Network is unreachable (code=101)

[rpettefar]

Hi guys
Just been experimenting with OpenVPN for a small company network. I have been trying to establish a bridge connection so that users outside of the network can connect to machines in the network.

The OpenVPN server is a Linux machine with one NIC and my test client is a Windows 7 machine. I have been able to successfully establish a single connection directly to the server.

I have been following this http://openvpn.net/index.php/open-sourc ... dging.html tutorial to create a bridge so I can connect to other machines on the network.

The IP of the server on the local network is 192.168.2.252, the networks DHCP server and internet gateway is 192.168.2.254.

When I try to connect the the OpenVPN server I eventually get this message repeatedly:
Tue Sep 13 16:40:37 2011 us=216236 212.183.128.38:6711 write UDPv4 []: Network is unreachable (code=101)

These are further details:

Code: Select all

Server Config
#########
port 1194

proto udp

ca   /home/rpettefar/openvpn-2.2.1/easy-rsa/2.0/keys/ca.crt
cert /home/rpettefar/openvpn-2.2.1/easy-rsa/2.0/keys/server.crt
key  /home/rpettefar/openvpn-2.2.1/easy-rsa/2.0/keys/server.key  # This file should be kept secret

dh /home/rpettefar/openvpn-2.2.1/easy-rsa/2.0/keys/dh1024.pem

ifconfig-pool-persist ipp.txt

server-bridge 192.168.2.252 255.255.255.0 192.168.2.180 192.168.2.199

client-to-client

keepalive 10 120

comp-lzo

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

verb 3

Code: Select all

Client Config
########
client

dev tap0

proto udp

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert client1.crt
key client1.key

comp-lzo

verb 3

Code: Select all

Console Log
########
Tue Sep 13 17:00:51 2011 OpenVPN 2.2.1 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Sep 13 2011
Tue Sep 13 17:00:51 2011 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Sep 13 17:00:51 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Sep 13 17:00:51 2011 Diffie-Hellman initialized with 1024 bit key
Tue Sep 13 17:00:51 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Sep 13 17:00:51 2011 Socket Buffers: R=[122880->131072] S=[122880->131072]
Tue Sep 13 17:00:51 2011 TUN/TAP device tap0 opened
Tue Sep 13 17:00:51 2011 TUN/TAP TX queue length set to 100
Tue Sep 13 17:00:51 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Sep 13 17:00:51 2011 GID set to nobody
Tue Sep 13 17:00:51 2011 UID set to nobody
Tue Sep 13 17:00:51 2011 UDPv4 link local (bound): [undef]:1194
Tue Sep 13 17:00:51 2011 UDPv4 link remote: [undef]
Tue Sep 13 17:00:51 2011 MULTI: multi_init called, r=256 v=256
Tue Sep 13 17:00:51 2011 IFCONFIG POOL: base=192.168.2.180 size=20
Tue Sep 13 17:00:51 2011 IFCONFIG POOL LIST
Tue Sep 13 17:00:51 2011 Initialization Sequence Completed
Tue Sep 13 17:00:57 2011 MULTI: multi_create_instance called
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 Re-using SSL/TLS context
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 LZO compression initialized
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 Local Options hash (VER=V4): 'f7df56b8'
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 Expected Remote Options hash (VER=V4): 'd79ca330'
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 TLS: Initial packet from 212.183.128.38:31786, sid=4290dab5 ad0f1198
Tue Sep 13 17:00:57 2011 212.183.128.38:31786 write UDPv4 []: Network is unreachable (code=101)
Tue Sep 13 17:00:59 2011 212.183.128.38:31786 write UDPv4 []: Network is unreachable (code=101)
Tue Sep 13 17:00:59 2011 212.183.128.38:31786 write UDPv4 []: Network is unreachable (code=101)
Tue Sep 13 17:01:03 2011 212.183.128.38:31786 write UDPv4 []: Network is unreachable (code=101)
Tue Sep 13 17:01:03 2011 212.183.128.38:31786 write UDPv4 []: Network is unreachable (code=101)

I hope I have provided enough information.
Thanks for any help you can supply.

[janjust]

the server is not capable of sending traffic back to the client at 212.183.128.38 ; try switching to 'proto tcp' to see if that helps. it could also be a firewall or bad routing setup somewhere along the way.

[rpettefar]

That IP is the address of the external test machine trying to connect. I assume the machine has not been issued a VPN IP at this point.
I will try with TCP, but the firewall has been configured to allow UDP packets though on port 1194

[rpettefar]

Ok, I tried TCP and the client could not connect at all. I had made the same provisions for it on the firewall as I did with UDP.

I think it might be something wrong with my bridge. I tried using a previously functional config file that uses routing and I got the same effect.

[Mimiko]

Is the win 7 and linux on the same phisical line? Where is "remote" option from clients config file? Where does it point to?

[maikcat]

irrelevent,

dev tap0

is missing from server config...

Michael