Discussion:
[Openvpn-users] Routing issue
Sam Dunham
2004-12-01 13:17:02 UTC
Permalink
I've got OpenVPN 2 (latest beta) installed on a Fedora Core 3 box
(server) and a Windows XP box (client). Took me a while to get the SSL
stuff worked out, but I got it working. I can connect to the server and
ping the VPN address (10.8.0.1) and ftp to that address, etc... What I
can't do is ping the internal address of the server (192.168.0.2). Until
I can do that, I can't connect to Samba on the server. I've tried
manipulating the routes on the server and the client to no avail. Before
starting OpenVPN on the server, route returns no mention of the 10.8.0.0
subnet, which is correct. Upon starting OpenVPN, I get the following
relevent info returned from route:

Destination Gateway Genmask Flags Metric
Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0
0 tun0
10.8.0.0 pu.lic.ho.st 255.255.255.0 UG 0 0
0 eth0

Now, if I'm not crazy or a complete idiot, what I need is for 10.8.0.0
to be on tun0 and I don't need 10.8.0.2 to be routed at all on the
server side. At the very least, something ain't right. Assuming the
following, what route commands do I need to run on the server and client
sides?

Server internal network: 192.168.0.0
Server internal address: 192.168.0.2
Server external address: pub.lic.ho.st
Server VPN network: 10.8.0.0
Server VPN address: 10.8.0.1

Client VPN address: 10.8.0.2

Running routed, not bridged, btw.

Thanks in advance,
Sam
--
Sam Dunham
***@imap.cc
Jon Bendtsen
2004-12-01 16:40:06 UTC
Permalink
Post by Sam Dunham
I've got OpenVPN 2 (latest beta) installed on a Fedora Core 3 box
(server) and a Windows XP box (client). Took me a while to get the SSL
stuff worked out, but I got it working. I can connect to the server and
ping the VPN address (10.8.0.1) and ftp to that address, etc... What I
can't do is ping the internal address of the server (192.168.0.2). Until
I can do that, I can't connect to Samba on the server. I've tried
manipulating the routes on the server and the client to no avail. Before
starting OpenVPN on the server, route returns no mention of the 10.8.0.0
subnet, which is correct. Upon starting OpenVPN, I get the following
Destination Gateway Genmask Flags Metric
Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0
0 0 tun0
10.8.0.0 pu.lic.ho.st 255.255.255.0 UG 0 0
0 eth0
This seems wrong. Are you using bridging?
Post by Sam Dunham
Now, if I'm not crazy or a complete idiot, what I need is for 10.8.0.0
to be on tun0 and I don't need 10.8.0.2 to be routed at all on the
server side. At the very least, something ain't right. Assuming the
following, what route commands do I need to run on the server and client
sides?
Server internal network: 192.168.0.0
Server internal address: 192.168.0.2
Server external address: pub.lic.ho.st
Server VPN network: 10.8.0.0
Server VPN address: 10.8.0.1
Client VPN address: 10.8.0.2
Running routed, not bridged, btw.
Then your route tabled is fscked.
add a route to the 10.8.0.0 network through the tun device
add a route to 192.168.0.0 through eth0
and let /proc/sys/ipv4/ip_forward contain 1




JonB
Sam Dunham
2004-12-02 02:30:03 UTC
Permalink
Alrighty. I had a good look through the OpenVPN2.0 page on the web site
and foudn a couple of things that needed tweeking. Routing problem
resolved. I can ping the VPN interface, the internal interface, and any
ip of any machine on the internal subnet. w00t!

Now the bad news. I can't map samba shares. When I try a "net use q:
\\192.168.0.2\clients /user:username" I get the following error:

"System Error 64 has ocurred.

The specified network name is no longer available."

Is this going to be a WINS issue or a DNS issue or something completely
different?

