From: Jason B. <bur...@gm...> - 2006-06-01 04:18:33
|
It seems my life is being made more difficult by the minute with OpenVPN. It seems to be a recurrent problem without a good answer I've found. I'm pretty much at my wit's end and give up. Yes, IP forwarding is enabled on both machines. I set up an OpenVPN 2.0 server on a remote machine. I then have a client running on a border router at another site that connects to it. It connects fine. I can ping back and forth between the server and the client, initiated from either side. The problem arises when I try to ping from a machine on the client side to a machine behind the server. Wed May 31 22:37:18 2006 us=958912 clientStarnetBeta-Cave/client-IP:43077 MULTI: bad source address from client [192.168.0.130], packet dropped Now, on the server this is my routing table: Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.3.0.2 * 255.255.255.255 UH 0 0 0 tun0 192.168.100.0 * 255.255.255.0 U 0 0 0 eth1 192.168.102.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 192.168.2.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 192.168.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 9.19.129.0 * 255.255.255.0 U 0 0 0 eth1 9.19.129.0 * 255.255.255.0 U 0 0 0 eth1 10.3.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 10.15.1.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 10.15.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0 032-238-079.are * 255.0.0.0 U 0 0 0 eth0 loopback localhost 255.0.0.0 UG 0 0 0 lo default ISP_Gateway 0.0.0.0 UG 0 0 0 eth0 On the client side, it's this: Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.3.0.5 * 255.255.255.255 UH 0 0 0 tun1 Another local VPN * 255.255.255.255 UH 0 0 0 tun0 user-12lmgo0.ca * 255.255.255.128 U 0 0 0 eth1 192.168.100.0 10.3.0.5 255.255.255.0 UG 0 0 0 tun1 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 10.3.0.0 10.3.0.5 255.255.255.0 UG 0 0 0 tun1 loopback * 255.0.0.0 U 0 0 0 lo default client ISP gateway 0.0.0.0 UG 0 0 0 eth1 The interface in question for the client side is tun1. For the server, it's tun0. I tried turning off masquerading on either side, to no avail. I set explicit routes, to no avail. Any ping from any machine behind the client router, such as 192.168.0.130, gets dropped with the error message above, and drops off into a black hole. Here are the configuration files, incidentally: Server.conf: local openvpn-server-address port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem server 10.3.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.100.0 255.255.255.0" client-config-dir ccd route 192.168.0.0 255.255.255.0 route 192.168.1.0 255.255.255.0 route 192.168.2.0 255.255.255.0 route 192.168.102.0 255.255.255.0 route 10.15.0.0 255.255.255.0 route 10.15.1.0 255.255.255.0 ;route 10.3.0.0 255.255.255.0 ; Allow clients to see each other. client-to-client keepalive 10 120 tls-auth ta.key 1 cipher AES-256-CBC comp-lzo max-clients 25 user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 5 client.conf: client dev tun proto udp remote openvpn-server-address 1194 nobind user nobody group nobody persist-key persist-tun dh /etc/openvpn/dh1024.pem ca ca.crt cert clientStarnetBeta.crt key clientStarnetBeta.key ;ns-cert-type server tls-auth ta.key 0 cipher AES-256-CBC comp-lzo verb 3 mute 20 keepalive 10 120 Server-side ccd file for the client: iroute 192.168.0.0 255.255.255.0 iroute 192.168.1.0 255.255.255.0 iroute 192.168.2.0 255.255.255.0 Thanks for any help. |