Env.: Server: OpenVPN 2.0.6 / Debian / TAP
Clients: OpenVPN 2.0.5 / XP SP2
Hi Devs,
Sorry for the intrusion. Since I couldn't find help on openvpn-users, I thought
I'd ask you guys.
Server setup: Bridge of dummy interface (dummy0) and tap0. The purpose is to
make client-to-client communications using filtering rules (hence no
--client-to-client rule).
Note: TUN is not an option in this setup.
Bridge setup looks fine. (10.8.0.1/24)
Clients can connect to the VPN. They receive the expected IPs. They can ping
the server. So far so good!
Problem: They can't ping each other.
Checks I made:
- no filtering whatsoever. Iptables, arptables and ebtables -L are all empty
with default policy ACCEPT.
- The settings in /proc/sys/net/bridge are set to 1. But since the
corresponding filter tables are empty...
- when issuing a ping from clientA to clientB, clientA sends an ARP request.
ClientB never sees it (hence does not reply).
- It's not only an ARP problem: I 'hardcoded' each other's MAC address in each
client's ARP table. Same result: Sent ping packets are not seen by the other
one.
- When using --client-to-client, clients can ping each other. Of course,
iptables filtering doesn't work.
Q: What do I do wrong? Is this setup supposed to work? If not, why?
TIA for your lights,
Serge.
PS:
Server config:
-------------
mode server
tls-server
port 1194
proto udp
dev tap0
local 192.168.1.30
ifconfig-pool 10.8.0.10 10.8.0.254 255.255.255.0
keepalive 10 40
log-append logudp.txt
ca ca.crt
cert server.crt
key server.key
dh dh.pem
comp-lzo
persist-key
persist-tun
status openvpn-status-udp.log
verb 3
mute 5
Client config:
-------------
client
dev tap
proto udp
remote 192.168.1.30 1194
keepalive 10 40
ip-win32 netsh
dev-node VPN
ca ca.crt
cert client.crt
key client.key
resolv-retry infinite
nobind
comp-lzo
persist-key
persist-tun
verb 3
mute 20
