Don't understand OpenVPN IP-assignment
On the OpenVPN-server :
server.conf : Code:
port 1194 Code:
ifconfig-push 10.8.0.1 10.8.0.2 (from server.conf documentation) on my Fedora-client : Code:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 on the OpenVPN-server : Code:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 Can someone tell me the meaning of "inet addr:10.8.0.6 P-t-P:10.8.0.5" on the Fedora-client and "inet addr:10.8.0.1 P-t-P:10.8.0.2" on the OpenVPN-server ?? Shouldn't my OpenVPN-server have the IP 10.8.0.1 and my client 10.8.0.2 ?? |
The server will use the 10.8.0.1 ip address
Code:
# Configure server mode and supply a VPN subnet Code:
ifconfig-push 10.9.0.1 10.9.0.2 Code:
client-config-dir ccd Try to reconnect. From the server, try to ping 10.8.0.1 (it's local IP) which should respond fine. The try to ping 10.9.0.1 (the client assigned ip address), which should also respond fine. Then from the client, try to ping its local (10.9.0.1) and then the server (10.8.0.1). If you're running a firewall.. you may also want to add some rules to trust the tun0 interface. |
Thanks for your reply !
Followed your instructions : on the OpenVPN-server (server.conf) : Code:
server 10.8.0.0 255.255.255.0 Code:
bash-3.2# cat ccd/client-jonas Code:
bash-3.2# ping -c 4 10.8.0.1 Code:
[jonas@jonas ~]$ ping -c 4 10.9.0.1 Extra oddity : Code:
bash-3.2# cat ipp.txt |
I asume the firewall is turned on on your server. Which firewall is it? You may want to try disabling it for a couple seconds, ping back & forth and the reenable it.
On the client, if you execute the route command Code:
10.9.0.2 * 255.255.255.255 UH 0 0 0 tun0 Code:
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 |
Quote:
Route on client firewall enabled : Code:
[root@jonas jonas]# route Code:
[root@jonas jonas]# route |
Routes are not changed by firewalls (at least not in linux statefull firewalls), only iptables tables.
You're still having the 10.8.0.5 ip address that is based on your old server.conf settings. Restart the OpenVPN service on the server, reconnect and try to disable the firewall on the server for a minute and ping back & forth. |
Although not secure, I have totally disabled the firewall.
Next I restart the OpenVPN-server + I clear the file ipp.txt. Code:
bash-3.2# /sbin/service lfd stop Code:
bash-3.2# /sbin/service iptables status Code:
bash-3.2# /sbin/service openvpn restart Code:
bash-3.2# cat ipp.txt On my Fedora host, when VPN-connected : Code:
[jonas@jonas ~]$ route I add the following :scratch: : No firewall active, I am directly connected to the internet, no NAT : on the VPN-server : Code:
bash-3.2# /sbin/route The only IP-address I can ping is 10.8.0.1, no other. Also not 10.9.0.1 or anything else... On my Fedora-client : Code:
[jonas@jonas ~]$ route 78.XX.XX.1 = IP ISP-router 78.XX.XX.0 = ISP network |
All times are GMT -5. The time now is 10:15 PM. |