[root@reserved-94 openvpn]# cat server.conf port 10351 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key # This key should be secret dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.28.0.0 255.255.255.0 tls-server push "route 192.168.50.0 255.255.255.0" push "route 172.16.6.0 255.255.255.0" push "route 172.16.5.0 255.255.255.0" push "route 192.168.3.0 255.255.255.0" client-to-client keepalive 10 120 persist-key persist-tun duplicate-cn status 1194.log verb 3 ------------------------------
root@itsuuport-Latitude-E5440:/etc/openvpn/newvpn# cat server.ovpn client dev tun proto udp remote XXX.XX.XX.XX 10351 # - Your server IP and OpenVPN Port resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert myclient.crt key myclient.key verb 3 --------------------------------------------------- On Thursday, 7 August 2014 1:55 PM, Roopesh Sivam <[email protected]> wrote: can you copy paste your server conf and client conf On Thu, Aug 7, 2014 at 1:52 PM, 'John Joseph' via Free Software Users Group, Thiruvananthapuram <[email protected]> wrote: tried, not working > >It cannot ping at the other side clients > > > > > >On Thursday, 7 August 2014 1:40 PM, Roopesh Sivam <[email protected]> >wrote: > > > >try this > >push "route 192.168.3.0 255.255.255.0" > > >client-to-client > > >in server conf > > > > >On Thu, Aug 7, 2014 at 1:27 PM, 'John Joseph' via Free Software Users Group, >Thiruvananthapuram <[email protected]> wrote: > >Thanks, yes I did >> >>[root@localhost ~]# sysctl -p >>net.ipv4.ip_forward = 1 >>net.ipv4.conf.default.rp_filter = 1 >>net.ipv4.conf.default.accept_source_route = 0 >>kernel.sysrq = 0 >>kernel.core_uses_pid = 1 >>net.ipv4.tcp_syncookies = 1 >> >>... >>Also IPTABLES flushed, selinux disabled >> >>Do not know what to do >> >> >> >> >> >> >> >> >>On Thursday, 7 August 2014 1:22 PM, Roopesh Sivam <[email protected]> >>wrote: >> >> >> >>did you add ip forwarding it the server >> >>nano /etc/sysctl.conf: net.ipv4.ip_forward = 1 >> >>save and restart server >> >> >> >> >> >> >> >>On Thu, Aug 7, 2014 at 1:14 PM, 'John Joseph' via Free Software Users Group, >>Thiruvananthapuram <[email protected]> wrote: >> >>Thanks Roopesh >>>It is already there, in spite of adding it also cannot do >>>my cliente route -n shows >>> >>> >>>joseph@saji:~$ sudo route -n >>> >>>Kernel IP routing table >>>Destination Gateway Genmask Flags Metric Ref Use Iface >>>0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 wlan0 >>>10.28.0.1 10.28.0.5 255.255.255.255 UGH 0 0 0 tun0 >>>10.28.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 >>>169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0 >>>172.16.5.0 10.28.0.5 255.255.255.0 UG 0 0 0 tun0 >>>172.16.6.0 10.28.0.5 255.255.255.0 UG 0 0 0 tun0 >>>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 >>>192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 >>>192.168.50.0 10.28.0.5 255.255.255.0 UG 0 0 0 tun0 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>>On Thursday, 7 August 2014 1:08 PM, Roopesh Sivam <[email protected]> >>>wrote: >>> >>> >>> >>>this will automaticall add a new route to 50.0/24 network when the vpn >>>tunnel is up >>> >>> >>> >>> >>>On Thu, Aug 7, 2014 at 1:07 PM, Roopesh Sivam <[email protected]> wrote: >>> >>>Add a route in client configuration file >>>> >>>>push "route 192.168.50.0 255.255.255.0" >>>> >>>> >>>> >>>> >>>>On Thu, Aug 7, 2014 at 12:52 PM, John Joseph <[email protected]> wrote: >>>> >>>>Right now I connected using client to server, any advice >>>>> >>>>> >>>>> >>>>> >>>>>On Thursday, 7 August 2014 12:43 PM, sivam404 <[email protected]> >>>>>wrote: >>>>> >>>>> >>>>> >>>>> >>>>>did you mean from client to client, or cliet to server network?? >>>>>On Thursday, August 7, 2014 11:18:35 AM UTC+4, John Joseph wrote: >>>>> >>>>>>Hi All, >>>>>>I have been success in setting up a OpenVPN server and I am able to >>>>>>connect to the server from my clients, but clients cannot ping behind VPN >>>>>>eth1 interfaces >>>>>>ie from my client I can ping VPNServer eth1 (192.168.50.30), but cannot >>>>>>ping to the other side, It has to do some setting with route command >>>>>>see this traceroute results from the client >>>>>> >>>>>>joseph@saji:~$ traceroute 192.168.50.30 >>>>>>traceroute to 192.168.50.30 (192.168.50.30), 30 hops max, 60 byte packets >>>>>> 1 192.168.50.30 (192.168.50.30) 294.031 ms 294.041 ms 294.050 ms >>>>>>joseph@saji:~$ >>>>>> >>>>>>but when I do trace route to some IP inside the LAN it stops >>>>>>joseph@saji:~$ traceroute 192.168.50.10 >>>>>>traceroute to 192.168.50.10 (192.168.50.10), 30 hops max, 60 byte packets >>>>>> 1 10.28.0.1 (10.28.0.1) 296.795 ms 296.802 ms 296.803 ms >>>>>> 2 * * * >>>>>> 3 * * * >>>>>> 4 * * * >>>>>> >>>>>>So it reaches till the VPN server tunnel interface (10.28.0.1) then gets >>>>>>confused, we have to tell the packet from 10.28.0.1 to go to eth1. I >>>>>>tried with some route command which all was not correct >>>>>>Like to get help, details of the network are given below >>>>>> >>>>>> >>>>>> >>>>>>My VPN Client ip is 192.168.3.101 >>>>>> >>>>>>and My VPN Server interfaces are >>>>>> eth0= connected to the public IP >>>>>> eth1= interface is 192.168.50.30/24 >>>>>> >>>>>> >>>>>>I did a openvpn connection from my client to OpenVP Server now >>>>>>my client interfaces are >>>>>> eth0 = 192.168.3.101 >>>>>> tun0 = 10.28.0.10 >>>>>> >>>>>>My Server interfaces are >>>>>> eth0 = Public IP >>>>>> eth1 = 192.168.50.30/24 >>>>>> tun0 = 10.28.0.1 >>>>>> >>>>>>My Server route -n command shows >>>>>> >>>>>>[root@reserved-94 openvpn]# route -n >>>>>>Kernel IP routing table >>>>>>Destination Gateway Genmask Flags Metric Ref Use >>>>>>Iface >>>>>>10.10.10.11 0.0.0.0 255.255.255.255 UH 0 0 0 >>>>>>ppp0 >>>>>>10.28.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 >>>>>>tun0 >>>>>>XXX.XX.XX.XX 0.0.0.0 255.255.255.252 U 1 0 0 >>>>>>eth0 >>>>>>10.28.0.0 10.28.0.2 255.255.255.0 UG 0 0 0 >>>>>>tun0 >>>>>>192.168.50.0 0.0.0.0 255.255.255.0 U 1 0 0 >>>>>>eth1 >>>>>>0.0.0.0 XXX.XX.XX.XX 0.0.0.0 UG 0 0 0 >>>>>>eth0 >>>>>> >>>>>>Advice and help requested >>>>>>thanks >>>>>>Joseph John >>>>>> >>>>> >>>>> >>>> >>> >>> >>> >>>-- >>>-- >>>"Freedom is the only law". >>>"Freedom Unplugged" >>>http://www.ilug-tvm.org >>> >>>You received this message because you are subscribed to the Google >>>Groups "ilug-tvm" group. >>>To control your subscription visit >>>http://groups.google.co.in/group/ilug-tvm/subscribe >>>To post to this group, send email to [email protected] >>>To unsubscribe from this group, send email to >>>[email protected] >>> >>> >>> >>>For details visit the google group page: >>>http://groups.google.com/group/ilug-tvm?hl=en >>> >>>--- >>>You received this message because you are subscribed to the Google Groups >>>"Free Software Users Group, Thiruvananthapuram" group. >>>To unsubscribe from this group and stop receiving emails from it, send an >>>email to [email protected]. >>>For more options, visit https://groups.google.com/d/optout. >>> >> -- >>-- >>"Freedom is the only law". >>"Freedom Unplugged" >>http://www.ilug-tvm.org >> >>You received this message because you are subscribed to the Google >>Groups "ilug-tvm" group. >>To control your subscription visit >>http://groups.google.co.in/group/ilug-tvm/subscribe >>To post to this group, send email to [email protected] >>To unsubscribe from this group, send email to >>[email protected] >> >> >> >>For details visit the google group page: >>http://groups.google.com/group/ilug-tvm?hl=en >> >>--- >>You received this message because you are subscribed to the Google Groups >>"Free Software Users Group, Thiruvananthapuram" group. >>To unsubscribe from this group and stop receiving emails from it, send an >>email to [email protected]. >>For more options, visit https://groups.google.com/d/optout. >> >> >> >>-- >>-- >>"Freedom is the only law". >>"Freedom Unplugged" >>http://www.ilug-tvm.org >> >>You received this message because you are subscribed to the Google >>Groups "ilug-tvm" group. >>To control your subscription visit >>http://groups.google.co.in/group/ilug-tvm/subscribe >>To post to this group, send email to [email protected] >>To unsubscribe from this group, send email to >>[email protected] >> >> >> >>For details visit the google group page: >>http://groups.google.com/group/ilug-tvm?hl=en >> >>--- >>You received this message because you are subscribed to the Google Groups >>"Free Software Users Group, Thiruvananthapuram" group. >>To unsubscribe from this group and stop receiving emails from it, send an >>email to [email protected]. >>For more options, visit https://groups.google.com/d/optout. >> > -- >-- >"Freedom is the only law". >"Freedom Unplugged" >http://www.ilug-tvm.org > >You received this message because you are subscribed to the Google >Groups "ilug-tvm" group. >To control your subscription visit >http://groups.google.co.in/group/ilug-tvm/subscribe >To post to this group, send email to [email protected] >To unsubscribe from this group, send email to >[email protected] > > > >For details visit the google group page: >http://groups.google.com/group/ilug-tvm?hl=en > >--- >You received this message because you are subscribed to the Google Groups >"Free Software Users Group, Thiruvananthapuram" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to [email protected]. >For more options, visit https://groups.google.com/d/optout. > > > >-- >-- >"Freedom is the only law". >"Freedom Unplugged" >http://www.ilug-tvm.org > >You received this message because you are subscribed to the Google >Groups "ilug-tvm" group. >To control your subscription visit >http://groups.google.co.in/group/ilug-tvm/subscribe >To post to this group, send email to [email protected] >To unsubscribe from this group, send email to >[email protected] > > > >For details visit the google group page: >http://groups.google.com/group/ilug-tvm?hl=en > >--- >You received this message because you are subscribed to the Google Groups >"Free Software Users Group, Thiruvananthapuram" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to [email protected]. >For more options, visit https://groups.google.com/d/optout. > -- -- "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To control your subscription visit http://groups.google.co.in/group/ilug-tvm/subscribe To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For details visit the google group page: http://groups.google.com/group/ilug-tvm?hl=en --- You received this message because you are subscribed to the Google Groups "Free Software Users Group, Thiruvananthapuram" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- -- "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To control your subscription visit http://groups.google.co.in/group/ilug-tvm/subscribe To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For details visit the google group page: http://groups.google.com/group/ilug-tvm?hl=en --- You received this message because you are subscribed to the Google Groups "Free Software Users Group, Thiruvananthapuram" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
