OpenVPN Support Forum

i have server and client on TAP
client config:
# cat /tmp/openvpn/openvpn.conf | grep -vE '^#|^;|^$'
management localhost 5001
verb 0
up-delay
persist-tun
persist-key
cipher BF-CBC
client
dev tap0
proto tcp
remote hotspot-srv.mobilochka.ua 1258
comp-lzo
nobind
keepalive 5 15
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
#
root@testhotspoh:~# ifconfig tap0
tap0 Link encap:Ethernet HWaddr 00:FF:42:EC:E8:10
inet addr:172.30.64.2 Bcast:172.30.64.255 Mask:255.255.255.0


server

config:
dev ovpns65
dev-type tap
dev-node /dev/tap65
writepid /var/run/openvpn_server65.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 89.184.67.20
tls-server
server 172.30.64.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
lport 1258
management /var/etc/openvpn/server65.sock unix
ca /var/etc/openvpn/server65.ca
cert /var/etc/openvpn/server65.cert
key /var/etc/openvpn/server65.key
dh /etc/dh-parameters.1024
comp-lzo
ifconfig 172.30.64.1 255.255.255.0


[root@srv]/root(24): ifconfig ovpns65
ovpns65: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:3c:13:00:41
inet6 fe80::2bd:3cff:fe13:41%ovpns65 prefixlen 64 scopeid 0x86
inet 172.30.64.1 netmask 0xffffff00 broadcast 172.30.64.255


but a don't ping server ip 172.30.64.1 from client and dont ping client ip 172.30.64.2 from server.

firewall is off

From server config remove:

ifconfig 172.30.64.1 255.255.255.0

and insteed of

lport 1258

use

done:

dev ovpns65
dev-type tap
dev-node /dev/tap65
writepid /var/run/openvpn_server65.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 89.184.67.20
tls-server
server 172.30.64.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
management /var/etc/openvpn/server65.sock unix
ca /var/etc/openvpn/server65.ca
cert /var/etc/openvpn/server65.cert
key /var/etc/openvpn/server65.key
dh /etc/dh-parameters.1024
comp-lzo
port 1258

and -no ping to 172.30.64.2 from 172.30.64.1

Show the log from server and config. Show the output of:
iptable -L -v
iptable -L -v -t nat

[root@srv]/root(11): iptables -L -v
iptables: Command not found.
[root@srv]/root(12): iptables -L -v
iptables: Command not found.
this is freebsd, with pf, pf on this interface:

[root@srv]/root(9): pfctl -s rules | grep ovpns65
scrub in on ovpns65 all fragment reassemble
block drop in on ! ovpns65 inet from 172.30.64.0/24 to any
block drop in on ovpns65 inet6 from fe80::2bd:3cff:fe13:41 to any
pass in on ovpns65 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in on ovpns65 inet proto udp from any port = bootpc to 172.30.64.1 port = bootps keep state label "allow access to DHCP server"
pass out on ovpns65 inet proto udp from 172.30.64.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass in quick on ovpns65 all flags S/SA keep state label "USER_RULE"
[root@srv]/root(10): pfctl -s rules | grep 172.30.64
block drop in on ! ovpns65 inet from 172.30.64.0/24 to any
block drop in inet from 172.30.64.1 to any
pass in on ovpns65 inet proto udp from any port = bootpc to 172.30.64.1 port = bootps keep state label "allow access to DHCP server"
pass out on ovpns65 inet proto udp from 172.30.64.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
[root@srv]/root(11):


rules pass in quick on ovpns65 all flags S/SA keep state label "USER_RULE"
allow any to any

i'am disabled pf, but ping not working...

Use to disable PF and try again.

alexandrnew wrote:[root@srv]/root(11): iptables -L -v
i'am disabled pf, but ping not working...

pfctl -d -ping not working

your client should get 172.30.64.6 ip not 172.30.64.2

can you post the output of ifconfig on your server?

Michael.