LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   openvpn server and client cannot ping both direction (https://www.linuxquestions.org/questions/linux-networking-3/openvpn-server-and-client-cannot-ping-both-direction-461979/)

odie_chan 07-08-2006 12:06 AM
openvpn server and client cannot ping both direction
 
Dear all professionl,

I am tryping to set up SSL-VPN openvpn between RH AS3 server and Window XP according to openvpn website

I successfully installed openvpn 2.0 at RH linux and Initialization Sequence Completed and connected by window XP client. Details message as below:

Sat Jul 8 12:48:07 2006 OpenVPN 2.0.7 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 8 2006
Sat Jul 8 12:48:07 2006 Diffie-Hellman initialized with 1024 bit key
Sat Jul 8 12:48:07 2006 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 8 12:48:07 2006 TUN/TAP device tun0 opened
Sat Jul 8 12:48:07 2006 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Jul 8 12:48:07 2006 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Jul 8 12:48:07 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 8 12:48:07 2006 UDPv4 link local (bound): [undef]:1194
Sat Jul 8 12:48:07 2006 UDPv4 link remote: [undef]
Sat Jul 8 12:48:07 2006 MULTI: multi_init called, r=256 v=256
Sat Jul 8 12:48:07 2006 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Jul 8 12:48:07 2006 IFCONFIG POOL LIST
Sat Jul 8 12:48:07 2006 terryoffice,10.8.0.4
Sat Jul 8 12:48:07 2006 Initialization Sequence Completed
Sat Jul 8 12:50:13 2006 MULTI: multi_create_instance called
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Re-using SSL/TLS context
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 LZO compression initialized
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Local Options hash (VER=V4): '530fdded'
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 Expected Remote Options hash (VER=V4): '41690919'
Sat Jul 8 12:50:13 2006 ww.xx.yy.xx:28351 TLS: Initial packet from ww.xx.yy.xx:28351, sid=f31d580f 6706904b
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 VERIFY OK: depth=1, xxxxxxxxxxxxxxxxxxxxxxxxxxx
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 VERIFY OK: depth=0, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jul 8 12:50:14 2006 ww.xx.yy.xx:28351 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 8 12:50:15 2006 ww.xx.yy.xx:28351 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jul 8 12:50:15 2006 ww.xx.yy.xx:28351 [terryoffice] Peer Connection Initiated with ww.xx.yy.xx:28351
Sat Jul 8 12:50:15 2006 terryoffice/ww.xx.yy.xx:28351 MULTI: Learn: 10.8.0.6 -> terryoffice/ww.xx.yy.zz:28351
Sat Jul 8 12:50:15 2006 terryoffice/ww.xx.yy.xx:28351 MULTI: primary virtual IP for terryoffice/ww.xx.yy.xx:28351: 10.8.0.6
Sat Jul 8 12:50:16 2006 terryoffice/ww.xx.yy.xx:28351 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jul 8 12:50:16 2006 terryoffice/ww.xx.yy.xx:28351 SENT CONTROL [terryoffice]: 'PUSH_REPLY,redirect-gateway,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)


I successfully installed openvpn for window XP(no firewall) and connected to server wih Initalization Sequence Completed.

Detail IP Assignment (Most configure is set to default)
I understand the below at server
/sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
/sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2

Detail Configure file
Server
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


Client
client
dev tun
proto udp
remote XX.yy.zz.WW 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:\\terry\\ca.crt
cert C:\\terry\\terryoffice.crt
key C:\\terry\\terryoffice.key
comp-lzo
verb 3
mute 20

Iptables
/sbin/iptables -I INPUT -i tun0 -j ACCEPT
/sbin/iptables -I FORWARD -i tun0 -j ACCEPT
/sbin/iptables -I FORWARD -o tun0 -j ACCEPT
/sbin/iptables -I OUTPUT -o tun0 -j ACCEPT




Question

I am not understand XP client get the below IP and gateway
IP 10.8.0.5
Gateway 10.8.0.6

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-56-C6-F3-79
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 10.8.0.5
DHCP Server . . . . . . . . . . . : 10.8.0.5
Lease Obtained. . . . . . . . . . : Saturday, July 08, 2006 12:54:01
Lease Expires . . . . . . . . . . : Sunday, July 08, 2007 12:54:01 PM

Can anyone explain how the VPN server assign the IP and gateway to client and how the route setting at the client

Or how to let the server and client ping both direction

Thank you in advance.

Terry


All times are GMT -5. The time now is 11:29 PM.