openvpn server tun interface is .1 not .5 ..
Michael.
[resolved] Unable to reach the server network with net30
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Unable to reach the server network with net30
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Unable to reach the server network with net30
when using 'net30' you need to specify the right net30 subnet; in general, a 'net30' client will be assign a block of address 172.16.1.4n - 172.16.1.4n+4 , where n=1,2,3,4,5,...
So for n=21 you would have
the virtual remote endpoint is needed, but cannot be pinged.
In both 'net30' and 'subnet' topology modes the VPN server needs to be in the same (server side) subnet as the VPN client. Thus, you cannot simply pick any subnet for the client (or any IP address), as the server will not be reachable. Hence , if you want to assign a client the address of 172.16.90.2 you would have to configure the server like
regular clients are assigned address from the pool, but "special" clients can be assigned address from 172.16.0.0 - 172.15.255.255
This is explained in more detail in my book.
So for n=21 you would have
Code: Select all
172.16.1.84 - the net30 subnet address
172.16.16.85 - the virtual remote endpoint
172.16.1.86 - the actual client VPN address
172.16.1.84 - the net30 broadcast addresss
In both 'net30' and 'subnet' topology modes the VPN server needs to be in the same (server side) subnet as the VPN client. Thus, you cannot simply pick any subnet for the client (or any IP address), as the server will not be reachable. Hence , if you want to assign a client the address of 172.16.90.2 you would have to configure the server like
Code: Select all
mode server
ifconfig 172.16.1.1 172.16.1.2
ifconfig-pool 172.16.1.4 172.16.1.200
route 172.16.0.0 255.255.0.0
push "route 172.16.1.1"
push "route 172.16.0.0 255.255.0.0"This is explained in more detail in my book.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Unable to reach the server network with net30
first check: does it still work without the CCD file?
second check: what do 'ipconfig /all' and 'route print' report after the client connects (assuming it's a Windows client).
second check: what do 'ipconfig /all' and 'route print' report after the client connects (assuming it's a Windows client).
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Unable to reach the server network with net30
rerun the server with the line
restored, reconnect the client with the CCD file renamed (so that the client receives 172.16.1.6), then try to ping the server again. If that works, post the output of 'ipconfig /all' and 'route print' again. If that also does not work (which I suspect) then check the firewalls on both ends to see which side is blocking (ICMP) traffic.
Code: Select all
server 172.16.1.0 255.255.255.0-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Unable to reach the server network with net30
remove these from your server config
ifconfig 172.16.1.1 172.16.1.2
route 172.16.0.0 255.255.0.0
push "route 172.16.1.1"
push "route 172.16.0.0 255.255.0.0"
mode server
topology net30
change your ccd file to:
ifconfig-push 172.16.0.10 172.16.0.9
reconnect and try to ping 172.16.0.1 from your client
ifconfig 172.16.1.1 172.16.1.2
route 172.16.0.0 255.255.0.0
push "route 172.16.1.1"
push "route 172.16.0.0 255.255.0.0"
mode server
topology net30
change your ccd file to:
ifconfig-push 172.16.0.10 172.16.0.9
reconnect and try to ping 172.16.0.1 from your client
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Unable to reach the server network with net30
for clarity can you repost your server config?
also please post output of netstat -nr on your client.
Michael.
also please post output of netstat -nr on your client.
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Unable to reach the server network with net30
your server config has
server 172.16.1.0 255.255.255.0
change your ccd file to:
ifconfig-push 172.16.1.10 172.16.1.9
reconnect your client
Michael.
server 172.16.1.0 255.255.255.0
change your ccd file to:
ifconfig-push 172.16.1.10 172.16.1.9
reconnect your client
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"