Folkert van Heusden
2010-04-01 16:29:07 UTC
Hi,
I'm trying to setup a vpn solution for my users. The users should get an
ip-address in the ip-range of the lan of the company.
External internet address: 1.2.3.4
lan: 192.168.0.0/24
ip adres of openvpn server in lan: 192.168.0.10
Now what happens: username authentication process success. It seems I
get a valid ip-address in the range given with the server-bridge line.
But if I try to ping from the client to a host in the lan (e.g.
192.168.0.36), nothing happens (no pings come through).
I'm not a windows expert but the routing seems a little odd:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.139.2 192.168.139.129 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.170 192.168.0.170 30
192.168.0.170 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.170 192.168.0.170 30
192.168.139.0 255.255.255.0 192.168.139.129 192.168.139.129 10
192.168.139.129 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.139.255 255.255.255.255 192.168.139.129 192.168.139.129 10
224.0.0.0 240.0.0.0 192.168.0.170 192.168.0.170 30
224.0.0.0 240.0.0.0 192.168.139.129 192.168.139.129 10
255.255.255.255 255.255.255.255 192.168.0.170 192.168.0.170 1
255.255.255.255 255.255.255.255 192.168.139.129 192.168.139.129 1
Default Gateway: 192.168.139.2
server config:
-------------
server-bridge 192.168.0.10 255.255.255.0 192.168.0.170 192.168.0.199
dev tap
proto udp
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
comp-lzo
user nobody
group nogroup
script-security 3
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "dhcp-option DNS 192.168.0.36"
push "route 192.168.0.1 255.255.255.0"
log-append /var/log/openvpn
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
management localhost 7505
client config:
-------------
client
dev tap
proto udp
remote 1.2.3.4 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
verb 3
comp-lzo
Can someone tell me what I'm doing wrong here?
Folkert van Heusden
I'm trying to setup a vpn solution for my users. The users should get an
ip-address in the ip-range of the lan of the company.
External internet address: 1.2.3.4
lan: 192.168.0.0/24
ip adres of openvpn server in lan: 192.168.0.10
Now what happens: username authentication process success. It seems I
get a valid ip-address in the range given with the server-bridge line.
But if I try to ping from the client to a host in the lan (e.g.
192.168.0.36), nothing happens (no pings come through).
I'm not a windows expert but the routing seems a little odd:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.139.2 192.168.139.129 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.170 192.168.0.170 30
192.168.0.170 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.170 192.168.0.170 30
192.168.139.0 255.255.255.0 192.168.139.129 192.168.139.129 10
192.168.139.129 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.139.255 255.255.255.255 192.168.139.129 192.168.139.129 10
224.0.0.0 240.0.0.0 192.168.0.170 192.168.0.170 30
224.0.0.0 240.0.0.0 192.168.139.129 192.168.139.129 10
255.255.255.255 255.255.255.255 192.168.0.170 192.168.0.170 1
255.255.255.255 255.255.255.255 192.168.139.129 192.168.139.129 1
Default Gateway: 192.168.139.2
server config:
-------------
server-bridge 192.168.0.10 255.255.255.0 192.168.0.170 192.168.0.199
dev tap
proto udp
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
comp-lzo
user nobody
group nogroup
script-security 3
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "dhcp-option DNS 192.168.0.36"
push "route 192.168.0.1 255.255.255.0"
log-append /var/log/openvpn
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
management localhost 7505
client config:
-------------
client
dev tap
proto udp
remote 1.2.3.4 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
verb 3
comp-lzo
Can someone tell me what I'm doing wrong here?
Folkert van Heusden
--
MultiTail cok yonlu kullanimli bir program, loglari okumak, verilen
kommandolari yerine getirebilen. Filter, renk verme, merge, 'diff-
view', vs. http://www.vanheusden.com/multitail/
----------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
MultiTail cok yonlu kullanimli bir program, loglari okumak, verilen
kommandolari yerine getirebilen. Filter, renk verme, merge, 'diff-
view', vs. http://www.vanheusden.com/multitail/
----------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com