since I did not get any results searching this forum for "ifconfig-push", I believe it is valid to post here my problem.
What I want to do
Logging into my home-network with a laptop via OpenVPN. e.g. when I am at my mom's place. The special issue: the OpenVPN client has to have a fixed, own IP 10.0.0.10. Why? Because within the home-network I have a file-server and I want to mount the OpenVPN client with that file-server via NFSv4. And NFSv4 requires fixed IPs.
Info about the home-network
The OpenVPN-Server is running an a router flashed with dd-wrt;
Router IP address: 10.0.0.21 / 255.255.0.0
This router also provides the DHCP server
DHCP start-IP: 10.0.0.1
OpenVPN-Server Configuration:
Code: Select all
server 10.8.0.0 255.255.0.0
client-config-dir /ccd
push "route 10.0.0.0 255.255.0.0"
port 1194
proto udp
dev tun0
dh /temp/openvpn/dh.ph
ca /temp/openvpn/ca.crt
cert /temp/openvpn/cert.pem
key /temp/openvpn/key.pem
ping-timer-rem
keepalive 20 180
verb 3
mute 5
management localhost 5001
OS: Linux-Debian
OpenVPN Client Configuration:
Code: Select all
client
dev tun0
proto udp
# do not be asotnished about the IP; For test-purposes at home, I am using two routers
remote 192.168.0.104 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/client.crt
key /etc/openvpn/easy-rsa/keys/client.key
verb 3
mute 50
To test in general the certificates and keys, I did not use at the beginning the line "client-config-dir /ccd". Result: everything work perfect. I can open a VPN tunnel and I am able to ping different machines within the home-network.
What is not working - the problem
I added in the server-configuration the line "client-config-dir /ccd" and I have putted in the /ccd directory a file with following content: "ifconfig-push 10.0.0.10 10.0.0.21". After starting the Openvpn client with "openvpn --config client.conf", everything seems ok, because on the terminal I can read this (last few lines):
Code: Select all
....
Thu Sep 1 17:32:15 2011 ROUTE default_gateway=192.168.0.1
Thu Sep 1 17:32:16 2011 TUN/TAP device tun0 opened
Thu Sep 1 17:32:16 2011 TUN/TAP TX queue length set to 100
Thu Sep 1 17:32:16 2011 /sbin/ifconfig tun0 10.0.0.10 pointopoint 10.0.0.21 mtu 1500
Thu Sep 1 17:32:16 2011 /sbin/route add -net 10.0.0.0 netmask 255.255.0.0 gw 10.0.0.21
Thu Sep 1 17:32:16 2011 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.0.0.21
Thu Sep 1 17:32:16 2011 Initialization Sequence Completed
In addition; if I check the comments on the dd-wrt-Router-Gui, I can see under the OpenVPN-status-tab the client:
Real-Address: 192.168.0.108:1194
Virtual Address: 10.0.0.10
Perfect, I tought. But then I figured out I cannot ping a single machine in the home-network from the OpenVPN client machine (remember, without ifconfig-push it worked fine). Of course, mounting via NFSv4 is not working , too.
Assumption
Frm the OpenVPN documentation:
Although I am having a 100% Linux environment, perhaps I still have to change to /30 subnetmask. Also, the docu mentions "last octet in the IP address" have to fit. Do I have to fulfill both of these criteria even running Linux?Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints. They must be taken from successive /30 subnets in order to be compatible with Windows clients and the TAP-Win32 driver. Specifically, the last octet in the IP address of each endpoint pair must be taken from this set:
(Would be nice if not, because in that case I had to make a lot of configuration changes at other machines and servers because of fixed IP.)
Thanks in advance for all your help!
