LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-07-2006, 03:28 PM   #1
rob_xx17
Member
 
Registered: Jan 2004
Location: USA
Distribution: SuSE
Posts: 54

Rep: Reputation: 15
OpenVPN setup - can ping only one way across VPN tunnel


hey all;

I have an OpenVPN setup. It seems to be OK but I think I'm missing something. From the VPN client I can ping, across the tunnel, all the machines on the local side of VPN server. Also I can ftp and telnet to any machine on the local network.

I cannot, however, ping the VPN client from any of the machines on the local network. I'm not sure but I don't think that this how it's supposed to be. The only thing that comes to my mind that the routing on the server is not configured properly as I have all the machines on the local network configured to use the VPN server as the gateway. The OpenVPN server is configured to forward all the traffic:

/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/conf/all/ip_forward = 1

The OpenVPN server is version 2.0.6, I'm running in on SuSE 9.3. Below is my server and client configuration.

----------------------------------------
Server configuration file:
Code:
 port 1194
 proto tcp
 dev tun
 ca /usr/local/openvpn/keys/ca.crt
 cert /usr/local/openvpn/keys/server.crt
 key /usr/local/openvpn/keys/server.key 
 dh /usr/local/openvpn/keys/dh1024.pem
 server 10.11.38.0 255.255.255.0
 push "10.20.38.0 255.255.255.0"
 ifconfig-pool-persist /usr/local/openvpn/ipp.txt
 keepalive 10 120
 comp-lzo
 persist-key
 persist-tun
 status /usr/local/openvpn/openvpn-status.log
 verb 3
Client configuration file:
Code:
 client
 dev tun
 proto tcp
 remote 10.1.1.25 1194
 resolv-retry infinite
 persist-key
 persist-tun
 ca "C:\\OpenVPN\\config\\ca.crt"
 cert "C:\\OpenVPN\\config\\client_john.crt"
 key "C:\\OpenVPN\\config\\client_john.key"
 comp-lzo
 verb 3
I will greatly appreciate any suggestions...

r.
 
Old 04-13-2006, 01:09 PM   #2
depam
Member
 
Registered: Sep 2005
Posts: 861

Rep: Reputation: 30
Client Lan users to communicate with OpenVPN remote clients?

Hi Rob! Looks like we have the same problem. Just want to ask if you were able to resolve this? I am using IPCop and downloaded OpenVPN add-on for this one. My client LAN's network is 192.168.0.0/24. As per the configuration, OpenVPN provides an IP range of 10.0.10.0/255.255.255.0 to remote VPN clients. I understand that this is needed to avoid conflicts on IPs. However, my goals are:

1.) For the client LAN to be able to communicate with remote VPN clients even on a different network using 10.0.10.0/255.255.255.0 subnet.

2.) For the remote VPN clients to communicate by themselves. For example, VPN clients A and B should be able to communicate as well as VPN client A to communicate with client lan A.

Hope you already solved yours so you can help me out. Thanks.
 
Old 04-13-2006, 05:43 PM   #3
rob_xx17
Member
 
Registered: Jan 2004
Location: USA
Distribution: SuSE
Posts: 54

Original Poster
Rep: Reputation: 15
Depam;

I solved my problem. In my case it was a firewall on VPN client.

As for your problems:

2. Make sure that in the server configuration file you have the line 'client-to-client' uncommented. That line permits VPN clients to see one another.

1. In the server configuration uncomment the line
Code:
push "route 10.11.0.0 255.255.0.0"
In this case the IP address that you're providing is the address of your LAN on the private side of the VPN server. This IP is supposed to be different from your VPN client address as well as the IP address that VPN is going to set up for the VPN tunnel. This is what I have:

10.11.0.0/16 - private side of VPN server
10.1.1.0/24 - regular IP addresses (VPN server - 10.1.1.25, VPN client 10.1.1.8)
10.0.8.0/24 - VPN tunnel addresses

Now, you must set the gateways. I set the default gateway on my VPN client to 10.1.1.25 (to be honest, it also worked when I didn't. But do it just to make sure. You can set it back afterwards when you make sure that it works). Also, set the default gateways on all the boxes on the private side of VPN server to VPN server's private side IP address. In my case it was 10.11.38.100. That should take care of the problem.

If this doesn't work you may want to consider setting up bridge tunnel. It's not as difficult as they say.
 
Old 04-14-2006, 06:36 AM   #4
depam
Member
 
Registered: Sep 2005
Posts: 861

Rep: Reputation: 30
Thanks man...It worked pretty well! If you're not that busy, can I ask you another question? Is it possible in OpenVPN to connect two branches with two different public network? To illustrate, we do have a 512 kbps connection on our office A. We also have another office B with the same connection speed but on a different provider. I want to link offices A and B. Is it possible to just establish a VPN connection on the B's server and route the private LAN so that the client LAN on office A can ping all client LAN on B's office?

Sorry if I am having hard time saying what I want to do. But I hope you get what I mean. The goal is instead of installing OpenVPN client to everyones machine on office A and B, I just need to establish the connection on the server and make every workstation communicate with each other. Its just like having a big network though the machines are not physically connected with each other. By using public connection, I want to link both of them. Hope you can help me out on this. Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN tunnel problem skyfly Linux - Networking 1 04-11-2006 11:56 PM
OpenVPN and CISCO VPN smiley_lauf Linux - Software 1 02-23-2006 11:11 AM
2.6: ping on established(!) VPN tunnel doesn't! sundialsvcs Linux - Networking 1 12-09-2005 05:09 PM
How To guides to setup an SSH Tunnel and VPN, and Print Servers pfish Linux - Networking 1 10-29-2004 06:13 PM
openvpn connecting to a hradware vpn box antken Linux - Networking 0 07-31-2003 07:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration