connected to Tap server.. but can't ping or access anything

precioso77 · Post by **precioso77** » Sun Feb 06, 2011 6:30 pm

hello everyone.. im able to connect and get the client tap an ip address but can't ping or do anything..

my server conf is (server ip is 192.168.0.40)

Code: Select all

port 445
proto tcp
dev tap
ca /etc/openvpn/key_server/openvpn_tap/ca.crt
cert /etc/openvpn/key_server/openvpn_tap/server_openvpn_tap.crt
key /etc/openvpn/key_server/openvpn_tap/server_openvpn_tap.key  # This file should be kept secret
dh /etc/openvpn/key_server/openvpn_tap/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.0.40 255.255.255.0 192.168.0.128 192.168.0.254
push "route 192.0.0.0 255.0.0.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3

the client conf is

Code: Select all

client
dev tap
proto tcp
remote ********* 50006
resolv-retry infinite
nobind
ca    /etc/openvpn/keys_40_openvpn_tap/ca.crt
cert  /etc/openvpn/keys_40_openvpn_tap/client_40_openvpn_tap.crt
key   /etc/openvpn/keys_40_openvpn_tap/client_40_openvpn_tap.key
ns-cert-type server
comp-lzo
verb 3

server ifconfig, route table and connection log is

Code: Select all

# ifconfig
br0       Link encap:Ethernet  HWaddr 00:0b:db:ce:10:b1  
          inet addr:192.168.0.40  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20b:dbff:fece:10b1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:352369 errors:0 dropped:0 overruns:0 frame:0
          TX packets:233400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:196391243 (187.2 MiB)  TX bytes:358925498 (342.2 MiB)

eth0      Link encap:Ethernet  HWaddr 00:0b:db:ce:10:b1  
          inet6 addr: fe80::20b:dbff:fece:10b1/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:49205370 errors:0 dropped:15929 overruns:0 frame:0
          TX packets:49576824 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1120069684 (1.0 GiB)  TX bytes:715271909 (682.1 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3271613 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3271613 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1477224758 (1.3 GiB)  TX bytes:1477224758 (1.3 GiB)

tap0      Link encap:Ethernet  HWaddr 2a:c7:3a:d3:08:40  
          inet6 addr: fe80::28c7:3aff:fed3:840/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:15094 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 br0

and on the client after connecting is

Code: Select all

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:18:8b:68:f5:70  
          inet addr:192.168.35.10  Bcast:192.168.35.255  Mask:255.255.255.0
          inet6 addr: fe80::218:8bff:fe68:f570/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41871 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31774 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:46451656 (44.2 MiB)  TX bytes:5216966 (4.9 MiB)
          Interrupt:16 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:132 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:14221 (13.8 KiB)  TX bytes:14221 (13.8 KiB)

tap0      Link encap:Ethernet  HWaddr be:b2:9b:0a:b9:45  
          inet addr:192.168.0.129  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::bcb2:9bff:fe0a:b945/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:8005 (7.8 KiB)

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.35.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 tap0
192.0.0.0       192.168.0.40    255.0.0.0       UG    0      0        0 tap0
0.0.0.0         192.168.35.1    0.0.0.0         UG    0      0        0 eth0

no firewalls that i know of but the server and client are behind routers ofcourse..

any help is highly appreciated

Post by **gladiatr72** » Wed Feb 09, 2011 4:42 pm

push "route 192.0.0.0 255.0.0.0"

Don't do that. If you don't know why, take my word for it. Push your /24 routes with multiple statements. The above statement is just breaking your routing table.

-Stephen

precioso77 · Post by **precioso77** » Wed Mar 23, 2011 6:04 am

thx stephen... i removed that.. still can't ping..

am i missing anything in the routing or iptables ??

I dont think its a firewall issue b/c i dont have any firewall enabled on either side.. when i try the similar configuration for tunneling instead of bridging i am able to ping from server to client..
the only thing to mention is that i am behind dsl routers on both sides and port forwarding is enabled and working on the server side

Post by **janjust** » Wed Mar 23, 2011 7:35 am

Why are you using bridging on the server? DO NOT use bridging unless you have a very good reason to do so and you know what you are doing.

Also, what does 'cannot ping or access anything' mean? can you ping the remove VPN endpoint (192.168.0.40) ? can you ping other IPs on the server side LAN?

Is routing/ip forwarding enabled on the server ('cat /proc/sys/net/ipv4/ip_forward') ?

And again, please explain why you must use bridging or otherwise try it without bridging - it will make life far simpler.

precioso77 · Post by **precioso77** » Wed Mar 23, 2011 7:53 am

im using bridging b/c i read that it allows access to other computers in the server subnet by default and b/c it has better support for windows networking.. is that enough reason or is it easier to achieve through tunneling ??

ip forwarding is enabled
# cat /proc/sys/net/ipv4/ip_forward
1

cannot ping means that the client with the newly assigned ip of 192.168.0.151 cannot ping the server on 192.168.0.40 nor any other ip's on that subnet
nor is the server able to ping the new client

regds

Post by **gladiatr72** » Thu Mar 24, 2011 7:16 pm

What's the output of

# brctl show

OpenVPN Support Forum

connected to Tap server.. but can't ping or access anything

connected to Tap server.. but can't ping or access anything

Re: connected to Tap server.. but can't ping or access anyth

Re: connected to Tap server.. but can't ping or access anyth

Re: connected to Tap server.. but can't ping or access anyth

Re: connected to Tap server.. but can't ping or access anyth

Re: connected to Tap server.. but can't ping or access anyth