snIP3r
l33t
Joined: 21 May 2004
Posts: 853
Location: germany
|
 Posted: Fri Feb 23, 2007 11:41 am Post subject: openvpn works not properly - routing problem assumed |
 |
|
hi all!
i have a suspicious behaviour with my openvpn config. i'm trying to run a vpn with connection form internal and external. this runs perfect so far. but yesterday i got a strange behaviour: the clients could all connect (they get all an ip, in this case i get 10.8.0.10) but not communicate with each other ( i can't e.g. ping the server ). i found out that the error must be this message in the client window ( i use openvpn for windows frome here http://openvpn.se/ ):
| Code: |
PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
|
if i connect to my friend's vpn everything runs fine. i get an ip (10.8.0.3) and this message:
| Code: |
PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
|
according to this messages we discovered that the routes are wrong with my config - but the config formerly worked fine *wonder*
my server config:
| Code: |
proto udp
dev tun
port 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
tls-auth /etc/openvpn/ta.key 0
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
resolv-retry infinite
status /etc/openvpn/openvpn-status.log
chroot /etc/openvpn/chroot
|
and my client config:
| Code: |
client
port 1194
proto udp
dev tun
remote remote-server 1194
nobind
keepalive 10 120
comp-lzo
verb 3
ca ca.crt
cert user.crt
key user.key
cipher AES-256-CBC
persist-key
persist-tun
resolv-retry infinite
tls-auth ta.key 1
ns-cert-type server
tls-remote remote_server
explicit-exit-notify 2
|
ifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1028 (1.0 Kb) TX bytes:60 (60.0 b)
and my route (only the tun0 part):
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
and here the route on the client:
| Code: |
route print
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x3 ...00 18 f3 90 eb 00 ...... Marvell Yukon 88E8053 PCI-E Gigabit Ethernet
troller - Paketplaner-Miniport
0x4 ...00 ff a6 84 fe 26 ...... TAP-Win32 Adapter V8 - Paketplaner-Miniport
===========================================================================
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Anzahl
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.23 1
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 1
10.8.0.4 255.255.255.252 10.8.0.6 10.8.0.6 30
10.8.0.6 255.255.255.255 127.0.0.1 127.0.0.1 30
|
so i am wondering what might be the problem, and i hope someone could help me with this...
thx in advance
snIP3r
_________________
Intel i3-4130T on ASUS P9D-X
Kernel 5.15.88-gentoo SMP
-----------------------------------------------
if your problem is fixed please add something like [solved] to the topic! |
|
Networking & Security
