openvpn problem

hi all,
I have configured a vpn with openvpn: I can open the channel but I can
not go over... As you can see I get the two ip address

tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.100.6 P-t-P:192.168.100.5 Mask:
255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:530 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:43432 (43.4 KB)

but I can ping only my peer and not the other peer.. I mean I can not
ping the server and the internal network

This is the network by serverside:

tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.100.1 P-t-P:192.168.100.2 Mask:
255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:578 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:47464 (46.3 Kb) TX bytes:0 (0.0 b)

and this is the configuration file

local 192.168.1.5
port 5001
proto udp
dev tun
tls-server
comp-lzo
mtu-test
mode server
tls-server
dh ssl/bsi_dh_1024.pem
ca ssl/bsi_ca_cert.pem
cert ssl/bsi_server_cert.pem
key ssl/bsi_server.key.pem
crl-verify ssl/bsi_ca_crl.pem
server 192.168.100.0 255.255.255.0
duplicate-cn
keepalive 60 600
status openvpn-status-RW.log
log openvpn-RW.log
log-append openvpn-RW.log
verb 4
mute 20

Moreover the ip_forward is 1

The connection is established... see the log:


Sat Nov 15 03:38:38 2008 us=186933 Current Parameter Settings:
Sat Nov 15 03:38:38 2008 us=187042 config = '/etc/openvpn/
openvpn.conf'
Sat Nov 15 03:38:38 2008 us=187059 mode = 1
Sat Nov 15 03:38:38 2008 us=187073 persist_config = DISABLED
Sat Nov 15 03:38:38 2008 us=187086 persist_mode = 1
Sat Nov 15 03:38:38 2008 us=187099 show_ciphers = DISABLED
Sat Nov 15 03:38:38 2008 us=187112 show_digests = DISABLED
Sat Nov 15 03:38:38 2008 us=187125 show_engines = DISABLED
Sat Nov 15 03:38:38 2008 us=187138 genkey = DISABLED
Sat Nov 15 03:38:38 2008 us=187151 key_pass_file = '[UNDEF]'
Sat Nov 15 03:38:38 2008 us=187165 show_tls_ciphers = DISABLED
Sat Nov 15 03:38:38 2008 us=187178 proto = 0
Sat Nov 15 03:38:38 2008 us=187191 local = '192.168.1.5'
Sat Nov 15 03:38:38 2008 us=187204 remote_list = NULL
Sat Nov 15 03:38:38 2008 us=187217 remote_random = DISABLED
Sat Nov 15 03:38:38 2008 us=187231 local_port = 5001
Sat Nov 15 03:38:38 2008 us=187244 remote_port = 5001
Sat Nov 15 03:38:38 2008 us=187257 remote_float = DISABLED
Sat Nov 15 03:38:38 2008 us=187270 ipchange = '[UNDEF]'
Sat Nov 15 03:38:38 2008 us=187283 bind_local = ENABLED
Sat Nov 15 03:38:38 2008 us=187296 NOTE: --mute triggered...
Sat Nov 15 03:38:38 2008 us=187317 157 variation(s) on previous 20
message(s) suppressed by --mute
Sat Nov 15 03:38:38 2008 us=187332 OpenVPN 2.0.5 x86_64-suse-linux
[SSL] [LZO] [EPOLL] built on Apr 23 2006
Sat Nov 15 03:38:38 2008 us=190083 Diffie-Hellman initialized with
1024 bit key
Sat Nov 15 03:38:38 2008 us=190704 TLS-Auth MTU parms [ L:1542 D:138
EF:38 EB:0 ET:0 EL:0 ]
Sat Nov 15 03:38:38 2008 us=190952 TUN/TAP device tun0 opened
Sat Nov 15 03:38:38 2008 us=190979 TUN/TAP TX queue length set to 100
Sat Nov 15 03:38:38 2008 us=191008 /sbin/ifconfig tun0 192.168.100.1
pointopoint 192.168.100.2 mtu 1500
Sat Nov 15 03:38:38 2008 us=251667 /sbin/route add -net 192.168.100.0
netmask 255.255.255.0 gw 192.168.100.2
Sat Nov 15 03:38:38 2008 us=258434 Data Channel MTU parms [ L:1542 D:
1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Nov 15 03:38:38 2008 us=258973 Socket Buffers: R=[126976->131072]
S=[126976->131072]
Sat Nov 15 03:38:38 2008 us=259047 UDPv4 link local (bound):
192.168.1.5:5001
Sat Nov 15 03:38:38 2008 us=259060 UDPv4 link remote: [undef]
Sat Nov 15 03:38:38 2008 us=259082 MULTI: multi_init called, r=256
v=256
Sat Nov 15 03:38:38 2008 us=259168 IFCONFIG POOL: base=192.168.100.4
size=62
Sat Nov 15 03:38:38 2008 us=259214 Initialization Sequence Completed
Sat Nov 15 03:40:19 2008 us=419896 MULTI: multi_create_instance called



