OpenVPN Support Forum

I installed OpenVpn server in windows xp and client in windowsxp.
I need to ping both server and client side subnets.
I configured everything as in the document and able to ping server side private subnet.
But i am not able to ping client side subnet. CCD directory is not recogonized by the service. I created a file in client common name and placed it in c:\programfiles\openvpn\config\ccd. I tried a lot but no luck. Any help will be appreciated.
Thanks in advance.

D.Muruganandam

hi there,

please post server config...

also post name and contents of ccd file

cheers,

michael.

As maikcat pointed out: without the server config and the name of the CCD file (remember: it MAY NOT have an extension!) it is hard to tell.

To debug this, place the CCD file in a directory (NO spaces!) and run the openvpn server with The server log file will print out a message when it tries to pick up the CCD file, yet fails.

If this works then you know you've misplaced or misnamed the CCD file.

Hi,
Thanks for the response. Let me explain our case.

I installed open vpn server and client in two different xp machines.

server ip:
private:192.168.2.99 and 192.168.4.99
openvpn:10.8.0.1

client ip:
private:192.168.2.57 and 192.168.5.57
openvpn ip:10.8.0.X

My requirement:

1.I want to allocate a permanent ip to the client using CCD directory.
2.I need to ping 192.168.4.0 network from client machine.
3.I need to ping 192.168.5.0 network from server machine


Using my server config file i am able to ping server 192.168.4.0 from client machine after enabling packet (routing) forwarding in server machine.

Problem:
1.I am not able to ping to client other network 192.168.5.0. but i am able to ping 10.8.0.X from bothe the machines.
2. Client is not allocated a specific ip from the try1 file in the ccd directory.
I manually created a try1 file and made the ebtrries
iroute 192.168.5.0 255.255.255.0
ifconfig-push 10.8.0.15 10.8.0.16

I created try1 file which is the common name of the client. I created it using noytepad.

I have given server.ovpn, server log file and try1.txt which is in C:\\Program Files\\OpenVPN\\config\\ccd

I hope the try1.txt file is not recognized from ccd

SERVR.OVPN

local 192.168.2.99
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.4.0 255.255.255.0"
client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"
route 192.168.5.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3



Server log file:

Sat Feb 19 12:51:03 2011 try1/192.168.2.57:1168 MULTI: Learn: 10.8.0.6 -> try1/192.168.2.57:1168
Sat Feb 19 12:51:03 2011 try1/192.168.2.57:1168 MULTI: primary virtual IP for try1/192.168.2.57:1168: 10.8.0.6
Sat Feb 19 12:51:05 2011 try1/192.168.2.57:1168 PUSH: Received control message: 'PUSH_REQUEST'
Sat Feb 19 12:51:05 2011 try1/192.168.2.57:1168 SENT CONTROL [try1]: 'PUSH_REPLY,route 192.168.4.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 TLS: soft reset sec=0 bytes=37975/0 pkts=716/0
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 VERIFY OK: depth=1, /C=IN/ST=TN/L=TRI/O=openVPN/CN=ANNANAGAR/emailAddress=MURUGANANDAM.D@EMSPLUS.IN
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 VERIFY OK: depth=0, /C=IN/ST=TN/O=openVPN/CN=try1/emailAddress=MURUGANANDAM.D@EMSPLUS.IN
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 19 13:51:03 2011 try1/192.168.2.57:1168 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 TLS: soft reset sec=0 bytes=36803/0 pkts=701/0
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 VERIFY OK: depth=1, /C=IN/ST=TN/L=TRI/O=openVPN/CN=ANNANAGAR/emailAddress=MURUGANANDAM.D@EMSPLUS.IN
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 VERIFY OK: depth=0, /C=IN/ST=TN/O=openVPN/CN=try1/emailAddress=MURUGANANDAM.D@EMSPLUS.IN
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Feb 19 14:51:03 2011 try1/192.168.2.57:1168 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Feb 19 18:53:55 2011 try1/192.168.2.57:1168 [try1] Inactivity timeout (--ping-restart), restarting
Sat Feb 19 18:53:55 2011 try1/192.168.2.57:1168 SIGUSR1[soft,ping-restart] received, client-instance restarting


try1.txt file (common name of client file)
iroute 192.168.5.0 255.255.255.0
ifconfig-push 10.8.0.15 10.8.0.16




Thanks,
Muruganandam

Hi,

this is why I wrote 'NO EXTENSION' :
The name of the CCD file should be 'try1' , NOT 'try1.txt'
Rename the file and try again.

Hi janjust,

Yes. Its working now after changed the file to no extension.
Thanks for the help.

Muruganandam.D