[n00b] No traffic on tun0 over LAN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
RogerPrice
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 27, 2010 10:55 pm

[n00b] No traffic on tun0 over LAN

Post by RogerPrice » Wed Dec 29, 2010 9:44 pm

Hi, As a first n00b exercise in openVPN, I'm trying to set up a
10.8.0/24 routing tunnel over an existing 10.0.0/24 LAN connection.
The server is an openSUSE 11.2 box, and the client is a Windows XP PC.
After starting the server and then the client, on the client I can
ping 10.8.0.17 (self) but not 10.8.0.18 (the server). On the server
nmap -sP 10.8.0/24 can see only 10.8.0.1 (the server end of the tunnel),
and tcpdump -i tun0 sees no traffic on tun0.

On the server, although I can see tun0:

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255                   
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1                 
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0                         
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                       
          collisions:0 txqueuelen:100                                                
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
the command brctl show returns only

Code: Select all

bridge name   bridge id   STP enabled   interfaces
The server Kernel IP routing table is

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0 
78.243.124.0    *               255.255.255.0   U     0      0        0 eth0 
10.0.0.0        *               255.255.255.0   U     0      0        0 eth1 
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0 
link-local      *               255.255.0.0     U     0      0        0 eth0 
loopback        *               255.0.0.0       U     0      0        0 lo   
default         78.243.124.254  0.0.0.0         UG    0      0        0 eth0
On the client I have the Windows IP configuration:

Code: Select all

Carte Ethernet Connexion au reseau local: (Lan connection eth1)
        Suffixe DNS propre a la connexion : rogerprice.org
        Description . . . . . . . . . . . : SiS190 100/10 Ethernet Device
        Adresse physique . . . . . . . . .: 20-CF-30-10-26-CA            
        DHCP active . . . . . . . . . . . : Oui                          
        Configuration automatique activee : Oui                          
        Adresse IP. . . . . . . . . . . . : 10.0.0.9                     
        Masque de sous-reseau . . . . . . : 255.255.255.0                
        Passerelle par defaut . . . . . . : 10.0.0.7                     
        Serveur DHCP. . . . . . . . . . . : 10.0.0.7                     
        Serveurs DNS . . . . . . . . . .  : 212.27.40.241...
Carte Ethernet Connexion au reseau local 2: (tun0)
        Suffixe DNS propre a la connexion : 
        Description . . . . . . . . . . . : TAP-Win32 Adapter V9
        Adresse physique . . . . . . . . .: 00-FF-18-5C-57-D5   
        DHCP active . . . . . . . . . . . : Oui                 
        Configuration automatique activee : Oui                 
        Adresse IP. . . . . . . . . . . . : 10.8.0.17           
        Masque de sous-reseau . . . . . . : 255.255.255.252     
        Passerelle par defaut . . . . . . : 10.8.0.18           
        Serveur DHCP. . . . . . . . . . . : 10.8.0.18           
        Serveurs DNS . . . . . . . . . .  : 212.27.40.241 ...
The routing on the windows client is:

Code: Select all

Destination reseau    Masque reseau  Adr. passerelle   Adr. interface Metrique
          0.0.0.0          0.0.0.0         10.0.0.7        10.0.0.9       30  
          0.0.0.0        128.0.0.0        10.8.0.18       10.8.0.17       1   
         10.0.0.0    255.255.255.0         10.0.0.9        10.0.0.9       30  
         10.0.0.0    255.255.255.0        10.8.0.18       10.8.0.17       1   
         10.0.0.9  255.255.255.255        127.0.0.1       127.0.0.1       30  
         10.8.0.1  255.255.255.255        10.8.0.18       10.8.0.17       1   
        10.8.0.16  255.255.255.252        10.8.0.17       10.8.0.17       30  
        10.8.0.17  255.255.255.255        127.0.0.1       127.0.0.1       30  
   10.255.255.255  255.255.255.255         10.0.0.9        10.0.0.9       30  
   10.255.255.255  255.255.255.255        10.8.0.17       10.8.0.17       30  
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1   
        128.0.0.0        128.0.0.0        10.8.0.18       10.8.0.17       1   
        224.0.0.0        240.0.0.0         10.0.0.9        10.0.0.9       30  
        224.0.0.0        240.0.0.0        10.8.0.17       10.8.0.17       30  
  255.255.255.255  255.255.255.255         10.0.0.9        10.0.0.9       1   
  255.255.255.255  255.255.255.255        10.8.0.17               4       1   
  255.255.255.255  255.255.255.255        10.8.0.17       10.8.0.17       1   
Passerelle par defaut :         10.8.0.18    (default gateway)
I tried stopping the server firewall, and renaming the server /etc/hosts.allow
but to no effect. Note: the openSUSE firewall administration tool
YaST does not see tun0 so I manually entered the commands

Code: Select all

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
Stopping the PC firewall has no effect.

Any hint as to what might be blocking the traffic would be very welcome.
Roger

Here are the configuration files:

Code: Select all

          /etc/openvpn/server.conf
port 1194
dev tun
proto udp
ca   /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key  /etc/openvpn/easy-rsa/keys/server.key
dh   /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.0"
client-config-dir ccd
push "redirect-gateway def1"
push "dhcp-option DNS 212.27.40.241"
push "dhcp-option DNS 212.27.40.240"
keepalive 10 120
cipher BF-CBC        # Blowfish (default)
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status  /var/log/openvpn-status
log        /var/log/openvpn
verb 6

          /etc/openvpn/ccd/EeePC-Roger
ifconfig-push 10.8.0.17 10.8.0.18

          /cygdrive/c/Program\ Files/OpenVPN/config/client.ovpn
client
dev tun
proto udp
<connection>
remote 10.0.0.7 1194
float
</connection>
resolv-retry infinite
nobind
persist-key
persist-tun
ca   "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\EeePC-Roger.crt"
key  "C:\\Program Files\\OpenVPN\\config\\EeePC-Roger.key"
cipher BF-CBC
comp-lzo
verb 3
Top
User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: [n00b] No traffic on tun0 over LAN

Post by krzee » Sat Jan 08, 2011 7:44 am

if you do not give a static ip, does the client work?
Top
RogerPrice
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 27, 2010 10:55 pm

Re: [n00b] No traffic on tun0 over LAN

Post by RogerPrice » Fri Jan 14, 2011 1:21 pm

krzee wrote:if you do not give a static ip, does the client work?
Thanks for the suggestion. I removed the lines

Code: Select all

ifconfig-pool-persist ipp.txt
client-config-dir ccd
from server.conf but still no traffic on tun0.

I will try to set up a Linux client in place of the Windows client to see if the
problem is with the client or the server. I'm also reading the Feilner-Graf book.

Roger
Top
RogerPrice
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 27, 2010 10:55 pm

Re: [n00b solves problem] No traffic on tun0 over LAN

Post by RogerPrice » Fri Jan 14, 2011 4:38 pm

I also tried removing the server.conf line

Code: Select all

push "route 10.0.0.0 255.255.255.0"
This fixes my problem - both Linux and Windows clients now work.

Roger
Top
Post Reply

Return to “Server Administration”