i have server and client on TAP
client config:
# cat /tmp/openvpn/openvpn.conf | grep -vE '^#|^;|^$'
management localhost 5001
verb 0
up-delay
persist-tun
persist-key
cipher BF-CBC
client
dev tap0
proto tcp
remote hotspot-srv.mobilochka.ua 1258
comp-lzo
nobind
keepalive 5 15
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
#
root@testhotspoh:~# ifconfig tap0
tap0 Link encap:Ethernet HWaddr 00:FF:42:EC:E8:10
inet addr:172.30.64.2 Bcast:172.30.64.255 Mask:255.255.255.0
server
config:
dev ovpns65
dev-type tap
dev-node /dev/tap65
writepid /var/run/openvpn_server65.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 89.184.67.20
tls-server
server 172.30.64.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
lport 1258
management /var/etc/openvpn/server65.sock unix
ca /var/etc/openvpn/server65.ca
cert /var/etc/openvpn/server65.cert
key /var/etc/openvpn/server65.key
dh /etc/dh-parameters.1024
comp-lzo
ifconfig 172.30.64.1 255.255.255.0
[root@srv]/root(24): ifconfig ovpns65
ovpns65: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:3c:13:00:41
inet6 fe80::2bd:3cff:fe13:41%ovpns65 prefixlen 64 scopeid 0x86
inet 172.30.64.1 netmask 0xffffff00 broadcast 172.30.64.255
but a don't ping server ip 172.30.64.1 from client and dont ping client ip 172.30.64.2 from server.
firewall is off
how to ping client tap ?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: how to ping client tap ?
From server config remove:
and insteed ofifconfig 172.30.64.1 255.255.255.0
uselport 1258
Code: Select all
port 1258-
alexandrnew
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jan 23, 2011 4:45 pm
Re: how to ping client tap ?
done:
dev ovpns65
dev-type tap
dev-node /dev/tap65
writepid /var/run/openvpn_server65.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 89.184.67.20
tls-server
server 172.30.64.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
management /var/etc/openvpn/server65.sock unix
ca /var/etc/openvpn/server65.ca
cert /var/etc/openvpn/server65.cert
key /var/etc/openvpn/server65.key
dh /etc/dh-parameters.1024
comp-lzo
port 1258
and -no ping to 172.30.64.2 from 172.30.64.1
dev ovpns65
dev-type tap
dev-node /dev/tap65
writepid /var/run/openvpn_server65.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 89.184.67.20
tls-server
server 172.30.64.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
management /var/etc/openvpn/server65.sock unix
ca /var/etc/openvpn/server65.ca
cert /var/etc/openvpn/server65.cert
key /var/etc/openvpn/server65.key
dh /etc/dh-parameters.1024
comp-lzo
port 1258
and -no ping to 172.30.64.2 from 172.30.64.1
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: how to ping client tap ?
Show the log from server and config. Show the output of:
iptable -L -v
iptable -L -v -t nat
iptable -L -v
iptable -L -v -t nat
-
alexandrnew
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jan 23, 2011 4:45 pm
Re: how to ping client tap ?
[root@srv]/root(11): iptables -L -v
iptables: Command not found.
[root@srv]/root(12): iptables -L -v
iptables: Command not found.
this is freebsd, with pf, pf on this interface:
[root@srv]/root(9): pfctl -s rules | grep ovpns65
scrub in on ovpns65 all fragment reassemble
block drop in on ! ovpns65 inet from 172.30.64.0/24 to any
block drop in on ovpns65 inet6 from fe80::2bd:3cff:fe13:41 to any
pass in on ovpns65 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in on ovpns65 inet proto udp from any port = bootpc to 172.30.64.1 port = bootps keep state label "allow access to DHCP server"
pass out on ovpns65 inet proto udp from 172.30.64.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass in quick on ovpns65 all flags S/SA keep state label "USER_RULE"
[root@srv]/root(10): pfctl -s rules | grep 172.30.64
block drop in on ! ovpns65 inet from 172.30.64.0/24 to any
block drop in inet from 172.30.64.1 to any
pass in on ovpns65 inet proto udp from any port = bootpc to 172.30.64.1 port = bootps keep state label "allow access to DHCP server"
pass out on ovpns65 inet proto udp from 172.30.64.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
[root@srv]/root(11):
rules pass in quick on ovpns65 all flags S/SA keep state label "USER_RULE"
allow any to any
i'am disabled pf, but ping not working...
iptables: Command not found.
[root@srv]/root(12): iptables -L -v
iptables: Command not found.
this is freebsd, with pf, pf on this interface:
[root@srv]/root(9): pfctl -s rules | grep ovpns65
scrub in on ovpns65 all fragment reassemble
block drop in on ! ovpns65 inet from 172.30.64.0/24 to any
block drop in on ovpns65 inet6 from fe80::2bd:3cff:fe13:41 to any
pass in on ovpns65 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in on ovpns65 inet proto udp from any port = bootpc to 172.30.64.1 port = bootps keep state label "allow access to DHCP server"
pass out on ovpns65 inet proto udp from 172.30.64.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass in quick on ovpns65 all flags S/SA keep state label "USER_RULE"
[root@srv]/root(10): pfctl -s rules | grep 172.30.64
block drop in on ! ovpns65 inet from 172.30.64.0/24 to any
block drop in inet from 172.30.64.1 to any
pass in on ovpns65 inet proto udp from any port = bootpc to 172.30.64.1 port = bootps keep state label "allow access to DHCP server"
pass out on ovpns65 inet proto udp from 172.30.64.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
[root@srv]/root(11):
rules pass in quick on ovpns65 all flags S/SA keep state label "USER_RULE"
allow any to any
i'am disabled pf, but ping not working...
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: how to ping client tap ?
Use to disable PF and try again.
Code: Select all
pfctl -d-
alexandrnew
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Jan 23, 2011 4:45 pm
Re: how to ping client tap ?
pfctl -d -ping not workingalexandrnew wrote:[root@srv]/root(11): iptables -L -v
i'am disabled pf, but ping not working...
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: how to ping client tap ?
your client should get 172.30.64.6 ip not 172.30.64.2
can you post the output of ifconfig on your server?
Michael.
can you post the output of ifconfig on your server?
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"