Hi All-

I need help. I can't even think of anything else to try. My network is barely functional.

I'm running 2 linux servers connected by openvpn (tun) through routers on both sides. There are Windows clients (98 and XP) on both subnets. One server (ls3) acting as PDC for the domain. The Windows clients use the respective linux boxes as gateways.

On the server side (ls3 which is both openvpn server and samba server), all the clients can read/write properly to shares on both sides.

The problems are all on the client side. Share connections to the server side disconnect after a few moments.

Browsing on the client side windows machines is fine. I can see shares on the server side. Some server side files open and are readable, writable, other server side files will not open. Some samba logon scripts on the server side can be opened from the client side. Others open after a long wait to a blank file!

Permissions on server side files are set to 777 for testing.

If a file won't open or reads "blank", that doesn't change no matter how many times you try. A non-readable/writable file overwritten by a readable/writable one can be read and written to!

I can ping successfully from any client on either side to any other client by either ip address or workstation name.

Firewalls on both side are set to forward tcp and udp traffic going to port 1194 to the respective gateway linux boxes.

Iptables on both linux gateways are down for testing.

I tried reversing the openvpn server/client roles with the same result; the same physical side of the network had the problem.

On one of the windows 98 clients, I wiped out the networking configuration completely and rebuilt it from scratch. Same result.

One one of the windows xp clients, I tried to rejoin the domain. It went through successfully but the result was the same as above.

The network was operating smoothly for several years until the client side dsl modem broke last week. It was replaced with a newer model and at the same time I migrated from a pptp connection to openvpn.

Please if you can't specifically tell me how to resolve this, point me in the right direction. Is this something to do with openvpn? Is this a network hardware problem? Am I missing something in the port forwarding on the routers?

My smb.conf files are ancient except I added interface tun0.

I have never seen 2 files sitting next to each other in the same directory where one opens and the other doesn't!

I'm running Mandrake 9.2 on the client side and Mandriva 2008 on the server side.

I have a Sonicwall firewall on the server side, a Westell 7500 on the
client side.

I note that during the modem install, the http port was opened to the linux box on the client side and the access log got huge over the weekend and I ran out of disk space until I closed it down and deleted the log.

I'll post anything that you need to help analyze.

Claude


More:

I tried a simple test while viewing /var/log/daemons/errors on the client side. From a windows workstation in the client subnet, I opened a dos window and tried to print a file located on the samba server on the openvpn server machine which I knew NOT to be problematic. THe file printed and there were no errors reported in the log. I repeated the test with a known problematic file. The file would not print. The errors log noted:

Authenticate/Decrypt packet error: packet HMAC authentication failed

I regenerated the static.key file on the server side and scp'd it to the client side and restarted both openvpn's. I checked for duplicate files named static.key on both sides.

Same error.

Attached Files

	tcpdumpnix.txt (15.1 KB, 11 views)
	tcpdumpdos.txt (15.6 KB, 11 views)

I found it in the openvpn docs. I was running 1.x on the client and 2.0 on the server. I added the lines to the client conf file as instructed in the docs. The port directive was already there. It wouldn't take the mmsfix and key-method directives but apparently the tun- directives did the trick. I couldn't believe my eyes when it worked!