LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-08-2006, 12:06 AM   #1
odie_chan
LQ Newbie
 
Registered: Jun 2006
Posts: 3

Rep: Reputation: 0
Unhappy openvpn server and client cannot ping both direction


Dear all professionl,

I am tryping to set up SSL-VPN openvpn between RH AS3 server and Window XP according to openvpn website

I successfully installed openvpn 2.0 at RH linux and Initialization Sequence Completed and connected by window XP client. Details message as below:


Sat Jul 8 12:48:07 2006 OpenVPN 2.0.7 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 8 2006
Sat Jul 8 12:48:07 2006 Diffie-Hellman initialized with 1024 bit key
Sat Jul 8 12:48:07 2006 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 8 12:48:07 2006 TUN/TAP device tun0 opened
Sat Jul 8 12:48:07 2006 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Jul 8 12:48:07 2006 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Jul 8 12:48:07 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 8 12:48:07 2006 UDPv4 link local (bound): [undef]:1194
Sat Jul 8 12:48:07 2006 UDPv4 link remote: [undef]
Sat Jul 8 12:48:07 2006 MULTI: multi_init called, r=256 v=256
Sat Jul 8 12:48:07 2006 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Jul 8 12:48:07 2006 IFCONFIG POOL LIST
Sat Jul 8 12:48:07 2006 terryoffice,10.8.0.4
Sat Jul 8 12:48:07 2006 Initialization Sequence Completed
Sat Jul 8 12:50:13 2006 MULTI: multi_create_instance called
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Re-using SSL/TLS context
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 LZO compression initialized
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Local Options hash (VER=V4): '530fdded'
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Expected Remote Options hash (VER=V4): '41690919'
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 TLS: Initial packet from ww.xx.yy.xx:28351, sid=f31d580f 6706904b
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 VERIFY OK: depth=1, xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 VERIFY OK: depth=0, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 8 12:50:15 2006 ww.xx.yy.xx:28351 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jul 8 12:50:15 2006 ww.xx.yy.xx:28351 [terryoffice] Peer Connection Initiated with ww.xx.yy.xx:28351
Sat Jul 8 12:50:15 2006 terryoffice/ww.xx.yy.xx:28351 MULTI: Learn: 10.8.0.6 -> terryoffice/ww.xx.yy.zz:28351
Sat Jul 8 12:50:15 2006 terryoffice/ww.xx.yy.xx:28351 MULTI: primary virtual IP for terryoffice/ww.xx.yy.xx:28351: 10.8.0.6
Sat Jul 8 12:50:16 2006 terryoffice/ww.xx.yy.xx:28351 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jul 8 12:50:16 2006 terryoffice/ww.xx.yy.xx:28351 SENT CONTROL [terryoffice]: 'PUSH_REPLY,redirect-gateway,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)


I successfully installed openvpn for window XP(no firewall) and connected to server wih Initalization Sequence Completed.

Detail IP Assignment (Most configure is set to default)
I understand the below at server
/sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
/sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2

Detail Configure file
Server
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


Client
client
dev tun
proto udp
remote XX.yy.zz.WW 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:\\terry\\ca.crt
cert C:\\terry\\terryoffice.crt
key C:\\terry\\terryoffice.key
comp-lzo
verb 3
mute 20

Iptables
/sbin/iptables -I INPUT -i tun0 -j ACCEPT
/sbin/iptables -I FORWARD -i tun0 -j ACCEPT
/sbin/iptables -I FORWARD -o tun0 -j ACCEPT
/sbin/iptables -I OUTPUT -o tun0 -j ACCEPT




Question

I am not understand XP client get the below IP and gateway
IP 10.8.0.5
Gateway 10.8.0.6

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-56-C6-F3-79
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 10.8.0.5
DHCP Server . . . . . . . . . . . : 10.8.0.5
Lease Obtained. . . . . . . . . . : Saturday, July 08, 2006 12:54:01
Lease Expires . . . . . . . . . . : Sunday, July 08, 2007 12:54:01 PM

Can anyone explain how the VPN server assign the IP and gateway to client and how the route setting at the client

Or how to let the server and client ping both direction

Thank you in advance.

Terry
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
openvpn client couldn't reach other servers behind vpn server jeffhan Linux - Networking 2 08-27-2006 11:20 PM
OpenVPN Client can't ping host by name mrpc_cambodia Linux - General 4 04-18-2006 09:30 PM
OpenVPN setup - can ping only one way across VPN tunnel rob_xx17 Linux - Networking 3 04-14-2006 06:36 AM
Openvpn client to client routing question soup Linux - Networking 0 02-16-2006 11:13 AM


All times are GMT -5. The time now is 12:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration