Some clients work while others don't with the same conf

[spl]

I've set up the server using the tutorial and it works great. My mac client connects and everything works as it should. Conf files are 100% stock from the example except for adding the appropriate ips.

I have a solaris client on the same physical network as the working mac client, and I'm using the same config files and certificates(not at the same time) for testing. Openvpn 2.2.2 and the solaris tun/tap built without errors and it connects without issue. The log reports "Initialization Sequence Completed." The server logs and ipp.txt are populated correctly with the same information as when the mac client connects. With verbosity of 5 I see read and write requests being passed to the server, the tunnel itself is established properly and functioning but something wrong with the routing as nothing works.

Code: Select all

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              192.168.1.1        UG        3       1059 rge0      
10.8.0.1           10.8.0.5            UGH       1          0           
10.8.0.5           10.8.0.6            UH        2             0 tun0      
127.0.0.1            127.0.0.1            UH        2         72 lo0       
192.168.1.0          192.168.1.2        U         5      19563 rge0  

Code: Select all

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets
 1  * * *
 ...
30 * * *

Code: Select all

traceroute to 10.8.0.5 (10.8.0.5), 30 hops max, 40 byte packets
 1  10.8.0.1 (10.8.0.1)  50.988 ms  49.469 ms  47.797 ms
 2  * * *
...
30 * * *

Code: Select all

traceroute to 10.8.0.1 (10.8.0.1), 30 hops max, 40 byte packets
 1  * * *
 ...
30 * * *

I've turned off the firewall for testing as well. I think there's some kind of routing issue on the solaris client but I'm not sure what the problem is(of course it's non-vpn connectivity works fine.)

[Mimiko]

You have to check the solaris for rules that may block the responces.

[spl]

Thanks Mimiko, I'm wondering if you have any thoughts as to where to look? I've completely disabled the ipfilter firewall service in SMF manager and firewall manager is set to "don't enforce any policies" so I don't think there are any rules being applied to the connection.

[Mimiko]

From the routing table it seems that internet traffic is not redirected thru tunnel, so a traceroute to 8.8.8.8 must work thru solaris's ISP, which does not work. Isn't this strange? Unfortunally, I didn't ever used a solaris, so I don't have any ideas.

[spl]

Yep internet traffic isn't being routed over the tunnel. I've specified which interface to use in the traceroutes as if I don't specify the interface it goes out over the rge0 interface to my local gateway and out. If I try to send any traffic over the tun0 interface then you just see the above traceroutes. That's ok as in the end I don't want all traffic going over the tunnel only traffic I specify the rest I want to go over the local connection. But I haven't set any of that up yet and wont until I can get working vpn connection.

I did confirm all the firewalls are off and there's nothing else filtering traffic. The only thing I can think of is openvpn isn't setting up the routing properly (but I'm not sure what's wrong with it if anything) or there's some other bug I haven't seen.

[spl]

I figured it out:
When I manually add a default route for the tun0 adapter it works:

Code: Select all

net add default 10.8.0.5 -ifp tun0

I'm not really sure why openvpn isn't adding this route automatically but after adding it everything works fine.

On solaris without the default route it's looking for incoming packets on the rge0 interface instead of the tun0 interface. In my special case where I want to operate without that default route I'll need to use ipf to direct incoming packets back to the tun0 interface.

[Mimiko]

I'm not really sure why openvpn isn't adding this route automatically

You have to post OpenVPN's log at verb 4 to see what it is doing.

[mmiller]

I'm not really sure why openvpn isn't adding this route automatically but after adding it everything works fine.

This is accomplished by adding a --push "route .." directive in your OpenVPN server configuration file. If you post either verb 4 as Mimiko indicated or your configurations as per topic99.html - we can definitely help you get this happening automatically.