openVpN Linux (server) Window (client)
William Muriithi
william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Sep 25 03:21:18 UTC 2008
Hi James,
Thanks for finally getting back on this. I am wondering though, do you
use it between the two computers only or can you get to any computer
on the LAN the VPN server is sitting in? I have had a peer to peer
connection between the server and client for days now, but I can not
reach any other host on the server LAN. That is where I am stuck.
By the way, I am telling everybody here about your secret IPs and they
are thrilled. I guess you will have to change them now. :)
Regards,
William
2008/9/24 James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org>:
> William Muriithi wrote:
>>
>> Hi,
>>
>> Sorry, I think the email above had some error. Looking closely, it did
>> not also work on Linux client. Both Windows and Linux client are at
>> par as far as VPN is concerned.
>>
>> What is actually happening is I can reach the Virtual IP (10.80.80.1)
>> and physical IP (10.1.1.99) of the vpn server. I am however unable to
>> reach any other client in the LAN. That imply a routing problem. Below
>> is my server routes
>>
>> #/sbin/ip route
>> 10.80.80.2 dev tun0 proto kernel scope link src 10.80.80.1
>> 10.80.80.0/24 via 10.80.80.2 dev tun0
>> 10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.99
>> 169.254.0.0/16 dev eth0 scope link
>> default via 10.1.1.1 dev eth0
>>
>> The 10.80.80.xx network is what is issued to the VPN clients. The
>> 10.1.1.x network is what is used in the LAN. The VPN server is not in
>> line, that is the default gateway and VPN server are different. On the
>> default gateway (A window box), I applied this route.
>>
>> route ADD 10.80.80.0 MASK 255.255.255.0 10.1.1.99 -p
>>
>>> From this Window box, I can ping 10.80.80.1 and can not reach
>>
>> connected clients. What could I be missing here?
>
> You configure the route in the OpenVPN config file.
> Here's mine:
>
> # Edit this file, and save to a .ovpn extension
> # so that OpenVPN will activate it when run
> # as a service.
>
> # Change 'myremote' to be your remote host,
> # or comment out to enter a listening
> # server mode.
>
> remote my.network.net
>
> # Uncomment this line to use a different
> # port number than the default of 1194.
> ; port 1194
> port 1194
>
> # Choose one of three protocols supported by
> # OpenVPN. If left commented out, defaults
> # to udp.
> ; proto [tcp-server | tcp-client | udp]
> proto udp
>
> # You must specify one of two possible network
> # protocols, 'dev tap' or 'dev tun' to be used
> # on both sides of the connection. 'tap' creates
> # a VPN using the ethernet protocol while 'tun'
> # uses the IP protocol. You must use 'tap'
> # if you are ethernet bridging or want to route
> # broadcasts. 'tun' is somewhat more efficient
> # but requires configuration of client software
> # to not depend on broadcasts. Some platforms
> # such as Solaris, OpenBSD, and Mac OS X only
> # support 'tun' interfaces, so if you are
> # connecting to such a platform, you must also
> # use a 'tun' interface on the Windows side.
>
> # Enable 'dev tap' or 'dev tun' but not both!
> dev tun
>
> # This is a 'dev tap' ifconfig that creates
> # a virtual ethernet subnet.
> # 10.3.0.1 is the local VPN IP address
> # and 255.255.255.0 is the VPN subnet.
> # Only define this option for 'dev tap'.
> # ifconfig 10.3.0.1 255.255.255.0
>
> # This is a 'dev tun' ifconfig that creates
> # a point-to-point IP link.
> # 10.1.0.1 is the local VPN IP address and
> # 10.1.0.2 is the remote VPN IP address.
> # Only define this option for 'dev tun'.
> # Make sure to include the "tun-mtu" option
> # on the remote machine, but swap the order
> # of the ifconfig addresses.
> ;tun-mtu 1500
> ifconfig 10.1.0.2 10.1.0.1
>
> # If you have fragmentation issues or misconfigured
> # routers in the path which block Path MTU discovery,
> # lower the TCP MSS and internally fragment non-TCP
> # protocols.
> ;fragment 1300
> ;mssfix
>
> # If you have set up more than one TAP-Win32 adapter
> # on your system, you must refer to it by name.
> ;dev-node my-tap
>
> # You can generate a static OpenVPN key
> # by selecting the Generate Key option
> # in the start menu.
> #
> # You can also generate key.txt manually
> # with the following command:
> # openvpn --genkey --secret key.txt
> #
> # key must match on both ends of the connection,
> # so you should generate it on one machine and
> # copy it to the other over a secure medium.
> # Place key.txt in the same directory as this
> # config file.
> secret static.key
>
> # Uncomment this section for a more reliable
> # detection when a system loses its connection.
> # For example, dial-ups or laptops that travel
> # to other locations.
> #
> # If this section is enabled and "myremote"
> # above is a dynamic DNS name (i.e. dyndns.org),
> # OpenVPN will dynamically "follow" the IP
> # address of "myremote" if it changes.
> ; ping-restart 60
> ; ping-timer-rem
> ; persist-tun
> ; persist-key
> ; resolv-retry 86400
>
> # keep-alive ping
> ping 10
>
> # enable LZO compression
> #comp-lzo
>
> # moderate verbosity
> verb 4
> mute 10
>
> route 172.16.1.0 255.255.255.0 10.1.0.1
> #push "redirect-gateway"
>
> BTW, the IP addresses listed above are secret, so don't mention them to
> anyone. ;-)
>
> --
> Use OpenOffice.org <http://www.openoffice.org>
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list