Re: [Openvpn-users] Openvpn

[Spoilt S. <spo...@gm...>]

Thanks for the help

You were right, I  apologize for the very lame message I am new at posting and
will from now on will post more detail when I need help.

It was the bridging. the script i used was a sample script that came with
the openvpn install the problem was originally i was bridging to the wrong
interface in my case i was bridging to eth1 which was the 10.0.0.*
range instead of my local lan.
only figured this out after being on google for more than a day. i
feel like such a chop!


I am still in the dark with how to create more than one tap device but
i was able
to get 1 windows client connected to the vpn. He can browse all the shares but
the connection is very slow.

They are running a local app called Timeware (south african local app)
Which when accessed through the vpn takes about 20 minutes to login
and is soooooooo slow when they input data.

Is there any documentation around that anyone knows about that can
help in making
the vpn a little quicker.

Thanks

Celeste

On Fri, Jan 15, 2010 at 6:03 AM, Josh Cepek <jos...@us...> wrote:
> Spoilt Stukkend wrote:
>> At the office I have a linux server running a proxy,mail,samba and now
>> openvpn server
>> there is an xp pro machine with the 2 applicaiton they need to access
>> from outside the office.
>>
>> There is no dhcp server running they are very small so they are using
>> static ips 192.168.1.1-192.168.1.199
>>
>> The linux server has 2 nics
>> eth0 192.168.1.1/255.255.255.0    (local lan)
>> eth1 10.0.0.253/255.0.0.0             (for the adsl connection)
>>
>> we use an adsl connection so i set it up on the 10.0.0.253 card and it
>> comes up as dsl0
>>
>> I have setup openvpn server on linux and openvpn client on a xp pro
>> machine I am able to connect no problem
>> but there is no traffic between the 2 i can not ping the xp pro
>> machine and it cant ping the server.
>>
>
> Sounds like a basic bridging problem to me. It seems you posted a more
> recent issue with setting up the bridge, but it's seemingly without
> context (no configuration files, network setup, or logs) so I don't know
> what you expect to be done with that message. This said, you shouldn't
> loose your WAN (DSL) connection by messing with a bridge involving the
> LAN (eth0), although it may appear this way if you are connecting from a
> local client when you disconnect the LAN (as you can no longer get to
> the Internet without a usable gateway.)
>
> To bridge connecting clients to the local LAN, the server must set up a
> bridge holding the local network card (eth0 in your case) and the tap
> adapter.  Your newer post says you're using the provided example
> bridge-start script, but this is in apparent conflict with your "dev
> tap" directive in your server config, shown below.  Even if the
> bridge-start script creates br0 with member devices eth0 and tap0, the
> server directive "dev tap" will dynamically create tap1 to use with your
> VPN instance as tap0 will be detected as already in use after executing
> the bridge-start script.  tap1 is naturally not part of br0, and thus
> won't bridge traffic between clients and the local subnet
>
> I'd recommend setting up the bridge with your distro's network scripts
> so br0 holds your LAN address with eth0 as a member.  Then have a
> dedicated tap adapter defined as part of that same bridge with your
> network scripts (call it tap_bridge, or whatever you like really.)  You
> could instead choose to do this on-demand when the VPN is established,
> but then you need a script to create the bridge, and you might as well
> leverage your distro's built-in network support to do this same task.
> Then pass the "dev tap_bridge" or whatever you named the adapter, and it
> will use the adapter already bridged to the LAN that was configured with
> the rest of your OS networking.
>
>> Here are my configs:
>>
>>
>> #Server.conf
>>
>>
> [... Comments and whitespace removed from config for readability ...]
>
> port 1194
> proto tcp
> dev tap
> ca /etc/openvpn/easy-rsa/keys/ca.crt
> cert /etc/openvpn/easy-rsa/keys/server.crt
> key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> ifconfig-pool-persist ipp.txt
> server-bridge 192.168.1.1 255.255.255.0 192.168.1.220 192.168.1.222
> keepalive 10 120
> comp-lzo
> persist-key
> persist-tun
> status openvpn-status.log
> verb 3
>
>>
>> #client config
>>
>> remote server.dyndns.org # this is the remote server ip
>> port 1194
>> dev tap
>> resolv-retry inifinite
>> ping 10
>> comp-lzo
>> verb 4
>> mute 10
>> tls-client
>> ca ca.crt
>> cert vpnhost1.crt
>> key vpnhost1.key
>> pull
>> verb 4
>> proto tcp-client
>>
>> This is what happens when i run openvpn /etc/openvpn server.conf
>>
> [... Log output omitted ...]
> The connection is established, and provided it's not timing out 4
> minutes later (a 120 second keepalive limit on the server gives a
> 4-minute window before the server kills unresponsive sessions) your VPN
> session is established and maintained.
>
> --
> Josh Cepek
>
>
>