Just an update, when I do a tcpdump on the machine I am trying to connect to
it shows up as remote IP (not the 10.xxx)? But just with Netbios traffic! Do
I need to placve a route even though it is just a single machine? Or do I
need to check Netbios over tcp.ip on the ethernet interface (it is now
default settings)?

if there is anything else you need please let me know, thnaks!


---------- Forwarded Message ----------

Subject: [Openvpn-users] Autoconfiguration IP on TUN interface....
Date: Tuesday 11 May 2004 12:44 am
From: "Mir" <***@soartech.com>
To: openvpn-***@lists.sourceforge.net

Sorry I tried searching but couldn't find the answer to this one....I have
openvpn running on our gateway (freebsd) and I have connected another
freebsd gateway machine successfully to it (everything including WINs and
netbios machine browsing). The issue is I am now trying to connect a
windows client to the same internal network, here is the wierd thing....I
can ping, web surf, ssh, etc to all internal hosts, but when I try netbios,
it doesn't work....even if I use the IP address. After some investigation I
find that for some reason the tun interface has given itself a IP address of
167.245.35.67 (or whatever the auto configuration windows does) but only for
netbios traffic!!! So I tried disable auto-configuration and now this is
what happens, here is what my ipconfig/all looks like:

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter
Physical Address. . . . . . . . . : 00-FF-6E-33-3A-B8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : No
IP Address. . . . . . . . . . . . : 10.2.0.2 <---------IP
address I entered in openvpn
Subnet Mask . . . . . . . . . . . : 255.255.255.252
IP Address. . . . . . . . . . . . : 0.0.0.0 <----what is this?
(this is where that 167.x.x.x address was)
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255

Again with this configuration it only netbios doesn't work whats up doesn't
work.... Here is my conf file:

# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.

# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.
remote a.b.c.d (changed to protect the innocent)

# Uncomment this line to use a different
# port number than the default of 5000.
port 5001

# Choose one of three protocols supported by
# OpenVPN. If left commented out, defaults
# to udp.
; proto [tcp-server | tcp-client | udp]

# You must specify one of two possible network
# protocols, 'dev tap' or 'dev tun' to be used
# on both sides of the connection. 'tap' creates
# a VPN using the ethernet protocol while 'tun'
# uses the IP protocol. You must use 'tap'
# if you are ethernet bridging or want to route
# broadcasts. 'tun' is somewhat more efficient
# but requires configuration of client software
# to not depend on broadcasts. Some platforms
# such as Solaris, OpenBSD, and Mac OS X only
# support 'tun' interfaces, so if you are
# connecting to such a platform, you must also
# use a 'tun' interface on the Windows side.

# Enable 'dev tap' or 'dev tun' but not both!
dev tun

# This is a 'dev tap' ifconfig that creates
# a virtual ethernet subnet.
# 10.3.0.1 is the local VPN IP address
# and 255.255.255.0 is the VPN subnet.
# Only define this option for 'dev tap'.
#ifconfig 10.3.0.1 255.255.255.0

# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address.
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
tun-mtu 1500
ifconfig 10.2.0.2 10.2.0.1

# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.

#route to Soartech internal
route 192.168.0.0 255.255.255.0 10.2.0.1
;fragment 1300
;mssfix

# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
;dev-node my-tap

# You can generate a static OpenVPN key
# by selecting the Generate Key option
# in the start menu.
#
# You can also generate key.txt manually
# with the following command:
# openvpn --genkey --secret key.txt
#
# key must match on both ends of the connection,
# so you should generate it on one machine and
# copy it to the other over a secure medium.
# Place key.txt in the same directory as this
# config file.
secret mirhome.key

# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400

# keep-alive ping
ping 10

# enable LZO compression
;comp-lzo

# moderate verbosity
verb 4
mute 10

But like I said everything except windows shares works....


Thanks!

David Mir
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.681 / Virus Database: 443 - Release Date: 5/10/2004



-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver
higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Openvpn-users mailing list
Openvpn-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

-------------------------------------------------------

--
David Mir
Systems Administrator

On Tuesday 11 May 2004 12:44 am, Mir wrote:
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : TAP-Win32 Adapter
> Physical Address. . . . . . . . . : 00-FF-6E-33-3A-B8
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : No
> IP Address. . . . . . . . . . . . : 10.2.0.2 <---------IP
> address I entered in openvpn
> Subnet Mask . . . . . . . . . . . : 255.255.255.252
> IP Address. . . . . . . . . . . . : 0.0.0.0 <----what is
> this? (this is where that 167.x.x.x address was)
> Subnet Mask . . . . . . . . . . . : 0.0.0.0
> Default Gateway . . . . . . . . . :
> DHCP Server . . . . . . . . . . . : 255.255.255.255

Do you have your TAP adapter media status set to "always connected? If
so, change it back to "application controlled".

I was just debugging this same problem a couple of days ago.
You are right that the second IP address assigned to your TAP
adapter is a problem. I had the same issues where generally the
VPN tunnel worked fine, but windows shares were broken.

My fix was to add "ip-win32 manual" to my configuration file on
the windows side. Then, go into the Network Properties for the
Tap adapter, turn off DHCP, and manually configure the IP endpoint
for the adapter (10.2.0.2 in your case).

I don't think this is the best solution. Does anyone know what is?
The problem seems to go like this... Windows set the IP endpoint
correctly and then some seconds later these second IP addresses get set.
Mine was a default windows dhcp address of 169.x.x.x.

Maybe the dynamic option to ip-win32 works... haven't tried it yet.

Any further input on this issue is appreciated.

Thanks,

Jeremy


snip...

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter
Physical Address. . . . . . . . . : 00-FF-6E-33-3A-B8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : No
IP Address. . . . . . . . . . . . : 10.2.0.2 <---------IP
address I entered in openvpn
Subnet Mask . . . . . . . . . . . : 255.255.255.252
IP Address. . . . . . . . . . . . : 0.0.0.0 <----what is this?
(this is where that 167.x.x.x address was)
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255

***@ossnetworks.org said:

>
>
> I was just debugging this same problem a couple of days ago.
> You are right that the second IP address assigned to your TAP
> adapter is a problem. I had the same issues where generally the
> VPN tunnel worked fine, but windows shares were broken.
>
> My fix was to add "ip-win32 manual" to my configuration file on
> the windows side. Then, go into the Network Properties for the
> Tap adapter, turn off DHCP, and manually configure the IP endpoint
> for the adapter (10.2.0.2 in your case).
>
> I don't think this is the best solution. Does anyone know what is?
> The problem seems to go like this... Windows set the IP endpoint
> correctly and then some seconds later these second IP addresses get set.
> Mine was a default windows dhcp address of 169.x.x.x.
>
> Maybe the dynamic option to ip-win32 works... haven't tried it yet.

Yes, "ip-win32 dynamic" is the solution to this problem of dual addresses
being assigned to the TAP adapter.

James