Marcelo Toledo wrote:
Em Sex, 2005-10-07 às 18:19 +0200, Rolf Fokkens escreveu:
Could be a silly question, but to be sure: you had the client-to-client
option enabled on the server side?
Yes we do.
The patch should work both on the client and the server, but for clients
it hardly does anything at all.
alright, here what we have done.
In the main server we installed the patch. We have ~400 clients
connected to it, 3 of them we also installed the patch, here is the
result.
All these 3 clients couldn't see each other but they could see the
remaining 397 clients. The 397 couldn't see the 3 clients.
I think that's it, any idea?
What do you mean with "see each other"? I tried to reproduce, but no
success. Both the clients could ping each other:
Server:
./openvpn --writepid /var/run/openvpn/nocompress.pid --cd /etc/openvpn/
--client-to-client --status /tmp/nocompress.status 1 cipher aes-128-cbc
--keepalive 10 30 --port 5000 --dev tap0 --fragment 1300 --mtu-disc yes
--mode server --tls-server --dh /etc/openvpn/plaza/dh1024.pem --ca
/etc/openvpn/plaza/openvpn-ca.crt --cert
/etc/openvpn/plaza/openvpn-N004.crt --key
/etc/openvpn/plaza/openvpn-N004.key --verb 2 -- management 127.0.0.1 5000
Client 1:
/opt/openvpn --writepid /var/run/openvpn-vvpn-0.pid --cipher aes-128-cbc
--engine padlock --dev tap0 --keepalive 3 30 --tls-client --port 5000
--passtos --syslog --fragment 1300 --mtu-disc yes --management 127.0.0.1
5000 --ca /etc/openvpn/vvpn/ca.crt --cert /etc/openvpn/vvpn/vvpn.crt
--key /etc/openvpn/vvpn/vvpn.key --verb 2 --remote 145.66.1.1
Client 2:
/opt/openvpn --writepid /var/run/openvpn-vvpn-0.pid --cipher aes-128-cbc
--engine padlock --dev tap0 --keepalive 3 30 --tls-client --port 5000
--passtos --syslog --fragment 1300 --mtu-disc yes --management 127.0.0.1
5000 --ca /etc/openvpn/vvpn/ca.crt --cert /etc/openvpn/vvpn/vvpn.crt
--key /etc/openvpn/vvpn/vvpn.key --verb 2 --remote 145.66.1.1
Any obvious difference to your configs?
