Topology Subnet resulting in TEST ROUTES 0/0 succeeded
Posted: Tue Jun 21, 2011 2:36 pm
I'm trying to switch an otherwise working setup over to using "toplogy subnet" to conserve IPs. I'm giving my clients static IPs via ccd files. Without topology subnet, this was working fine on the client ccd:
With topology subnet on the server, I've changed the ccd to this but then the client cannot connect:
The client machine is Windows 7 32 bit. GUI run with admin privileges. Both server and client are on the same LAN (just testing). Client log (note TEST ROUTES 0/0 succeeded at bottom):
Server environment and configuration:
OpenVPN 2.1.3 on Ubuntu Server 11.04
Code: Select all
ifconfig-push 10.35.2.1 10.35.2.2Code: Select all
ifconfig-push 10.35.2.1 10.35.2.1Code: Select all
OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[8192->8192] S=[8192->8192]
Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): '3514370b'
Expected Remote Options hash (VER=V4): '239669a8'
UDPv4 link local: [undef]
UDPv4 link remote: 10.2.4.220:1194
TLS: Initial packet from 10.2.4.220:1194, sid=4af1d696 5b547174
VERIFY OK: depth=1, /C=US/ST=IL/L=Chicago/O=MergeHealthcare/CN=MergeHealthcare_CA/emailAddress=helpdesk@merge.com
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, /C=US/ST=IL/L=Chicago/O=MergeHealthcare/CN=server/emailAddress=helpdesk@merge.com
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[server] Peer Connection Initiated with 10.2.4.220:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.27.24.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.35.2.1 10.35.2.1'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route-related options modified
TAP-WIN32 device [VPN] opened: \\.\Global\{CC434829-3662-4020-9884-E0D5B51D36B6}.tap
TAP-Win32 Driver Version 9.8
TAP-Win32 MTU=1500
Set TAP-Win32 TUN subnet mode network/local/netmask = 10.35.2.1/10.35.2.1/10.35.2.1 [SUCCEEDED]
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.35.2.1/10.35.2.1 on interface {CC434829-3662-4020-9884-E0D5B51D36B6} [DHCP-serv: 255.255.255.254, lease-time: 31536000]
Successful ARP Flush on interface [16] {CC434829-3662-4020-9884-E0D5B51D36B6}
TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Route: Waiting for TUN/TAP interface to come up...
TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Route: Waiting for TUN/TAP interface to come up...
... repeatsOpenVPN 2.1.3 on Ubuntu Server 11.04
Code: Select all
port 1194
proto udp
dev tun
topology subnet
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.27.24.0 255.255.254.0
# Clients given IPs in this range
route 10.35.1.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
ccd-exclusive
client-to-client
persist-key
persist-tun
keepalive 10 120
user nobody
group nogroup
status openvpn-status.log
verb 3
