OpenVPN point-to-point address question

deadeyes · 12-10-2007, 08:57 AM

Ok, I think my setup works because I can ping both sides (I think). If I ping from the server to 192.168.100.6 I get a reply and if I ping at the client to 192.168.100.1 I also get a reply)

But there is something confusing in the output of ifconfig on client and server. Like you can see below, on both hosts, I have different IP addresses for the point-to-point.
I wonder why the client uses 192.168.100.6=>192.168.100.5 while the server is using other IP addresses (192.168.100.1=>192.168.100.2)

Why are these different? Or am I doing something wrong?

Thanks in advance!

Ifconfig vpn server:

Code:

eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx  
          inet addr:10.0.0.21  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5888 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3430 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7581663 (7.2 MiB)  TX bytes:291627 (284.7 KiB)
          Interrupt:10 Base address:0xc100 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1232 (1.2 KiB)  TX bytes:1232 (1.2 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.100.1  P-t-P:192.168.100.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Ifconfig vpn client:

Code:

eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx  
          inet addr:10.0.0.22  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: xxxx::xxx:xxxx:xxxx:xxxx/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5988 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7595595 (7.2 MiB)  TX bytes:400998 (391.5 KiB)
          Interrupt:10 Base address:0xc100 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1344 (1.3 KiB)  TX bytes:1344 (1.3 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.100.6  P-t-P:192.168.100.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

These are my configs:

Server.conf

Code:

dev tun
mode server

tls-server
tls-auth keys/ta.key 0
dh keys/dh1024.pem
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
duplicate-cn

server 192.168.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt

up ./server.up
push "redirect-gateway def1"

user nobody
group nobody

ping 15
verb 3
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/status.log

Client.conf

Code:

dev tun

remote x.x.x.x

tls-client
tls-auth keys/ta.key 1
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key

pull

port 1194
user nobody
group nobody

ping 15
verb 3
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/status.log

ledow · 12-11-2007, 11:09 AM

That's just normal.

I have exactly the same here and I've been using OpenVPN for ages.

From the client side, .5 is the server and from the server side .2 is the client. All the other numbers are just routed at either end, so the server knows to contact .2 when it needs to talk to anything past .5 and the client knows that it's both .5 and .6

It comes about because OpenVPN is routing networks not just individual IP addresses. The "gateway" for each network is the PtP address that you get, even if there's only one client on that particular virtual network.

It also lets you do clever tricks like bridging seperated networks as if they were one and also stopping (or allowing) one client connected over OpenVPN to see other clients connected over OpenVPN.

It's possible, for example, to form an ad-hoc secure network over several disparate locations by having one OpenVPN client on each network and a server somewhere and have all the relevant computers "see" each other as if they were local. When it comes to this sort of situation, you're better off letting OpenVPN do the numbering for you because it quickly becomes a nightmare and "standard" DHCP doesn't help matters at all. That's what's happened here.