Openvpn: not able to ping through the vpn

[jj74]

Hi, I'm non able to ping from client XP (192.168.0.124) to a machine in the private network (192.168.1.119)
through th vpn-net (10.1.0.1)


192.168.0.124 # ping 10.1.0.1 OK
192.168.0.124 # ping 192.168.0.120 OK
192.168.0.124 # ping 192.168.1.119 NO !!!
192.168.1.120 # ping 192.168.1.119 OK

192.168.1.119 # ping 192.168.0.124 OK
192.168.1.119 # ping 10.1.0.6 OK

I've noted a route on server with gw 10.1.0.2, but i dont know who is

Thanks
________________________________________________________________________________________

Server Gentoo 2.6.10 192.168.0.120
Openvpn 2.0 r17
eth0 192.168.0.120 gw 192.168.0.76 (pulic interface connected by client Openvpn on port 1194 creating net 10.1.0.0/24)
eth1 192.168.1.120 (private interface)
no firewall

192.168.0.120 # echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/openvpn/vpn/local.conf
dev tun
port 1194
server 10.1.0.0 255.255.255.0
proto tcp-server
#
push "route 192.168.1.0 255.255.255.0"
# proteggo la rete
push "route 10.1.0.0"
#
tls-auth /etc/openvpn/edisoft/secret.key 0
tls-server
dh /etc/openvpn/edisoft/dh1024.pem
ca /etc/openvpn/edisoft/openvpn-ca.crt
cert /etc/openvpn/edisoft/openvpn-server.crt
key /etc/openvpn/edisoft/openvpn-server.key
#
comp-lzo
user nobody
group nobody
status /tmp/vpn-edisoft.status
keepalive 10 30
client-to-client
max-clients 150
persist-key
persist-tun


192.168.0.120 # openvpn --config local.conf
Tue Apr 5 09:05:20 2005 OpenVPN 2.0_rc17 i686-pc-linux-gnu [SSL] [LZO] built on Apr 3 2005
Tue Apr 5 09:05:20 2005 Diffie-Hellman initialized with 1024 bit key
Tue Apr 5 09:05:20 2005 Control Channel Authentication: using '/etc/openvpn/edisoft/secret.key' as a OpenVPN static key file
Tue Apr 5 09:05:20 2005 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 5 09:05:20 2005 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 5 09:05:20 2005 TLS-Auth MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Apr 5 09:05:20 2005 TUN/TAP device tun0 opened
Tue Apr 5 09:05:20 2005 /sbin/ifconfig tun0 10.1.0.1 pointopoint 10.1.0.2 mtu 1500
Tue Apr 5 09:05:20 2005 /sbin/route add -net 10.1.0.0 netmask 255.255.255.0 gw 10.1.0.2
Tue Apr 5 09:05:20 2005 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:23 ET:0 EL:0 AF:3/1 ]
Tue Apr 5 09:05:20 2005 GID set to nobody
Tue Apr 5 09:05:20 2005 UID set to nobody
Tue Apr 5 09:05:20 2005 Listening for incoming TCP connection on [undef]:1194
Tue Apr 5 09:05:20 2005 TCPv4_SERVER link local (bound): [undef]:1194
Tue Apr 5 09:05:20 2005 TCPv4_SERVER link remote: [undef]
Tue Apr 5 09:05:20 2005 MULTI: multi_init called, r=256 v=256
Tue Apr 5 09:05:20 2005 IFCONFIG POOL: base=10.1.0.4 size=62
Tue Apr 5 09:05:20 2005 MULTI: TCP INIT maxclients=150 maxevents=154
Tue Apr 5 09:05:20 2005 Initialization Sequence Completed



192.168.0.120 # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.0.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
10.1.0.0 10.1.0.2 255.255.255.0 UG 0 0 0 tun0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 192.168.0.76 0.0.0.0 UG 0 0 0 eth0


??? who is 10.1.0.2 ???

192.168.0.120 # ifconfig
eth0 Link encap:Ethernet HWaddr 00:48:54:89:4B:D4
inet addr:192.168.0.120 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1256 errors:0 dropped:0 overruns:0 frame:0
TX packets:1204 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:154676 (151.0 Kb) TX bytes:149444 (145.9 Kb)
Interrupt:11 Base address:0x1400

eth1 Link encap:Ethernet HWaddr 00:40:F4:B1:27:00
inet addr:192.168.1.120 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1129 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133349 (130.2 Kb) TX bytes:742 (742.0 b)
Interrupt:10 Base address:0x1800

gre0 Link encap:UNSPEC HWaddr 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.0.1 P-t-P:10.1.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


_________________________________________________________________________________________

Client Windows XP SP2
Openvpn 2.0 r19

No firewall

client.ovpn
remote 192.168.0.120
dev tun
port 1194
proto tcp-client
client
#
tls-auth secret.key 1
tls-client
ca openvpn-ca.crt
cert openvpn-client.crt
key openvpn-client.key
#
resolv-retry infinite
mute-replay-warnings
comp-lzo
persist-tun
persist-key
verb 1

