Suddenly OpenVPN clients cannot see network

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
rentageek
OpenVpn Newbie
Posts: 1
Joined: Sat Nov 27, 2010 9:01 pm

Suddenly OpenVPN clients cannot see network

Post by rentageek » Sat Nov 27, 2010 9:04 pm

VPN was working fine for over a year...

I did an apt-get upgrade on the server and setup proftpd, and suddenly, it's not working. I'm not sure at what point it stopped... But now, I'm a bit confused as to where to start to find out what is wrong...

Can someone please help me begin troubleshooting this?

By not working I mean, I can connect and the VPN Client TAP gets an IP and configuration but the VPN Server or VPN network computers cannot be pinged. I have tested this from WinXP OVPN Client and OS X Tunnelblick. Cannot ping vpn server.

We're running OpenVPN 2.1_rc19 x86_64-pc-linux-gnu

FROM VPN CLIENT:

ping -v 192.168.24.99
PING 192.168.24.99 (192.168.24.99): 56 data bytes
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: Host is down
Request timeout for icmp_seq 1
ping: sendto: Host is down
Request timeout for icmp_seq 2
ping: sendto: Host is down

VPN SERVER bridged device:

br0 Link encap:Ethernet HWaddr 00:1f:d0:80:e6:e3
inet addr:192.168.24.99 Bcast:192.168.24.255 Mask:255.255.255.0
inet6 addr: fe80::21f:d0ff:fe80:e6e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:57064 errors:0 dropped:0 overruns:0 frame:0
TX packets:41011 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39725776 (39.7 MB) TX bytes:5761806 (5.7 MB)

VPN SERVER - Output of netstat -lpn|grep 1194

udp 0 0 192.168.24.99:1194 0.0.0.0:* 18639/openvpn

VPN SERVER - nmap report from outside (port forward all good, obviously, since I can connect)

1194/udp open|filtered unknown

VPN SERVER - netstat -r

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.24.0 * 255.255.255.0 U 0 0 0 br0
link-local * 255.255.0.0 U 0 0 0 br0
default ######.local 0.0.0.0 UG 0 0 0 br0

VPN SERVER - server.conf - it has not been changed:

mode server
tls-server

local 192.168.24.99 ## ip/hostname of server
port 1194 ## default openvpn port
proto udp

#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
# up "/etc/openvpn/up.sh br0"
# down "/etc/openvpn/down.sh br0"

persist-key
persist-tun

#certificates and encryption
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret

cipher BF-CBC # Blowfish (default)
comp-lzo

#DHCP Information
ifconfig-pool-persist ipp.txt
server-bridge 192.168.24.99 255.255.255.0 192.168.24.51 192.168.24.60
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DOMAIN ###.lan"
max-clients 10 ## set this to the max number of clients that should be connected at a time

#log and security
user root
group users

# multihome
keepalive 10 120
status /var/log/openvpn-status.log
verb 5


VPN Client config file:

### Client configuration file for OpenVPN

# Specify that this is a client
client

# Bridge device setting
dev tap

# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote internal.###.com 1194

# Client does not need to bind to a specific local port
nobind


# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule.
##You may need to comment it out.
resolv-retry infinite

# Preserve state across restarts
persist-key
persist-tun

# SSL/TLS parameters - files created previously
ca /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/int/ca.crt
cert /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/int/ben.crt
key /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/nt/ben.key

# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/int/ta.key 1

# Specify same cipher as server
cipher BF-CBC

# Use compression
comp-lzo

# Log verbosity (to help if there are problems)
verb 3

User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Suddenly OpenVPN clients cannot see network

Post by gladiatr72 » Thu Dec 23, 2010 8:40 pm

Did you ever get this figured out?

-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole

Post Reply