openvpn server and client cannot ping both direction
Dear all professionl,
I am tryping to set up SSL-VPN openvpn between RH AS3 server and Window XP according to openvpn website I successfully installed openvpn 2.0 at RH linux and Initialization Sequence Completed and connected by window XP client. Details message as below: Sat Jul 8 12:48:07 2006 OpenVPN 2.0.7 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 8 2006 Sat Jul 8 12:48:07 2006 Diffie-Hellman initialized with 1024 bit key Sat Jul 8 12:48:07 2006 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Jul 8 12:48:07 2006 TUN/TAP device tun0 opened Sat Jul 8 12:48:07 2006 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500 Sat Jul 8 12:48:07 2006 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 Sat Jul 8 12:48:07 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jul 8 12:48:07 2006 UDPv4 link local (bound): [undef]:1194 Sat Jul 8 12:48:07 2006 UDPv4 link remote: [undef] Sat Jul 8 12:48:07 2006 MULTI: multi_init called, r=256 v=256 Sat Jul 8 12:48:07 2006 IFCONFIG POOL: base=10.8.0.4 size=62 Sat Jul 8 12:48:07 2006 IFCONFIG POOL LIST Sat Jul 8 12:48:07 2006 terryoffice,10.8.0.4 Sat Jul 8 12:48:07 2006 Initialization Sequence Completed Sat Jul 8 12:50:13 2006 MULTI: multi_create_instance called Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Re-using SSL/TLS context Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 LZO compression initialized Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Local Options hash (VER=V4): '530fdded' Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Expected Remote Options hash (VER=V4): '41690919' Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 TLS: Initial packet from ww.xx.yy.xx:28351, sid=f31d580f 6706904b Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 VERIFY OK: depth=1, xxxxxxxxxxxxxxxxxxxxxxxxxxx Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 VERIFY OK: depth=0, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Jul 8 12:50:15 2006 ww.xx.yy.xx:28351 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Jul 8 12:50:15 2006 ww.xx.yy.xx:28351 [terryoffice] Peer Connection Initiated with ww.xx.yy.xx:28351 Sat Jul 8 12:50:15 2006 terryoffice/ww.xx.yy.xx:28351 MULTI: Learn: 10.8.0.6 -> terryoffice/ww.xx.yy.zz:28351 Sat Jul 8 12:50:15 2006 terryoffice/ww.xx.yy.xx:28351 MULTI: primary virtual IP for terryoffice/ww.xx.yy.xx:28351: 10.8.0.6 Sat Jul 8 12:50:16 2006 terryoffice/ww.xx.yy.xx:28351 PUSH: Received control message: 'PUSH_REQUEST' Sat Jul 8 12:50:16 2006 terryoffice/ww.xx.yy.xx:28351 SENT CONTROL [terryoffice]: 'PUSH_REPLY,redirect-gateway,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1) I successfully installed openvpn for window XP(no firewall) and connected to server wih Initalization Sequence Completed. Detail IP Assignment (Most configure is set to default) I understand the below at server /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 Detail Configure file Server proto udp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 Client client dev tun proto udp remote XX.yy.zz.WW 1194 resolv-retry infinite nobind persist-key persist-tun ca C:\\terry\\ca.crt cert C:\\terry\\terryoffice.crt key C:\\terry\\terryoffice.key comp-lzo verb 3 mute 20 Iptables /sbin/iptables -I INPUT -i tun0 -j ACCEPT /sbin/iptables -I FORWARD -i tun0 -j ACCEPT /sbin/iptables -I FORWARD -o tun0 -j ACCEPT /sbin/iptables -I OUTPUT -o tun0 -j ACCEPT Question I am not understand XP client get the below IP and gateway IP 10.8.0.5 Gateway 10.8.0.6 Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V8 Physical Address. . . . . . . . . : 00-FF-56-C6-F3-79 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.8.0.6 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : 10.8.0.5 DHCP Server . . . . . . . . . . . : 10.8.0.5 Lease Obtained. . . . . . . . . . : Saturday, July 08, 2006 12:54:01 Lease Expires . . . . . . . . . . : Sunday, July 08, 2007 12:54:01 PM Can anyone explain how the VPN server assign the IP and gateway to client and how the route setting at the client Or how to let the server and client ping both direction Thank you in advance. Terry |
All times are GMT -5. The time now is 11:29 PM. |