I don't know if this will help or not, but try this. Disable the net2net clients, and shut down the openvpn connections between the servers.
D/L and install this software onto one of the clients: http://www.openvpn.se/ (download the 'Stable' version in the left column on that page) Install with all defaults - just click yes or next each time, or use your best judgment. Once its installed, click Start>All Programs>OpenVPN>OpenVPN configuration file directory In the folder that opens, place the certificate of the server you're going to log into, and also in that folder create a text file named VPN.ovpn, and place this text inside: client float dev tap proto udp port 1194 #local server: remote <red ip addy of the other server> resolv-retry infinite nobind persist-key persist-tun #change the name of cert.cer to match the name of your cert: ca cert.cer auth-user-pass pull comp-lzo Make sure theres a user/pass created to log in with, but do not define a remote network for that user. Log in and make sure you can ping the other client, etc. If that works, check your routes to see why it works. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Opper Klet Sent: Wednesday, September 12, 2007 12:28 PM To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net problem... I Found some more stuff concerning my problem. I can even manage it to work now and than. I Tried this one with two tunnels open. One in each direction of course. I Use the results of client1 (192.168.100.10) trying to contact client2 (192.168.101.10). If client1 is just started the routing table shows the following: =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.10 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.100.0 255.255.255.0 192.168.100.10 192.168.100.10 1 192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.100.255 255.255.255.255 192.168.100.10 192.168.100.10 1 224.0.0.0 224.0.0.0 192.168.100.10 192.168.100.10 1 255.255.255.255 255.255.255.255 192.168.100.10 192.168.100.10 1 Default Gateway: 192.168.100.1 =========================================================================== After trying to contact client2 (Ping, net use or whatever), the routing table shows: =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.10 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.100.0 255.255.255.0 192.168.100.10 192.168.100.10 1 192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.100.255 255.255.255.255 192.168.100.10 192.168.100.10 1 192.168.101.10 255.255.255.255 192.168.100.2 192.168.100.10 1 224.0.0.0 224.0.0.0 192.168.100.10 192.168.100.10 1 255.255.255.255 255.255.255.255 192.168.100.10 192.168.100.10 1 Default Gateway: 192.168.100.1 =========================================================================== The following route was dynamically added: 192.168.101.10 255.255.255.255 192.168.100.2 192.168.100.10 1 This creates a route for client2 with as gateway the IP address of the tap2 device on the other side. If I delete this route and if it doesn't come back immediately, the connection works... This is just temporary because the route comes back. Finding this out, I end up with a couple of questions: - Is there a way to stop the EFW's to update routes on the clients? (I Don't know much about Linux) - Is there a way to make the IP of the tap2 device on EFW2 reachable to LAN1? - Why am I having this problem on multiple setups? Searching the internet it doesn't seems to be a common problem... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of compdoc Sent: dinsdag 11 september 2007 23:09 To: [email protected] Subject: Re: [Efw-user] OpenVPN Net2Net problem... Destination host unreachable means it has no route to the host. I had mentioned that by setting up a connection both ways, this builds the routes properly that are pushed to the clients. Its gets this information from when you create a routed connection, and enter the remote user's network in the form of 192.168.100.0/255.255.255.0 and 192.168.101.0/255.255.255.0 The problem is, Windows caches this info, so you need to repair the connection, flush the cache, or reboot the client to see the new routes. The only other problem Ive seen is when there was a second router on the red lan, pushing out its own routes to the firewalls and messing up your routes. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
