Page 1 of 1
Host to network virtual interface problem.
Posted: Wed Oct 05, 2011 9:32 pm
by pinguim007
Hello,
I am having a big problem here, I can not ping the lan interface from server to client, only the virtual interface.
from client to server everything seems to be normal.
my configuration is:
server
port 5000
proto udp
dev tun
ca ca.crt
cert Server.crt
key Server.key
dh dh2048.pem
server 192.168.0.0 255.255.255.0
keepalive 10 120
push "route 192.168.200.0 255.255.255.0"
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 9
mute 20
client-to-client
client
client
dev tun
proto udp
port 5000
remote XXX.XXX.XXX.XXX
ifconfig 192.168.0.2 192.168.0.1
tls-client
nobind
cd /etc/openvpn
ca ca.crt
cert client.crt
key client.key
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 9
mute 20
push "route 192.168.2.0 255.255.255.0"
Re: Host to network virtual interface problem.
Posted: Wed Oct 05, 2011 9:56 pm
by janjust
comment out this line
ifconfig 192.168.0.2 192.168.0.1
in the client config and reconnect.
Re: Host to network virtual interface problem.
Posted: Thu Oct 06, 2011 1:28 am
by pinguim007
helo,
I have comment out the configuration and didn't work.
Do you have any more ideas?
I am still trying to ping with no response.
My vpn client is inside the gateway in case help on something.
thanks anyway.
Re: Host to network virtual interface problem.
Posted: Thu Oct 06, 2011 8:03 am
by maikcat
please post a simple diagram of your setup
Michael.
Re: Host to network virtual interface problem.
Posted: Thu Oct 06, 2011 11:29 am
by janjust
also, post the client log file when connecting, remove the line
push "route 192.168.2.0 255.255.255.0"
from the client side (it does not do anything) and make sure there is no firewall blocking access from the tun device:
Code: Select all
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
Re: Host to network virtual interface problem.
Posted: Thu Oct 06, 2011 6:42 pm
by pinguim007
client------------------------------router---------------- web------------------- server
[] ------------------------------------[]---------------------()---------------------------[]
Re: Host to network virtual interface problem.
Posted: Thu Oct 06, 2011 6:48 pm
by pinguim007
The tun is established, my logs do not point any errors.
I will check the router and I will post back in case I found something wrong.
Re: Host to network virtual interface problem.
Posted: Fri Oct 07, 2011 9:42 am
by maikcat
>I can not ping the lan interface from server to client
eeem you mean the clients lan ip?
can you please post details about your setup? (lan/vpn ips for BOTH server client)
and what connectivity you are trying to achieve.
Michael.
Re: Host to network virtual interface problem.
Posted: Fri Oct 07, 2011 8:05 pm
by pinguim007
In the client I can not ping the eth0 which is 192.168.2.3, I only can ping the virtual network 192.168.0.0.
my server network is 192.168.200.0 and my server ip is 192.168.200.3
I can ping the client on 192.168.0.0 but I can not ping my lan interface 192.168.2.3.
have you seen something like this?
Re: Host to network virtual interface problem.
Posted: Mon Oct 10, 2011 8:53 am
by maikcat
if you issue netstat -nr on your client,do you see the static route
for 192.168.200 network?
did you enabled ip forwarding on server?
also for testing disable iptables on server,
what os is your client and which version of openvpn did you used?
Michael.
Re: Host to network virtual interface problem.
Posted: Fri Oct 21, 2011 5:34 pm
by pinguim007
I didnt enabled ipforward on my sysctl sorry, silly stuff.
Thank you for your pancience.
Re: Host to network virtual interface problem.
Posted: Mon Oct 24, 2011 7:04 am
by maikcat
ok closing topic.
Michael.