Hello,
I am currently stuck at configuring OpenVPN and wonder if the following
behavior is supposed to be. Pinging the server from the clients is fine, but
the other way round won't work. No way to ping the clients from the server
I am on OpenBSD 5.2 and OpenVPN 2.2.2. pf on OpenBSD is set to "pass in pass
out". As client I tried Tunnelblick 3.3beta on recent OSX and recent openvpn
packages on pfSense and debian. The behavior was the same on all of them.
Tunnel network is 10.0.1.0/24. Any ideas appreciated.
Thank you!
Best regards
=== server config ===
proto udp
port 444
dev tun0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/private/picard.goetzinger.cc.crt
key /etc/openvpn/private/picard.goetzinger.cc.key
dh /etc/openvpn/dh2048.pem
server 10.0.1.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
daemon openvpn
persist-key
persist-tun
tls-auth /etc/openvpn/private/ta.key 0
cipher AES-256-CBC
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 10.0.0.2"
client-to-client
status /var/log/openvpn-status.log
=== client config ===
client
dev tun
proto udp
remote HOSTDNS 444
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
=== routing table server ===
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default static.1.6.9.5.cli UGS 12 889109 - 8 em0
static.0.6.9.5.cli link#1 UC 1 0 - 4 em0
static.1.6.9.5.cli 78:fe:3d:47:19:0f UHLc 2 0 - 4 em0
name1 localhost UGHS 0 0 33196 8 lo0
10.0.0/24 link#2 UC 1 0 - 4 em1
name2 08:00:27:45:c7:c1 UHLc 2 606332 - 4 em1
10.0.1/24 10.0.1.2 UGS 0 285890 - 8 tun0
10.0.1.2 10.0.1.1 UH 2 0 - 4 tun0
10.0.11/24 10.0.1.2 UGS 0 0 - 8 tun0
85-126-x-x.work static.1.6.9.5.cli UGHD 2 888959 - L 56 em0
loopback localhost UGRS 0 0 33196 8 lo0
localhost localhost UH 7 145056 33196 L 4 lo0
BASE-ADDRESS.MCAST localhost URS 0 0 33196 8 lo0
=== routing table client ===
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.30 UGSc 133 0 en0
10/24 10.0.1.13 UGSc 1 0 tun0
10.0.1/24 10.0.1.13 UGSc 1 10 tun0
10.0.1.13 10.0.1.14 UH 5 414 tun0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 9 88589 lo0
169.254 link#4 UCS 1 0 en0
169.254.100.100 0:14:6c:90:17:86 UHLSWi 0 0 en0 895
192.168.1 link#4 UCS 6 0 en0
192.168.1.10 link#4 UHRLWIi 0 7 en0
192.168.1.30 0:c:29:3f:c7:b6 UHLWIir 133 25 en0 1184
192.168.1.32 0:c:29:d2:d1:d7 UHLWIi 0 1 en0 895
192.168.1.167 127.0.0.1 UHS 0 2 lo0
192.168.1.181 0:14:6c:90:17:86 UHLWIi 0 0 en0 895
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en0
=== ifconfig server ===
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:56:00:2b:26
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::250:56ff:fe00:2b26%em0 prefixlen 64 scopeid 0x1
inet 5.9.X.X netmask 0xffffffe0 broadcast 5.9.X.X
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 08:00:27:24:25:b9
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::a00:27ff:fe24:25b9%em1 prefixlen 64 scopeid 0x2
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
priority: 0
groups: tun
status: active
inet 10.0.1.1 --> 10.0.1.2 netmask 0xffffffff
=== ifconfig client ===
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 20:c9:d0:47:33:af
inet6 fe80::22c9:d0ff:fe47:33af%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.167 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:c9:d0:47:33:af
media: autoselect
status: inactive
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.1.14 --> 10.0.1.13 netmask 0xffffffff
open (pid 80177)
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
