| View previous topic :: View next topic |
| Author |
Message |
eldiablo
Tux's lil' helper
Joined: 20 Sep 2003
Posts: 136
Location: Halsa(Where keiko lived his last days), Norway
|
 Posted: Fri Mar 30, 2007 8:07 pm Post subject: OpenVPN routing problem |
 |
|
Hi,
Im having a problem with some routes on my OpenVPN setup..
After connecting to the server from my client i see this in the server log:
| Quote: | | Mar 30 21:54:53 oxygen ovpn-local[24378]: oxygen.xxx.org/80.212.110.xxx:60307 MULTI: bad source address from client [192.168.1.102], packet dropped |
And i cant reach anything but the server.
80.212.110.xxx is the IP of mye ADSL modem
oxygen.xxx.org is the openvpn server
192.168.1.102 is the client behind the ADSL modem, using NAT
This is my server config:
| Code: |
dev tun
ifconfig 10.0.0.1 10.0.0.2 // IP of the local tun device and its peer
dh dh2048.pem
ca ca.crt
cert server.crt
key server.key
proto udp
comp-lzo
port 1194
user nobody
group nobody
server 10.0.0.0 255.255.255.0
push "redirect-gateway"
client-to-client
push "dhcp-option DNS 10.0.0.1"
ifconfig-pool-persist ipp.txt
verb 4
push "route 192.168.1.0 255.255.255.0" |
This is my client config
| Code: |
client
dev tun
proto udp
remote oxygen.tihlde.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert helium.crt
key helium.key
comp-lzo
verb 3 |
This is my routing table on the client:
158.38.xx.xx is the OpenVPN server
| Quote: |
Kernel IP routeing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
158.38.xx.xx 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
10.0.0.0 10.0.0.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 10.0.0.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 10.0.0.5 0.0.0.0 UG 0 0 0 tun0
|
This is the routing table on the server:
| Quote: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
158.38.xx.0 0.0.0.0 255.255.255.192 U 0 0 0 eth0
10.0.0.0 10.0.0.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 158.38.xx.1 0.0.0.0 UG 0 0 0 eth0
|
_________________
Always running the most experimental |
|
| Back to top |
|
 |
Stever
Apprentice
Joined: 01 Mar 2005
Posts: 151
Location: North Carolina
|
| Posted: Sat Mar 31, 2007 6:03 am Post subject: |
|
|
| Quote: | | Code: | | push "route 192.168.1.0 255.255.255.0" |
|
I think this is your problem. With this line you are telling your clients that the route to 192.168.1.xxx is through the OpenVPN server, which conflicts with the existing route on the client's eth0.
Your description doesn't quite make it clear to me what you do want the routing to be, but the above line is definitely not it. What do you actually want to connect to through the OpenVPN server? |
|
| Back to top |
|
|
eldiablo
Tux's lil' helper
Joined: 20 Sep 2003
Posts: 136
Location: Halsa(Where keiko lived his last days), Norway
|
| Posted: Sat Mar 31, 2007 10:01 am Post subject: |
|
|
I want all my traffic to go through the OpenVPN server, hence "push "redirect-gateway""
I have removed that push line, with no success, still only can reach the openvpn server.
_________________
Always running the most experimental |
|
| Back to top |
|
|
eldiablo
Tux's lil' helper
Joined: 20 Sep 2003
Posts: 136
Location: Halsa(Where keiko lived his last days), Norway
|
| Posted: Sat Mar 31, 2007 12:08 pm Post subject: |
|
|
Ok, i managed to fix this somehow, dunno really what i did to make it work, but now i have another problem 
I need to run it in bridged modus since i need multicast on the client, and that is only available on the server.
My server config now look like this, changed from dev tun to dev tap in client config, only change there.
| Code: |
dev tap0
;ifconfig 10.0.0.1 255.255.255.0 // IP of the local tun device and its peer
dh dh2048.pem
ca ca.crt
cert server.crt
key server.key
proto udp
comp-lzo
port 1194
user nobody
group nobody
server-bridge 10.0.0.1 255.255.255.0 10.0.0.50 10.0.0.100
;server 10.0.0.0 255.255.255.0
push "redirect-gateway"
client-to-client
ifconfig-pool-persist ipp.txt
verb 4
;client-config-dir ccd
;route 192.168.1.0 255.255.255.0
float
ping 10
ping-restart 120
status openvpn-status.log
|
My problem now is that i cant reach anything with this setup, i have ofcourse enabled the bridge with the bridge-start.sh script, and i think that should be ok.
server gets the ip 10.0.0.1, and client 10.0.0.50
ping 10.0.0.1 on the client gives no respons, same the other way round.
This is the routing table on the client
| Quote: |
Kernel IP routeing table
Destination Gateway Genmask Flags Metric Ref Use Iface
158.38.xx.xx 192.168.1.1 255.255.255.255 UGH 0 v eth10 0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1vv
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 tap0
|
_________________
Always running the most experimental |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
