Hi all,
I'm really new in using vpn. So I like to ask for support. Didn't find a solution in the board (may be I'm to old for this )
set up VPN on IPCop server, IPCop is working, internal conections, internet etc. working well.
Setup serina, conection is possible, server is working (green) , client also up (green)
config on client:
>>>>>>
#OpenVPN Server conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote statdsl-085-016-073-083.ewe-ip-backbone.de 1194
pkcs12 UBFVPN.p12
cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server
<<<<<<
config on server:
>>>>>>
#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare ZERINA for listening on blue and orange
;local statdsl-085-016-073-083.ewe-ip-backbone.de
dev tun
tun-mtu 1400
proto udp
port 1194
tls-server
ca /var/ipcop/ovpn/ca/cacert.pem
cert /var/ipcop/ovpn/certs/servercert.pem
key /var/ipcop/ovpn/certs/serverkey.pem
dh /var/ipcop/ovpn/ca/dh1024.pem
server 10.141.11.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher BF-CBC
comp-lzo
max-clients 100
tls-verify /var/ipcop/ovpn/verify
crl-verify /var/ipcop/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3
<<<<<<<
problem is that I can ping the VPN Server with ping 10.141.11.5, as well as by the ping 192.168.0.1 (local IP of server). I wonder on one line in my log :
ROUTE default_gateway=192.168.1.1
where is it comming from? There is no actiov subnet 192.168.1.0
Thanks for help
no access to net behind working vpn
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jan 07, 2011 11:40 am
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: no access to net behind working vpn
Hello,
192.168.1.1 is the internal address of your local router
I'm going to guess you need to inform IPCop that your VPN client network (10.141.11.0/24) is a friendly network. I've encountered IPCop before, but my reaction has generally been to replace it with a straight-up BSD or Linux install (I am far too lazy to embrace a new way of thinking about firewalls and routes that involves bunnies and flowers... er... I mean, colors )
If you're able to communication with the internal IP address of the IPCop device, I'm pretty sure your vpn configuration is sound. Now it's just a matter of figuring out how to make IPCop cooperate.
-S
192.168.1.1 is the internal address of your local router
I'm going to guess you need to inform IPCop that your VPN client network (10.141.11.0/24) is a friendly network. I've encountered IPCop before, but my reaction has generally been to replace it with a straight-up BSD or Linux install (I am far too lazy to embrace a new way of thinking about firewalls and routes that involves bunnies and flowers... er... I mean, colors )
If you're able to communication with the internal IP address of the IPCop device, I'm pretty sure your vpn configuration is sound. Now it's just a matter of figuring out how to make IPCop cooperate.
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jan 07, 2011 11:40 am
Re: no access to net behind working vpn
Thanks - It's my idea too. it might be a special problem in IPCop, but I do not like to change system. It's working for more then 4 years without problems. You know - never touch a running system
the mystrey is that my VPN worked one day - nothing has been changed, no dynamic IP's or someting else?? Next day - Problem.
I will look in IPCop forum.
Thanks again
the mystrey is that my VPN worked one day - nothing has been changed, no dynamic IP's or someting else?? Next day - Problem.
I will look in IPCop forum.
Thanks again