> > > > > > < http://10.1.0.1 <http://10.1.0.1/> > <http://10.1.0.1/> > > <http://10.1.0.1/ < http://10.1.0.1/>> <http://10.1.0.1/>>, > > > > > * Put the openvpn network in vmware's network > subnet > > (i think > > > > openvpn > > > > > won't > > > > > understand, well it didn't work anyway), > > > > > * pushed gw for routes to the client (the > client is slow > > > to connect > > > > > and tells me > > > > > that the gw doesn't exists) > > > > > > > > > > I'm lost. Please help. > > > > > > > > > > > > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |