On 10-Jun-08, at 3:02 AM, Nejc Škoberne wrote:
Actually I don't think you can do the same thing with a tunnel. You have
to use a different IP addresses for the tunnel itself. Have you read the
OpenVPN manual?
Yes, I should have been clearer: With a tunnel, I can still push routes
and DNS, as long as I'm willing to sacrifice the same IP address.
Yes, I did: 'tcpdump -i tun0'. Nothing shows up on the server, but on
the client (OS X) I can see the pings being sent.
This means that there is a problem with the OpenVPN connection. Can
you show
the tail of your logs on both sides?
Here's what I found:
Wed Jun 11 12:49:46 2008 client1/192.168.0.1:53237 MULTI: Learn:
10.8.0.6 -> client1/192.168.0.1:53237
Wed Jun 11 12:49:46 2008 client1/192.168.0.1:53237 MULTI: primary
virtual IP for client1/192.168.0.1:53237: 10.8.0.6
This was interesting since that IP wasn't being set by the client. I'd
been manually setting it to 10.8.0.2, which caused this:
Wed Jun 11 12:50:04 2008 client1/192.168.0.1:53237 MULTI: bad source
address from client [10.8.0.2], packet dropped
Wed Jun 11 12:50:05 2008 client1/192.168.0.1:53237 MULTI: bad source
address from client [10.8.0.2], packet dropped
Wed Jun 11 12:50:06 2008 client1/192.168.0.1:53237 MULTI: bad source
address from client [10.8.0.2], packet dropped
Wed Jun 11 12:50:07 2008 client1/192.168.0.1:53237 MULTI: bad source
address from client [10.8.0.2], packet dropped
Changing it to 10.8.0.6 allowed the VPN to work over the tunnel. I could
access the VPN server on .1.
Bridging still doesn't work - and I don't see any traffic over the
interface either. Unfortunately, my laptop's network card just kicked
the dust so it's going in for servicing. I might test it out using the
Windows client on my desktop, but since it's inside the network all
ready I imagine it would be much harder to test.
proto tcp
Why are you using TCP anyway?
I'd been having problems with UDP and QoS a long time ago. I just hadn't
bothered to change it since it was working.
Thanks,
--Andrew
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"