Route over lan not working right
Posted: Wed Aug 19, 2009 8:30 pm
Recently our openvpn server changed from being hosted on a Centos 5 box to a Solaris 10 u7 box. Since the change the vpn seemed to operate well. However now any attempt to ping a lan routed over to the vpn client falls dead. Also, attempts to ping from the lan to the openvpn server also fall dead.
What I have is SERVER at 10.20.0.1, CLIENT-1 at 10.20.0.158, and the network 172.23.34.0/24 on CLIENT-1's side. SERVER and CLIENT-1 can ping freely. But no communication occurs to/from SERVER and the 172.23.34 network. I can see openvpn correctly establishing the routing tables (a netstat -rn shows the establishing of a route to 172.23.34.0 via 10.0.0.2) Server has packet forwarding enabled as does client. Again, exact same config under Centos allowed us to ping through. I don't think this is a solaris issue but I am at a loss.
Is there something obvious I am missing?
Here is the server.conf
Here is the client.conf
Here is the line from the ccd file for CLIENT1
What I have is SERVER at 10.20.0.1, CLIENT-1 at 10.20.0.158, and the network 172.23.34.0/24 on CLIENT-1's side. SERVER and CLIENT-1 can ping freely. But no communication occurs to/from SERVER and the 172.23.34 network. I can see openvpn correctly establishing the routing tables (a netstat -rn shows the establishing of a route to 172.23.34.0 via 10.0.0.2) Server has packet forwarding enabled as does client. Again, exact same config under Centos allowed us to ping through. I don't think this is a solaris issue but I am at a loss.
Is there something obvious I am missing?
Here is the server.conf
Code: Select all
port 1194
proto udp
dev tun
ca /etc/csw/openvpn/keys/ca.crt
cert /etc/csw/openvpn/keys/SERVER.crt
key /etc/csw/openvpn/keys/SERVER.key
dh /etc/csw/openvpn/keys/dh1024.pem
server 10.20.0.0 255.255.224.0
ifconfig-pool-persist /etc/csw/openvpn/ipp.txt
client-config-dir ccd
route 172.23.34.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 5
Code: Select all
client
dev tun
proto udp
remote SERVER1 1194
remote SERVER2 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca /etc/openvpn/keygen/keys/ca.crt
cert /etc/openvpn/keygen/keys/CLIENT1.crt
key /etc/openvpn/keygen/keys/CLIENT1.key
comp-lzo
verb 3
Code: Select all
ifconfig-push 10.20.0.158 10.20.0.1
iroute 172.23.34.0 255.255.255.0