openVPN

deibertine · 09-24-2009, 08:04 PM

I have openVPN setup in my network which went fine and clients were able to connect.

However a few issues:
-Only the first ip (in the range) for some reason is being given out. The range is from 10.10.1.10 to 10.10.1.50 but only 10.10.1.10 is being given out to clients which creates "IP Conflict" errors and also disconnects the other client who has this same IP.

All the routes has been setup in the core router but still the vpn's ip subnet would not talk to others in the internal network.

Here's my server.conf:
mode server
tls-server
#local 10.10.1.2
port 1194
proto udp
persist-key
persist-tun
#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
persist-key
persist-tun
###Certificates and encryption
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
comp-lzo
###DHCP INFO
ifconfig-pool-persist ipp.txt
server-bridge 10.10.1.2 255.255.255.0 10.10.1.10 10.10.1.50
push "route 10.10.1.0 255.255.255.0"
push "route 10.10.10.0 255.255.255.0"
push "route 10.10.13.0 255.255.255.0"
push "dhcp-option DNS 10.10.10.25"
push "dhcp-option DOMAIN csaa.com"

Please someone kindly advise.

Cheers,
DB

scheidel21 · 09-25-2009, 08:17 AM

Well first thing is, is this a routed network or a bridged network, your config says is bridged but your statement above it implies you are looking for a routed network. That aside, you don't need to push the route to your bridged netwrok if it is bridged, on the client side it will know how to route to it because the client thinks it is connected physically to the VPN network. I also believe you need to enable the clien to client option in the server config to let computer talk to eachother, otherwise clients will only be able to talk to the server and not talk to other clients or computer physically on the network. As far as the dhcpl leases go, I don't know what to say. If this is a bridged network and you have a dhcp server on it you could enable the dhcp passthrough option and let that hand out the leases.

deibertine · 09-28-2009, 12:22 PM

Quote:

Originally Posted by scheidel21

Well first thing is, is this a routed network or a bridged network, your config says is bridged but your statement above it implies you are looking for a routed network. That aside, you don't need to push the route to your bridged netwrok if it is bridged, on the client side it will know how to route to it because the client thinks it is connected physically to the VPN network. I also believe you need to enable the clien to client option in the server config to let computer talk to eachother, otherwise clients will only be able to talk to the server and not talk to other clients or computer physically on the network. As far as the dhcpl leases go, I don't know what to say. If this is a bridged network and you have a dhcp server on it you could enable the dhcp passthrough option and let that hand out the leases.

Sorry for the wording, this is actually a bridged network for my openVPN. I have removed the push routes in my config file and also configured client-to-client. However still doesnt route. Any idea what else I might be missing?

Cheers,
DB