Thanks,
Sam

On Wed, 1 Dec 2004 19:38:44 +0100, "Jon Bendtsen"
Post by Jon Bendtsen
Post by Sam Dunham
I've got OpenVPN 2 (latest beta) installed on a Fedora Core 3 box
(server) and a Windows XP box (client). Took me a while to get the SSL
stuff worked out, but I got it working. I can connect to the server and
ping the VPN address (10.8.0.1) and ftp to that address, etc... What I
can't do is ping the internal address of the server (192.168.0.2). Until
I can do that, I can't connect to Samba on the server. I've tried
manipulating the routes on the server and the client to no avail. Before
starting OpenVPN on the server, route returns no mention of the 10.8.0.0
subnet, which is correct. Upon starting OpenVPN, I get the following
Destination Gateway Genmask Flags Metric
Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0
0 0 tun0
10.8.0.0 pu.lic.ho.st 255.255.255.0 UG 0 0
0 eth0
This seems wrong. Are you using bridging?
Post by Sam Dunham
Now, if I'm not crazy or a complete idiot, what I need is for 10.8.0.0
to be on tun0 and I don't need 10.8.0.2 to be routed at all on the
server side. At the very least, something ain't right. Assuming the
following, what route commands do I need to run on the server and client
sides?
Server internal network: 192.168.0.0
Server internal address: 192.168.0.2
Server external address: pub.lic.ho.st
Server VPN network: 10.8.0.0
Server VPN address: 10.8.0.1
Client VPN address: 10.8.0.2
Running routed, not bridged, btw.
Then your route tabled is fscked.
add a route to the 10.8.0.0 network through the tun device
add a route to 192.168.0.0 through eth0
and let /proc/sys/ipv4/ip_forward contain 1
JonB
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Sam Dunham
***@imap.cc
Leonard Isham
2004-12-02 02:44:08 UTC
Permalink
Post by Sam Dunham
Alrighty. I had a good look through the OpenVPN2.0 page on the web site
and foudn a couple of things that needed tweeking. Routing problem
resolved. I can ping the VPN interface, the internal interface, and any
ip of any machine on the internal subnet. w00t!
"System Error 64 has ocurred.
The specified network name is no longer available."
Is this going to be a WINS issue or a DNS issue or something completely
different?
I don't know SAMBA, but I'd have to say WINS.
--
Leonard Isham, CISSP
Ostendo non ostento.
Dave Green
2004-12-02 18:57:00 UTC
Permalink
Post by Leonard Isham
Post by Sam Dunham
Alrighty. I had a good look through the OpenVPN2.0 page on the web site
and foudn a couple of things that needed tweeking. Routing problem
resolved. I can ping the VPN interface, the internal interface, and any
ip of any machine on the internal subnet. w00t!
"System Error 64 has ocurred.
The specified network name is no longer available."
Is this going to be a WINS issue or a DNS issue or something completely
different?
I don't know SAMBA, but I'd have to say WINS.
I don't think either of those, as WINS and DNS are just converting names
to ip addresses and he's using an ip address anyway so there's no WINS
or DNS involved.

Could be worth checking the samba config and the networks it is
configured to respond to.

Dave

--------
CAUTION:
This message and any attachments contain privileged and confidential
information. If you are not the intended recipient of this message, you
are hereby notified that any use, dissemination, distribution or
reproduction of this message is prohibited. If you have received this
message in error please notify the sender immediately via email and then
destroy this message and any attachments.

Any views expressed in this message are those of the individual sender
and may not necessarily reflect the views of Winstone Pulp International
Ltd.
Sam Dunham
2004-12-06 15:38:01 UTC
Permalink
Found the problem. I had to add the 10.8. subnet to the smb.conf config
file. Everything is working now. I can connect to the server and map
Samba shares. Very nice. :)
Post by Dave Green
Post by Leonard Isham
Post by Sam Dunham
Alrighty. I had a good look through the OpenVPN2.0 page on the web site
and foudn a couple of things that needed tweeking. Routing problem
resolved. I can ping the VPN interface, the internal interface, and any
ip of any machine on the internal subnet. w00t!
"System Error 64 has ocurred.
The specified network name is no longer available."
Is this going to be a WINS issue or a DNS issue or something completely
different?
I don't know SAMBA, but I'd have to say WINS.
I don't think either of those, as WINS and DNS are just converting names
to ip addresses and he's using an ip address anyway so there's no WINS
or DNS involved.
Could be worth checking the samba config and the networks it is
configured to respond to.
Dave
--------
This message and any attachments contain privileged and confidential
information. If you are not the intended recipient of this message, you
are hereby notified that any use, dissemination, distribution or
reproduction of this message is prohibited. If you have received this
message in error please notify the sender immediately via email and then
destroy this message and any attachments.
Any views expressed in this message are those of the individual sender
and may not necessarily reflect the views of Winstone Pulp International
Ltd.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Sam Dunham
***@imap.cc
Sam Dunham
2004-12-07 16:57:06 UTC
Permalink
Just a clarification on this. I added "10.8." to the "Hosts Allow" field
in smb.conf. That took care of it. Figured I'd put this up in case
anyone had a problem in the future with the same issue.
Post by Sam Dunham
Found the problem. I had to add the 10.8. subnet to the smb.conf config
file. Everything is working now. I can connect to the server and map
Samba shares. Very nice. :)
Post by Dave Green
Post by Leonard Isham
Post by Sam Dunham
Alrighty. I had a good look through the OpenVPN2.0 page on the web site
and foudn a couple of things that needed tweeking. Routing problem
resolved. I can ping the VPN interface, the internal interface, and any
ip of any machine on the internal subnet. w00t!
"System Error 64 has ocurred.
The specified network name is no longer available."
Is this going to be a WINS issue or a DNS issue or something completely
different?
I don't know SAMBA, but I'd have to say WINS.
I don't think either of those, as WINS and DNS are just converting names
to ip addresses and he's using an ip address anyway so there's no WINS
or DNS involved.
Could be worth checking the samba config and the networks it is
configured to respond to.
Dave
--------
This message and any attachments contain privileged and confidential
information. If you are not the intended recipient of this message, you
are hereby notified that any use, dissemination, distribution or
reproduction of this message is prohibited. If you have received this
message in error please notify the sender immediately via email and then
destroy this message and any attachments.
Any views expressed in this message are those of the individual sender
and may not necessarily reflect the views of Winstone Pulp International
Ltd.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Continue reading on narkive:
Loading...