It seems that something is missing but... what? Could you help me?

Thanks


Marco

Marco wrote:
> hi all,
> I have configured a vpn with openvpn: I can open the channel but I can
> not go over... As you can see I get the two ip address
>
> tun0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:192.168.100.6 P-t-P:192.168.100.5 Mask:
> 255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:530 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 B) TX bytes:43432 (43.4 KB)
>
> but I can ping only my peer and not the other peer.. I mean I can not
> ping the server and the internal network
>
> This is the network by serverside:
>
> tun0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:192.168.100.1 P-t-P:192.168.100.2 Mask:
> 255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:578 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:47464 (46.3 Kb) TX bytes:0 (0.0 b)
>

You have two point-to-point interfaces with conflicting IP
addresses.

The first unit has an IP 192.168.100.6 and it expects to
converse with 192.168.100.5.

The second unit has an IP 192.168.100.1 and it expects to have
an IP 192.168.100.2 at the other end.

--

Tauno Voipio
tauno voipio (at) iki fi

Marco wrote:

> hi all,
> I have configured a vpn with openvpn: I can open the channel but I can
> not go over... As you can see I get the two ip address
>
> tun0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:192.168.100.6 P-t-P:192.168.100.5 Mask:
> 255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:530 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 B) TX bytes:43432 (43.4 KB)
>
> but I can ping only my peer and not the other peer.. I mean I can not
> ping the server and the internal network
>
> This is the network by serverside:
>
> tun0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:192.168.100.1 P-t-P:192.168.100.2 Mask:
> 255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:578 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:47464 (46.3 Kb) TX bytes:0 (0.0 b)

They are talking - serverside has received packets, clientside sent.

>
> and this is the configuration file
>
> local 192.168.1.5
> port 5001
> proto udp
> dev tun
> tls-server
> comp-lzo
> mtu-test
> mode server
> tls-server
> dh ssl/bsi_dh_1024.pem
> ca ssl/bsi_ca_cert.pem
> cert ssl/bsi_server_cert.pem
> key ssl/bsi_server.key.pem
> crl-verify ssl/bsi_ca_crl.pem
> server 192.168.100.0 255.255.255.0

> duplicate-cn

Just curios: Why this? Might open a hole in security.

> keepalive 60 600
> status openvpn-status-RW.log
> log openvpn-RW.log
> log-append openvpn-RW.log
> verb 4
> mute 20
>
> Moreover the ip_forward is 1
[snip]
> It seems that something is missing but... what? Could you help me?

Did you try to ping your VPN-endpoint from the client, in this case
192.168.100.5? If that works, your VPN is set up. Next thing: You need a
route on the client, telling it that 192.168.1.0/24 is to be reached via gw
192.168.100.5 dev tun0.
This is set up via push-route in the server's vpn configuration file.

If you need your VPN server to be a DNS server for VPN clients, you also
need to push some DHCP-options which Windows OpenVPN will understand, in
Linux you need a tunnel-up and tunnel-down script to
modify /etc/resolv.conf with DHCP options received from openvpn server.

HTH,
Felix