LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-21-2009, 12:07 PM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 620

Rep: Reputation: 33
OpenVPN : need help with understanding tun0 and P-t-P


On the OpenVPN-server :

Code:
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

On my Fedora 10 client :
Code:
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:1 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0
So my Fedora-client has obtained an IP-address from the OpenVPN-server, 10.8.0.6 if I'm not mistaken ?!

At what IP-address is my OpenVPN-server reachable ??

Normally the OpenVPN-server gives himself the IP 10.8.0.1, but :
Code:
[jonas@jonas ~]$ ping -c 4 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.

--- 10.8.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 13011ms
 
Old 08-23-2009, 07:48 PM   #2
mwkemo
Member
 
Registered: May 2009
Location: Croatia
Distribution: Debian
Posts: 31

Rep: Reputation: 16
After you connect to VPN server, you can check if you have route to 10.8.0.0 with "route" command and check if your firewall is not bloking IP address or Ports used by VPN on both machines. If client is connected to VPN server he should have contact with VPN server IP.

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

That's not OK. It should send or receive at least a few kilobytes. Firewall maybe???
 
Old 08-23-2009, 08:04 PM   #3
ShellPwn
LQ Newbie
 
Registered: Aug 2009
Posts: 12

Rep: Reputation: 0
It's probably your firewall, try using iptables -F
 
Old 08-24-2009, 01:27 AM   #4
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 620

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by ShellPwn View Post
It's probably your firewall, try using iptables -F
I have totally disabled the firewall (LFD/CSF).
Next I restart the OpenVPN-server.

Code:
bash-3.2# /sbin/service lfd stop
Stopping lfd:                                              [  OK  ]
Code:
bash-3.2# /sbin/service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Code:
bash-3.2# /sbin/service openvpn restart
Shutting down openvpn:                                     [  OK  ]
Starting openvpn:                                          [  OK  ]
On my Fedora host, when VPN-connected, no firewall active, I am directly connected to the internet, no NAT :

on the VPN-server :
Code:
bash-3.2# /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
10.9.0.0        10.8.0.2        255.255.255.252 UG    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
X.31.X.0      *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         gw-vxx.xx-xx.ne 0.0.0.0         UG    0      0        0 eth0
X.31.X.0 = IP of OpenVPN-server

The only IP-address I can ping is 10.8.0.1, no other.

On my Fedora-client (IPtables disabled) :
Code:
[jonas@jonas ~]$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.5        *               255.255.255.255 UH    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
XX.31.XX.XX    78.XX.XX.1     255.255.255.255 UGH   0      0        0 eth0
78.XX.XX.0     *               255.255.240.0   U     1      0        0 eth0
default         10.8.0.5        0.0.0.0         UG    0      0        0 tun0
XX.31.XX.XX = IP of OpenVPN-server
78.XX.XX.1 = IP ISP-router
78.XX.XX.0 = ISP network

The only IP-address I can ping is 10.8.0.6, nothing else.

Last edited by jonaskellens; 08-24-2009 at 01:28 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
creating Iptables for tun0 device johnniealan Linux - Networking 2 05-24-2009 11:04 PM
Iptables/TC: how to make masqueraded traffic go through an openVPN tun0? theVOID Linux - Networking 3 04-25-2008 03:34 AM
difference between tun0 and tun1 birjodh Linux - Networking 5 06-22-2007 05:04 PM
Need tun0 for fedora5. Help!! allkit Linux - Networking 1 03-27-2007 04:14 PM


All times are GMT -5. The time now is 10:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration