Sascha Lucas
2005-12-02 11:03:05 UTC
Hi List,
I have a server (tls-server) with dev tun and IP forwarding (without NAT).
The Servers IP is: 129.69.90.133/255.255.255.248
Every thing works fine if i push networks to clients that do not include
the servers IP. I.e. push "route 129.69.1.0 255.255.255.0" works. push
"redirect-gateway def1" wokrs also.
When ever I push a network route that includes the servers IP, the VPN
connection stops working. I.e. push "route 129.69.90.128 255.255.255.248".
On the client side it looks like this:
Fri Dec 2 14:43:10 2005 /sbin/ifconfig tun0 129.69.204.6 pointopoint
129.69.204.5 mtu 1500
Fri Dec 2 14:43:10 2005 /sbin/route add -net 129.69.204.1 netmask
255.255.255.255 gw 129.69.204.5
Fri Dec 2 14:43:10 2005 /sbin/route add -net 129.69.90.128 netmask
255.255.255.248 gw 129.69.204.5
Fri Dec 2 14:43:11 2005 Initialization Sequence Completed
pinging the server (ping 129.69.90.133) and tcpdumping tun0 shows:
# tcpdump -ni tun0
14:48:46.649102 IP 129.69.204.6 > 129.69.90.133: ICMP echo request, id
47385, seq 1, length 64
but on eth0 nothing happend. With netstat I can see that the Send Queue
grows:
# netstat -an --inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 65932 0.0.0.0:32773 0.0.0.0:*
It looks like the ping leaves tun0 but is not routed through openvpn via
eth0. Can some help me?
here are my relevant config parts:
####### server config ###############################
port 1194
proto udp
dev tun0
server 129.69.205.0 255.255.255.0
keepalive 10 120
comp-lzo
cipher AES-128-CBC
user nobody
group nobody
persist-key
persist-tun
push "route 129.69.0.0 255.255.0.0"
####### server config ###############################
and from the client:
####### client config ###############################
dev tun
remote 129.69.90.133 1194
client
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
cipher AES-128-CBC
####### client config ###############################
Sascha.
I have a server (tls-server) with dev tun and IP forwarding (without NAT).
The Servers IP is: 129.69.90.133/255.255.255.248
Every thing works fine if i push networks to clients that do not include
the servers IP. I.e. push "route 129.69.1.0 255.255.255.0" works. push
"redirect-gateway def1" wokrs also.
When ever I push a network route that includes the servers IP, the VPN
connection stops working. I.e. push "route 129.69.90.128 255.255.255.248".
On the client side it looks like this:
Fri Dec 2 14:43:10 2005 /sbin/ifconfig tun0 129.69.204.6 pointopoint
129.69.204.5 mtu 1500
Fri Dec 2 14:43:10 2005 /sbin/route add -net 129.69.204.1 netmask
255.255.255.255 gw 129.69.204.5
Fri Dec 2 14:43:10 2005 /sbin/route add -net 129.69.90.128 netmask
255.255.255.248 gw 129.69.204.5
Fri Dec 2 14:43:11 2005 Initialization Sequence Completed
pinging the server (ping 129.69.90.133) and tcpdumping tun0 shows:
# tcpdump -ni tun0
14:48:46.649102 IP 129.69.204.6 > 129.69.90.133: ICMP echo request, id
47385, seq 1, length 64
but on eth0 nothing happend. With netstat I can see that the Send Queue
grows:
# netstat -an --inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 65932 0.0.0.0:32773 0.0.0.0:*
It looks like the ping leaves tun0 but is not routed through openvpn via
eth0. Can some help me?
here are my relevant config parts:
####### server config ###############################
port 1194
proto udp
dev tun0
server 129.69.205.0 255.255.255.0
keepalive 10 120
comp-lzo
cipher AES-128-CBC
user nobody
group nobody
persist-key
persist-tun
push "route 129.69.0.0 255.255.0.0"
####### server config ###############################
and from the client:
####### client config ###############################
dev tun
remote 129.69.90.133 1194
client
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
cipher AES-128-CBC
####### client config ###############################
Sascha.