Sorry If I give you too much information, but I don't want to miss something that may be key.
Two networks (full networks with multiple computers on both sides)
ClearOS/openVPN acting as server: 192.168.0.x
Tomato (Linux router distro) with openVPN acting as client 192.168.6.x
I have openVPN working great one way, on the Client side (.6.x) I can reach all network resources on the serer side. (Remote Desktop, Ping, Internal websites, file shares, clearos config panel, etc)
On the Server side (.0.x) I can't reach anything on the client side, can't ping anything, tracert anything, reach network resources, web config panels etc)
Code: Select all
port 1194
proto udp
dev tun
ca /etc/ssl/ca-cert.pem
cert /etc/ssl/sys-0-cert.pem
key /etc/ssl/private/sys-0-key.pem
dh /etc/ssl/dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt
status /var/lib/openvpn/openvpn-status.log
verb 3
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth-ldap
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option WINS 192.168.0.1"
push "dhcp-option DOMAIN broadway.duboisfw.com"
client-config-dir ccd
route 192.168.6.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
iroute 192.168.6.0. 255.255.255.0
On the client side I have
Code: Select all
comp-lzo
verb 3
proto udp
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
auth-user-pass /root/pass
push "route 192.168.6.0 255.255.255.0"
route 192.168.6.0 255.255.255.0
Here is the log output for the server side.
Code: Select all
Nov 19 17:28:08 broadway openvpn[12330]: ROUTING TABLE
Nov 19 17:28:08 broadway openvpn[12330]: Virtual Address,Common Name,Real Address,Last Ref
Nov 19 17:28:08 broadway openvpn[12330]: 10.8.0.6,store06,69.21.142.2:1027,Fri Nov 19 17:28:05 2010
Nov 19 17:28:08 broadway openvpn[12330]: 192.168.6.0/24,store06,69.21.142.2:1027,Fri Nov 19 16:57:05 2010
Code: Select all
Nov 19 16:57:05 broadway openvpn[12330]: MULTI: Learn: 10.8.0.6 -> store06/##.##.142.2:1027
Nov 19 16:57:05 broadway openvpn[12330]: MULTI: primary virtual IP for store06/##.##.142.2:1027: 10.8.0.6
Nov 19 16:57:05 broadway openvpn[12330]: MULTI: internal route 192.168.6.0/24 -> store06/##.##.142.2:1027
Nov 19 16:57:05 broadway openvpn[12330]: MULTI: Learn: 192.168.6.0/24 -> store06/##.##.142.2:1027
Nov 19 16:57:05 broadway openvpn[12330]: REMOVE PUSH ROUTE: 'route 192.168.6.0 255.255.255.0'
Nov 19 16:57:07 broadway openvpn[12330]: store06/##.##.142.2:1027 PUSH: Received control message: 'PUSH_REQUEST'
Nov 19 16:57:07 broadway openvpn[12330]: store06/69.21.142.2:1027 SENT CONTROL [store06]: 'PUSH_REPLY,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.1,dhcp-option DOMAIN broadway.duboisfw.com,route 192.168.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Nov
On the client side here are some routing details.
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun11
/Client's external IP h##-##-142-1.ap 255.255.255.255 UGH 0 0 0 vlan1
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun11
##.##.142.1 * 255.255.255.255 UH 0 0 0 vlan1
##.##.142.0 * 255.255.255.252 U 0 0 0 vlan1
192.168.6.0 * 255.255.255.0 U 0 0 0 br0
192.168.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun11
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.8.0.5 128.0.0.0 UG 0 0 0 tun11
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun11
default h##-##-142-1.ap 0.0.0.0 UG 0 0 0 vlan1
This looks great to me and makes a lot of sense.
On the ClearOS Server side I have this...
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
Clients ext gateway * 255.255.255.248 U 0 0 0 eth2
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
default hmyexternalip. 0.0.0.0 UG 0 0 0 eth2
Any ideas? I have been googling this problem for days now and I am stumped. I would love some help, It may be ClearOS's fault but nobody there is very helpful, I would greatly appreciate being pointed in the right direction, at this point I don't even know what is to blame, what I have to fix, or what keywords to google anymore.
(I will include the input and output of the clearos iptable chain as well just to be safe, if you need any more information for clarity please ask)
Code: Select all
Chain INPUT (policy DROP 28023 packets, 1352K bytes)
pkts bytes target prot opt in out source destination
5378 238K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
361 403K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- eth2 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth2 * 169.254.0.0/16 0.0.0.0/0
7764K 4907M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
2864 213K ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
3262K 326M ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 255.255.255.255 udp spt:68 dpt:67
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 255.255.255.255 tcp spt:68 dpt:67
0 0 ACCEPT udp -- eth0 * 192.168.2.0/24 192.168.2.1 udp dpt:53
0 0 ACCEPT tcp -- eth0 * 192.168.2.0/24 192.168.2.1 tcp dpt:53
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 11
8677 252K ACCEPT icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
26 8392 ACCEPT icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 3
107 5993 ACCEPT icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
56 4736 ACCEPT icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.1 udp dpt:1194
1314K 164M ACCEPT udp -- * * 0.0.0.0/0 Clientexternalip udp dpt:1194
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.1 tcp dpt:4241
1077 79304 ACCEPT tcp -- * * 0.0.0.0/0 Clientexternalip6 tcp dpt:4241
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.1 tcp dpt:1875
0 0 ACCEPT tcp -- * * 0.0.0.0/0 Clientexternalip tcp dpt:1875
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
388 31936 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
3337K 4228M ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
Code: Select all
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7765K 4907M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
2864 1174K ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
4110K 4282M ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
10053 366K ACCEPT icmp -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth2 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT udp -- * eth0 192.168.2.1 0.0.0.0/0 udp spt:1194
1073K 441M ACCEPT udp -- * eth2 Clientexternalip 0.0.0.0/0 udp spt:1194
0 0 ACCEPT tcp -- * eth0 192.168.2.1 0.0.0.0/0 tcp spt:4241
795 257K ACCEPT tcp -- * eth2 Clientexternalip 0.0.0.0/0 tcp spt:4241
0 0 ACCEPT tcp -- * eth0 192.168.2.1 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT tcp -- * eth2 Clientexternalip 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
2992K 360M ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:8080
Client to Server Tracert
Code: Select all
Tracing route to 192.168.0.11 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms unknown [192.168.6.1]
2 13 ms 12 ms 12 ms 10.8.0.1
3 13 ms 13 ms 13 ms 192.168.0.11
Trace complete.
Code: Select all
Tracing route to 192.168.6.118 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 1 ms <1 ms <1 ms My Client IP gateway.dedicated.static.tds.net [
My Client IP Gateway]
3 * * * Request timed out.
4 * *
Hopefully I'm stupid and forgot something obvious, I really hope thats the case. If you need any more information, log files after toggling a connection, anything like that, just ask. I know you aren't here to fix my problems directly, but I really need to be pointed in a direction as I don't know what else to read. I read the whole man file out of desperation This was very helpfull too http://www.secure-computing.net/wiki/in ... PN/Routing as I did miss that, but now it looks like I have that correctly according to it.