[Openvpn-users] tun0 and tun1 have the same ip address

[Ian C. <cla...@ce...>]

Hi,
I am using openvpn v2 on FC3. The VPN serves 2 purposes a site to site 
link (acting as a client) and a server to allow openvpn users connect.
I've been using the site to site link for a couple of months now and it 
works perfectly. This connects over port 5000 UDP to another site.
I then added a conf file to allow remote users connect to the site. 
However, after restarting the VPN both tun interfaces were listening on 
the same IP address. tun1 is the site to site link and tun0 the server :

tun0      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.1.0.2  P-t-P:10.1.0.2  Mask:255.255.255.255
     
tun1      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.1.0.2  P-t-P:10.1.0.1  Mask:255.255.255.255
  

As you will see from my conf file below i would expect tun0 to have an 
IP address of 10.12.0.1.

my server config:

dev tun
proto udp
port 1194
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so vpn
username-as-common-name
client-config-dir ccd
ccd-exclusive
dh ./ssl/dh1024.pem
ca ./ssl/xxx.crt
cert ./ssl/xxxx.crt
key ./ssl/private/xxxx.key
mode server
tls-server
ifconfig 10.12.0.1 10.12.0.2
ifconfig-pool 10.12.0.100 10.12.0.251
route 10.12.0.0 255.255.255.0
push "route 10.12.0.1"
ifconfig-pool-persist ipp-auth.txt
push "route 192.168.x.0 255.255.255.0" #route to company network
push "route 192.168.x.0 255.255.255.0" #route to company network
push "dhcp-option DOMAIN xxxx"  #push the DNS domain suffix
push "dhcp-option DNS 192.168.x.2"  #push DNS entries to client
push "dhcp-option DNS 192.168.x.2"  #push DNS entries to client
push "dhcp-option WINS 192.0.2.14"  #push WINS entry to client
user nobody
group nobody
comp-lzo
; ping 15
ping 15
; ping-restart 45
; ping-timer-rem
persist-tun
persist-key
verb 3

Here is my site to site config:

dev tun
remote xxx.xxx.146.137
ifconfig 10.1.0.2 10.1.0.1
up ./celcz.up
tls-client
ca ./ssl/xxx.crt
cert ./ssl/xxxx.crt
key ./ssl/private/xxxx.key
port 5000
user nobody
group nobody
comp-lzo
; ping 15
; ping 15
; ping-restart 45
; ping-timer-rem
persist-tun
persist-key
verb 1


The routing table looks fairly correct:

10.1.0.1        *               255.255.255.255 UH    0      0        0 tun1
10.12.0.2       *               255.255.255.255 UH    0      0        0 tun0
194.xxx.xx.248  *               255.255.255.248 U     0      0        0 eth0
192.168.x.0     192.168.0.1     255.255.255.0   UG    2      0        0 eth2
192.168.x.0     192.168.0.1     255.255.255.0   UG    2      0        0 eth2
192.1.2.0       10.1.0.1        255.255.255.0   UG    0      0        0 tun1
10.12.0.0       10.12.0.2       255.255.255.0   UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth2
192.168.10.0    192.168.0.1     255.255.255.0   UG    2      0        0 eth2
192.0.2.0       10.1.0.1        255.255.255.0   UG    0      0        0 tun1
192.168.9.0     *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth2
default         249.xx.xxx.194. 0.0.0.0         UG    0      0        0 eth0


Anyone got any idea's what coud be causing this ?
thanks

-- 
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.

P : ++353 93 23151
F : ++353 93 23110
E : mailto:cla...@ce...
W : http://www.cel-europe.com