192.168.0.124 -> Avvio di openvpn
Tue Apr 05 10:06:34 2005 OpenVPN 2.0_rc19 Win32-MinGW [SSL] [LZO] built on Mar 2 9 2005
Tue Apr 05 10:06:34 2005 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 05 10:06:34 2005 Control Channel Authentication: using 'secret.key' as a OpenVPN static key file
Tue Apr 05 10:06:34 2005 LZO compression initialized
Tue Apr 05 10:06:34 2005 Attempting to establish TCP connection with 192.168.0.120:1194
Tue Apr 05 10:06:34 2005 TCP connection established with 192.168.0.120:1194
Tue Apr 05 10:06:34 2005 TCPv4_CLIENT link local: [undef]
Tue Apr 05 10:06:34 2005 TCPv4_CLIENT link remote: 192.168.0.120:1194
Tue Apr 05 10:06:34 2005 [] Peer Connection Initiated with 192.168.0.120:1194
Tue Apr 05 10:06:36 2005 TAP-WIN32 device [Connessione alla rete locale (LAN) 10] opened: \\.\Global\{5B703A41-DEFB-4A70-8199-DE2CBC8BB292}.tap
Tue Apr 05 10:06:36 2005 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.1.0.6/255.255.255.252 on interface {5B703A41-DEFB-4A70-8199-DE2CBC8BB292} [DHC
P-serv: 10.1.0.5, lease-time: 31536000]
Tue Apr 05 10:06:36 2005 NOTE: FlushIpNetTable failed on interface [3] {5B703A41-DEFB-4A70-8199-DE2CBC8BB292} (status=259) : Dati disponibili esauriti.
Tue Apr 05 10:06:42 2005 Initialization Sequence Completed

NB: for the "FlushIpNetTable failed on interface" NOTE I've tried to reinstall OpenVpn, no Firewall and the dhcp client is on

c:\usr\bilancio>route print
===========================================================================
Elenco interfacce
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e a6 96 0c 35 ...... 3Com Gigabit LOM (3C940) - Miniport dell'Util
di pianificazione pacchetti
0x3 ...00 ff 5b 70 3a 41 ...... TAP-Win32 Adapter V8 - Miniport dell'UtilitÓ
pianificazione pacchetti
===========================================================================
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfac. Metric
0.0.0.0 0.0.0.0 192.168.0.76 192.168.0.124 20
10.1.0.0 255.255.255.255 10.1.0.5 10.1.0.6 1
10.1.0.0 255.255.255.0 10.1.0.5 10.1.0.6 1
10.1.0.4 255.255.255.252 10.1.0.6 10.1.0.6 30
10.1.0.6 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.1.0.6 10.1.0.6 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.124 192.168.0.124 20
192.168.0.124 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.124 192.168.0.124 20
192.168.1.0 255.255.255.0 10.1.0.5 10.1.0.6 1
224.0.0.0 240.0.0.0 10.1.0.6 10.1.0.6 30
224.0.0.0 240.0.0.0 192.168.0.124 192.168.0.124 20
255.255.255.255 255.255.255.255 10.1.0.6 10.1.0.6 1
255.255.255.255 255.255.255.255 192.168.0.124 192.168.0.124 1
Gateway predefinito: 192.168.0.76
===========================================================================
Route permanenti:
Nessuno

??? who is 192.168.1.5 and 192.168.1.4 ???


c:\usr\bilancio>ipconfig /all

Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : p4
Suffisso DNS primario . . . . . . . : edisoft.lan
Tipo nodo . . . . . . . . . : Sconosciuto
Routing IP abilitato . . . . . . . . : Sì
Proxy WINS abilitato . . . . . . . . : Sì
Elenco di ricerca suffissi DNS. . . . : edisoft.lan

Scheda Ethernet Connessione alla rete locale (LAN) 2:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : 3Com Gigabit LOM (3C940)
Indirizzo fisico. . . . . . . . . . . : 00-0E-A6-96-0C-35
DHCP abilitato. . . . . . . . . . . . : No
Indirizzo IP. . . . . . . . . . . . . : 192.168.0.124
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . . . : 192.168.0.76
Server DNS . . . . . . . . . . . . . : 192.168.0.253
213.140.2.49
192.168.0.3
213.140.2.43

Scheda Ethernet Connessione alla rete locale (LAN) 10:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : TAP-Win32 Adapter V8
Indirizzo fisico. . . . . . . . . . . : 00-FF-5B-70-3A-41
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IP. . . . . . . . . . . . . : 10.1.0.6
Subnet mask . . . . . . . . . . . . . : 255.255.255.252
Gateway predefinito . . . . . . . . . :
Server DHCP . . . . . . . . . . . . . : 10.1.0.5
Lease ottenuto. . . . . . . . . . . . : martedì 5 aprile 2005 10:09:07
Scadenza lease . . . . . . . . . . . : mercoledì 5 aprile 2006 10:09:07




________________________________________________________________________________________

Default gateway for the server (192.168.0.76)
I've added a route for the vpn server

192.168.0.76 # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.0.0 192.168.0.120 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.10.1 0.0.0.0 UG 0 0 0 eth0



_________________________________________________________________________________________

[MrUlterior]

Your openvpn servers' local.conf file sets:

[jj74]

Tanks for your reply, I Know to be a bit confused.

I've read documentation about "server", and you are right, but why my client get the 10.0.0.6 and not the 10.0.0.2
and who set the dhcp server of the tun on the cliento to 10.0.0.5?

It coud be some set of test I've done before are still active also if I've reboot?

Thanks

[MrUlterior]