Menu
▾
▴
Re: [Openvpn-users] OpenVPN Tunnel Issues between 2 Debian Servers
|
From: Jan J. K. <ja...@ni...> - 2008-05-05 20:54:32
|
Mike wrote: > Greetings everyone, > > I am wondering if anyone has ideas to what is going on with my openvpn setup > with 2 debian servers. I am running the latest version of Debian with OpenVPN > trying to join 2 separate networks together. > > I can ping any host in any network, from any client. So it appears the tunnel > is definitely working. I can SSH into one of the OpenVPN servers just fine, > no issues. The weird thing is, I can't remote desktop to any computer - it > will connect and just show a black screen. I tried setting the fragment option > to 1400 and that didn't work. Another weird problem is SSH doesn't work > on Server A from a tunnel interface via Server B. And yet another issue - I > can't access my web server from across the tunnel either. Here is why I don't > think it's a firewall issue: If I "telnet serverA 22", I get the SSH version. > If I "telnet serverA 80", I can access the webserver. However using firefox > will not load the web page, I get a connection timed out. Using putty will not > connect to the SSH server, even though I can telnet to it just fine. > > Any ideas what is going on? Here is all the detail about my configuration: > > Server/Network A: > eth0- 192.168.5.X > Tun0- 10.1.8.1 > > OpenVPN config: > #SERVER A CONFIG > remote servera.mydomain.com > dev tun > ifconfig 10.1.8.1 10.1.8.2 > port 1194 > proto udp > persist-tun > persist-key > comp-lzo > ping 15 > verb 5 > secret vpntun.key > route 192.168.6.0 255.255.255.0 > user nobody > group nogroup > > > Server/Network B: > eth0 - 192.168.6.X > eth1 - Internet IP > Tun0 - 10.1.8.2 > OpenVPN config: > #SERVER B CONFIG > remote serverb.mydomain.com > dev tun > ifconfig 10.1.8.2 10.1.8.1 > port 1194 > proto udp > persist-tun > persist-key > comp-lzo > ping 15 > verb 5 > secret vpntun.key > route 192.168.5.0 255.255.255.0 > user nobody > group nogroup > > I am using firehol to route traffic across eth0 and eth1 on Server B. > > Since pings seem to work, I believe my routing tables are correct. Any ideas? > > Try adding tun-mtu 1400 to your config files... if 'telnet serverA 80' works and firefox from the same box does not, then most likely you've got MTU issues... HTH, JJK |
