Connects to server, but that's it.

[mh00h]

Hi, I have been able to get my computer to connect to the openVPN server. After that, nothing happens. I can ssh into the box, but not make traffic to the network behind the server (nor the server's internet connection) can be accessed. Nor can I access samba that the server hosts on the network. I am trying to do this from two separate machines on two separate ip addresses. Both machines are running Ubuntu 10.10.

Here's my .conf files and router static routes. Lastly, thank you very much for your help.
______________________________________________________________________________

Client ip address: 192.168.1.4 | 255.255.255.0. | Public IP address #1
Server ip address: 192.168.2.106 | 255.255.255.0 | Public IP address #2
Router ip: 192.168.2.1 | 255.255.255.0 | Public IP address #2

router configuration (netgear wgr614)

# Active Name Destination Gateway
1 Yes mh00hVPN 192.168.3.0 192.168.2.106


client.conf:

Code: Select all

client

dev tun

proto udp

XXXXX.dyndns.org 1194
resolv-retry infinite

nobind

user nobody
group nobody

persist-key
persist-tun

mute-replay-warnings

ca ca.crt
cert client1.crt
key client1.key
cipher AES-128-CBC

comp-lzo

verb 3

server.conf

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key

dh /etc/openvpn/easy-rsa/keys/dh1024.pem

server 192.168.3.0 255.255.255.128

ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.128"
push "redirect-gateway def1"
client-to-clientkeepalive 10 120

cipher AES-128-CBC  

comp-lzo

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

verb 3

mute 20

[george]

Is IP forwarding enabled on the server? Do the clients get the routes as expected? Have you ran tcpdump on the VPN server interface to see if traffic is getting dropped?

[mh00h]

I enabled iptables permanently following these instructions (sysctl) http://www.ducea.com/2006/08/01/how-to- ... -in-linux/. That solved one issue, but has not solved the problem yet.

I then ran TCPDUMP on the tun0 interface on the server. No traffic is detected.

Here is the result of my ROUTE-FC printout on the server:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.2     *               255.255.255.255 UH    0      0        0 tun0
192.168.3.0     192.168.3.2     255.255.255.128 UG    0      0        0 tun0
192.168.2.0     *               255.255.255.0   U     2      0        0 wlan0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
default         192.168.2.1     0.0.0.0         UG    0      0        0 wlan0

ROUTE-FC printout from the client:

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
69.XXX.XXX.XX8. subspace        255.255.255.255 UGH   0      0        0 wlan0
192.168.3.5     *               255.255.255.255 UH    0      0        0 tun0
192.168.3.0     192.168.3.5     255.255.255.128 UG    0      0        0 tun0
192.168.2.0     192.168.3.5     255.255.255.128 UG    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     2      0        0 wlan0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
default         192.168.3.5     0.0.0.0         UG    0      0        0 tun0

I am not sure how to interpret these correctly.

[janjust]

client+server configs look OK - can you post the log of the client connecting with 'verb 4' set?

Also, run 'tcpdump' on the server 'tun0' interface (or does the server perhaps grab another 'tun' device? check /sbin/ifconfig to see which i/f has 192.168.3.1) , then from the client, do a

Code: Select all

ping 192.168.3.1

you should see activity on the tun0 device in this case .