LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   OpenVPN setup - can ping only one way across VPN tunnel (http://www.linuxquestions.org/questions/linux-networking-3/openvpn-setup-can-ping-only-one-way-across-vpn-tunnel-432783/)

rob_xx17 04-07-2006 04:28 PM

OpenVPN setup - can ping only one way across VPN tunnel
 
hey all;

I have an OpenVPN setup. It seems to be OK but I think I'm missing something. From the VPN client I can ping, across the tunnel, all the machines on the local side of VPN server. Also I can ftp and telnet to any machine on the local network.

I cannot, however, ping the VPN client from any of the machines on the local network. I'm not sure but I don't think that this how it's supposed to be. The only thing that comes to my mind that the routing on the server is not configured properly as I have all the machines on the local network configured to use the VPN server as the gateway. The OpenVPN server is configured to forward all the traffic:

/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/conf/all/ip_forward = 1

The OpenVPN server is version 2.0.6, I'm running in on SuSE 9.3. Below is my server and client configuration.

----------------------------------------
Server configuration file:
Code:

port 1194
 proto tcp
 dev tun
 ca /usr/local/openvpn/keys/ca.crt
 cert /usr/local/openvpn/keys/server.crt
 key /usr/local/openvpn/keys/server.key
 dh /usr/local/openvpn/keys/dh1024.pem
 server 10.11.38.0 255.255.255.0
 push "10.20.38.0 255.255.255.0"
 ifconfig-pool-persist /usr/local/openvpn/ipp.txt
 keepalive 10 120
 comp-lzo
 persist-key
 persist-tun
 status /usr/local/openvpn/openvpn-status.log
 verb 3

Client configuration file:
Code:

client
 dev tun
 proto tcp
 remote 10.1.1.25 1194
 resolv-retry infinite
 persist-key
 persist-tun
 ca "C:\\OpenVPN\\config\\ca.crt"
 cert "C:\\OpenVPN\\config\\client_john.crt"
 key "C:\\OpenVPN\\config\\client_john.key"
 comp-lzo
 verb 3

I will greatly appreciate any suggestions...

r.

depam 04-13-2006 02:09 PM

Client Lan users to communicate with OpenVPN remote clients?
 
Hi Rob! Looks like we have the same problem. Just want to ask if you were able to resolve this? I am using IPCop and downloaded OpenVPN add-on for this one. My client LAN's network is 192.168.0.0/24. As per the configuration, OpenVPN provides an IP range of 10.0.10.0/255.255.255.0 to remote VPN clients. I understand that this is needed to avoid conflicts on IPs. However, my goals are:

1.) For the client LAN to be able to communicate with remote VPN clients even on a different network using 10.0.10.0/255.255.255.0 subnet.

2.) For the remote VPN clients to communicate by themselves. For example, VPN clients A and B should be able to communicate as well as VPN client A to communicate with client lan A.

Hope you already solved yours so you can help me out. Thanks.

rob_xx17 04-13-2006 06:43 PM

Depam;

I solved my problem. In my case it was a firewall on VPN client.

As for your problems:

2. Make sure that in the server configuration file you have the line 'client-to-client' uncommented. That line permits VPN clients to see one another.

1. In the server configuration uncomment the line
Code:

push "route 10.11.0.0 255.255.0.0"
In this case the IP address that you're providing is the address of your LAN on the private side of the VPN server. This IP is supposed to be different from your VPN client address as well as the IP address that VPN is going to set up for the VPN tunnel. This is what I have:

10.11.0.0/16 - private side of VPN server
10.1.1.0/24 - regular IP addresses (VPN server - 10.1.1.25, VPN client 10.1.1.8)
10.0.8.0/24 - VPN tunnel addresses

Now, you must set the gateways. I set the default gateway on my VPN client to 10.1.1.25 (to be honest, it also worked when I didn't. But do it just to make sure. You can set it back afterwards when you make sure that it works). Also, set the default gateways on all the boxes on the private side of VPN server to VPN server's private side IP address. In my case it was 10.11.38.100. That should take care of the problem.

If this doesn't work you may want to consider setting up bridge tunnel. It's not as difficult as they say.

depam 04-14-2006 07:36 AM

Thanks man...It worked pretty well! If you're not that busy, can I ask you another question? Is it possible in OpenVPN to connect two branches with two different public network? To illustrate, we do have a 512 kbps connection on our office A. We also have another office B with the same connection speed but on a different provider. I want to link offices A and B. Is it possible to just establish a VPN connection on the B's server and route the private LAN so that the client LAN on office A can ping all client LAN on B's office?

Sorry if I am having hard time saying what I want to do. But I hope you get what I mean. The goal is instead of installing OpenVPN client to everyones machine on office A and B, I just need to establish the connection on the server and make every workstation communicate with each other. Its just like having a big network though the machines are not physically connected with each other. By using public connection, I want to link both of them. Hope you can help me out on this. Thanks again.


All times are GMT -5. The time now is 03:17 PM.