From: Erich T. <eri...@th...> - 2006-06-01 11:20:18
|
Jason Jason Burrell wrote: > It seems my life is being made more difficult by the minute with > OpenVPN. It seems to be a recurrent problem without a good answer I've > found. I'm pretty much at my wit's end and give up. Yes, IP forwarding > is enabled on both machines. > > I set up an OpenVPN 2.0 server on a remote machine. I then have a > client running on a border router at another site that connects to it. > It connects fine. I can ping back and forth between the server and the > client, initiated from either side. The problem arises when I try to > ping from a machine on the client side to a machine behind the server. Would you mind to elaborate further, e.g. ping from where to where, so we can understand your problem > > Wed May 31 22:37:18 2006 us=958912 > clientStarnetBeta-Cave/client-IP:43077 MULTI: bad source address from > client [192.168.0.130], packet dropped A little ascii art of your network topology might help. If I understand your problem correctly you try to ping from 192.168.0.130 to one of the systems in 192.168.100.0/24 other routes are not pushed and Why you have 2 routes to 9.19.129.0/24 is a little aside I do not grok. .. > > The interface in question for the client side is tun1. For the > server, it's tun0. > > I tried turning off masquerading on either side, to no avail. I set > explicit routes, to no avail. What do you masquerade, where and why? > > Any ping from any machine behind the client router, such as > 192.168.0.130, gets dropped with the error message above, and drops > off into a black hole. Where does it get dropped, on the client or the server? Try to use tcpdump to determine which system does not want to play with you. > > Here are the configuration files, incidentally: > > Server.conf: > local openvpn-server-address > port 1194 > proto udp > > dev tun > ca ca.crt > cert server.crt > key server.key > > dh dh1024.pem > server 10.3.0.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > > push "route 192.168.100.0 255.255.255.0" > client-config-dir ccd > route 192.168.0.0 255.255.255.0 > route 192.168.1.0 255.255.255.0 > route 192.168.2.0 255.255.255.0 > route 192.168.102.0 255.255.255.0 > route 10.15.0.0 255.255.255.0 > route 10.15.1.0 255.255.255.0 > ;route 10.3.0.0 255.255.255.0 How does the client know about this route if you don't push it? Your kernel routing table for the client appears not to match your current set up. cheers Erich |