openvpn connected to Tap server.. but can't ping or access anything
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
openvpn connected to Tap server.. but can't ping or access anything
hello everyone.. im able to connect and get the client tap an ip address but can't ping or do anything..
my server conf is (server ip is 192.168.0.40)
Code:
port 445
proto udp
dev tap
ca /etc/openvpn/key_server/openvpn_tap/ca.crt
cert /etc/openvpn/key_server/openvpn_tap/server_openvpn_tap.crt
key /etc/openvpn/key_server/openvpn_tap/server_openvpn_tap.key # This file should be kept secret
dh /etc/openvpn/key_server/openvpn_tap/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.0.40 255.255.255.0 192.168.0.128 192.168.0.254
push "route 192.0.0.0 255.0.0.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
the client conf is
Code:
client
dev tap
proto udp
remote ****** 50006 #port forwarding is set on the server router
resolv-retry infinite
nobind
script-security 2
ca /etc/openvpn/keys_40_openvpn_tap/ca.crt
cert /etc/openvpn/keys_40_openvpn_tap/client_40_openvpn_tap.crt
key /etc/openvpn/keys_40_openvpn_tap/client_40_openvpn_tap.key
tls-client
comp-lzo
verb 6
after connection the client gets the correct ip but cant ping
am i missing anything in the routing or iptables ??
I dont think its a firewall issue b/c i dont have any firewall enabled on either side.. when i try the similar configuration for tunneling instead of bridging i am able to ping from server to client..
the only thing to mention is that i am behind dsl routers on both sides and port forwarding is enabled and working on the server side
many thanks
Last edited by precioso777; 03-24-2011 at 03:07 AM.
You have the server using TCP and the client using UDP, they will never connect like that. Did you post the wrong config files?
Code:
push "route 192.0.0.0 255.0.0.0"
That's probably wrong, do you really want to route traffic for part of Latin America over the VPN? If the public IP address of the server is in that range, that statement will result in a tunnel loop.
The default permit everything iptables policy is OK, but some distributions change that.
Try using tcpdump or Wireshark to see where the packets disappear.
Please provide the output of iptables-save, ifconfig, and route on both the client and server.
Get rid of that, it's at best redundant to route to a directly connected subnet.
removed already.. my routing table (as you mentioned only one entry now for tap0) now looks like this
Code:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.35.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
0.0.0.0 192.168.35.1 0.0.0.0 UG 0 0 0 eth0
and "brctl show" outputs the following:
Code:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000bdbce10b1 no eth0
tap0
pan0 8000.000000000000 no
i tried running some tcpdump commands on eth0, br0 and tap0 but im not sure i know what im looking for anyways.. here they are.. while pinging from the client
Code:
# tcpdump -n -i br0 host 208.109.104.205
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:06:01.773454 IP 208.109.104.205.54803 > 192.168.0.40.1194: UDP, length 77
15:06:02.772374 IP 208.109.104.205.54803 > 192.168.0.40.1194: UDP, length 77
15:06:03.769947 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 2541636656:2541636816, ack 4121844117, win 112, options [nop,nop,TS val 111101744 ecr 2780336], length 160
15:06:03.769971 IP 192.168.0.40.42724 > 208.109.104.205.22: Flags [.], ack 160, win 1002, options [nop,nop,TS val 2781336 ecr 111101744], length 0
15:06:03.771522 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 160:256, ack 1, win 112, options [nop,nop,TS val 111101744 ecr 2780336], length 96
15:06:03.771529 IP 192.168.0.40.42724 > 208.109.104.205.22: Flags [.], ack 256, win 1002, options [nop,nop,TS val 2781336 ecr 111101744], length 0
15:06:04.772206 IP 208.109.104.205.54803 > 192.168.0.40.1194: UDP, length 77
15:06:05.771922 IP 208.109.104.205.54803 > 192.168.0.40.1194: UDP, length 77
15:06:06.771393 IP 208.109.104.205.54803 > 192.168.0.40.1194: UDP, length 77
15:06:07.768562 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 256:480, ack 1, win 112, options [nop,nop,TS val 111102144 ecr 2781336], length 224
15:06:07.768589 IP 192.168.0.40.42724 > 208.109.104.205.22: Flags [.], ack 480, win 1002, options [nop,nop,TS val 2782335 ecr 111102144], length 0
15:06:07.773556 IP 192.168.0.40.42724 > 208.109.104.205.22: Flags [P.], seq 1:49, ack 480, win 1002, options [nop,nop,TS val 2782337 ecr 111102144], length 48
15:06:08.035412 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 480:528, ack 49, win 112, options [nop,nop,TS val 111102170 ecr 2782337], length 48
15:06:08.042044 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 528:608, ack 49, win 112, options [nop,nop,TS val 111102170 ecr 2782337], length 80
15:06:08.042058 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 608:736, ack 49, win 112, options [nop,nop,TS val 111102170 ecr 2782337], length 128
15:06:08.042151 IP 192.168.0.40.42724 > 208.109.104.205.22: Flags [.], ack 736, win 1002, options [nop,nop,TS val 2782404 ecr 111102170], length 0
15:06:08.304710 IP 208.109.104.205.22 > 192.168.0.40.42724: Flags [P.], seq 736:928, ack 49, win 112, options [nop,nop,TS val 111102197 ecr 2782404], length 192
15:06:08.341484 IP 192.168.0.40.42724 > 208.109.104.205.22: Flags [.], ack 928, win 1002, options [nop,nop,TS val 2782479 ecr 111102197], length 0
15:06:09.814608 IP 192.168.0.40.1194 > 208.109.104.205.54803: UDP, length 53
im seriously clueless at this stage.. saw many posts that instruct for iptables manuevering.. not sure if that is the way out at this stage
many thanks
Last edited by precioso777; 03-24-2011 at 06:05 AM.
should i be using "ns-cert-type server" or "tls-client" ??
i tried all the combinations.. removing all tls-client & tls-server from both client and server and ns-cert-type or adding ns-cert-type only and also tried having only tls-client and tls-server in their respective places..
i have attached some exerts of the server and client log with verb 9
many thanks
Last edited by precioso777; 03-25-2011 at 03:22 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.