VPN was working fine for over a year...
I did an apt-get upgrade on the server and setup proftpd, and suddenly, it's not working. I'm not sure at what point it stopped... But now, I'm a bit confused as to where to start to find out what is wrong...
Can someone please help me begin troubleshooting this?
By not working I mean, I can connect and the VPN Client TAP gets an IP and configuration but the VPN Server or VPN network computers cannot be pinged. I have tested this from WinXP OVPN Client and OS X Tunnelblick. Cannot ping vpn server.
We're running OpenVPN 2.1_rc19 x86_64-pc-linux-gnu
FROM VPN CLIENT:
ping -v 192.168.24.99
PING 192.168.24.99 (192.168.24.99): 56 data bytes
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: Host is down
Request timeout for icmp_seq 1
ping: sendto: Host is down
Request timeout for icmp_seq 2
ping: sendto: Host is down
VPN SERVER bridged device:
br0 Link encap:Ethernet HWaddr 00:1f:d0:80:e6:e3
inet addr:192.168.24.99 Bcast:192.168.24.255 Mask:255.255.255.0
inet6 addr: fe80::21f:d0ff:fe80:e6e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:57064 errors:0 dropped:0 overruns:0 frame:0
TX packets:41011 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39725776 (39.7 MB) TX bytes:5761806 (5.7 MB)
VPN SERVER - Output of netstat -lpn|grep 1194
udp 0 0 192.168.24.99:1194 0.0.0.0:* 18639/openvpn
VPN SERVER - nmap report from outside (port forward all good, obviously, since I can connect)
1194/udp open|filtered unknown
VPN SERVER - netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.24.0 * 255.255.255.0 U 0 0 0 br0
link-local * 255.255.0.0 U 0 0 0 br0
default ######.local 0.0.0.0 UG 0 0 0 br0
VPN SERVER - server.conf - it has not been changed:
mode server
tls-server
local 192.168.24.99 ## ip/hostname of server
port 1194 ## default openvpn port
proto udp
#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
# up "/etc/openvpn/up.sh br0"
# down "/etc/openvpn/down.sh br0"
persist-key
persist-tun
#certificates and encryption
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
comp-lzo
#DHCP Information
ifconfig-pool-persist ipp.txt
server-bridge 192.168.24.99 255.255.255.0 192.168.24.51 192.168.24.60
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DOMAIN ###.lan"
max-clients 10 ## set this to the max number of clients that should be connected at a time
#log and security
user root
group users
# multihome
keepalive 10 120
status /var/log/openvpn-status.log
verb 5
VPN Client config file:
### Client configuration file for OpenVPN
# Specify that this is a client
client
# Bridge device setting
dev tap
# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote internal.###.com 1194
# Client does not need to bind to a specific local port
nobind
# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule.
##You may need to comment it out.
resolv-retry infinite
# Preserve state across restarts
persist-key
persist-tun
# SSL/TLS parameters - files created previously
ca /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/int/ca.crt
cert /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/int/ben.crt
key /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/nt/ben.key
# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth /Users/ben/Library/Application\ Support/Tunnelblick/Configurations/int/ta.key 1
# Specify same cipher as server
cipher BF-CBC
# Use compression
comp-lzo
# Log verbosity (to help if there are problems)
verb 3
Suddenly OpenVPN clients cannot see network
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Nov 27, 2010 9:01 pm
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Suddenly OpenVPN clients cannot see network
Did you ever get this figured out?
-Stephen
-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole