Actually, this is most likely due to the fact that both server and client do
not have routing enables. In Linux you need to enable the sysctl in order to do
so (google for your distro).
If that fails, check firewall as mentioned previously
Darin Luckie
Network & System Administrator
luck...@technotic.co
Tel. 438.338.4600
Technotic - IT Support where honesty is our policy!
Visit our new site at www.technotic.co
> On Jul 7, 2014, at 3:19 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:
>
> Hi,
>
>> On 06/07/14 21:25, pg0...@fastmail.fm wrote:
>> cd /usr/local/etc/openvpn/ccd
>>
>> I have two machines, a 'server' & a 'client', both running OpenVPN
>> 2.3_git [git:master/96b9538711789355]. They're connected via VPN over a
>> UDP connection.
>>
>> I've got all my routes almost ironed-out; I'm close -- but not wuite
>> there. I can ping 'everywhere' except Server -> Client's
>> internal/private IPs.
>>
>> I'd appreciate a hand. Here's what I've done so far.
>>
>> The server is a remote, hosted VM. Its IP config is,
>>
>> IP(eth0) = "S.S.S.S" external/WAN intfc
>> IP(lo) = 192.168.0.1 local intfc
>> IP(tun0) = 10.0.0.1 vpn tunnel endpoint
>>
>> The client is my local router/firewall. Its IP config is,
>>
>> IP(eth0) = "C.C.C.C" external/WAN intfc
>> IP(eth1) = 192.168.1.1 internal/LAN intfc
>> IP(tun0) = 10.0.0.2 vpn tunnel endpoint
>>
>>
>> Atm, I can ping successfully
>>
>> @Server, ping -> Server[S.S.S.S] OK
>> @Server, ping -> Server[192.168.0.1] OK
>> @Server, ping -> Server[10.0.0.1] OK
>>
>> @Client, ping -> Client[C.C.C.C] OK
>> @Client, ping -> Client[192.168.1.1] OK
>> @Client, ping -> Client[10.0.0.1] OK
>>
>> @Server, ping -> Client[C.C.C.C] OK
>> @Client, ping -> Server[S.S.S.S] OK
>>
>> @Server, ping -> Client[10.0.0.2] OK
>> @Client, ping -> Server[10.0.0.1] OK
>>
>> @Client, ping -> Server[192.168.0.1] OK
>>
>> but am unable to
>>
>> @Server, ping -> Client[192.168.1.1] FAIL (100% packet
>> loss)
>> @Server, ping -> ClientLAN[192.168.1.{2-255}] FAIL (100% packet
>> loss)
>>
>> I'm missing a route, or have misconfigured something, but am finding
>> this last detail confusing, & can't figure out what/where, so far.
>>
>> My server's config includes:
>>
>> cat /usr/local/etc/openvpn/server.openvpn.conf
>> ...
>> mode server
>> local S.S.S.S
>> bind
>> proto udp4
>> dev tun0
>>
>> topology subnet
>> server 10.0.0.0 255.255.255.0
>>
>> client-config-dir ccd/
>> client-to-client
>>
>> push "route 192.168.0.0 255.255.255.0"
>> push "route 192.168.1.0 255.255.255.0"
>> route 192.168.1.0 255.255.255.0
>> ...
>>
>> the server's client-specific config includes:
>>
>> cat /usr/local/etc/openvpn/ccd/client1.openvpn.conf
>> ...
>> ifconfig-push 10.0.0.2 S.S.S.S
>> iroute 192.168.1.0 255.255.255.0
>> ...
>>
>> and, the client's config includes:
>>
>> cat /usr/local/etc/openvpn/client.openvpn.conf
>> ...
>> local C.C.C.C
>> bind
>> proto udp4
>> daemon
>> dev tun0
>>
>> <connection>
>> remote S.S.S.S 1194 udp
>> </connection>
>> pull
>> ...
>>
>> Again, I'm 'mostly' connected and communicating. What've I missed/screwed
>> up?
>
>
> most likely the CCD file is not being picked up; I always advise people
> to use absolute paths for the 'client-config-dir' option, in your case
> client-config-dir /usr/local/etc/openvpn/ccd/
> instead of
> client-config-dir ccd/
>
> another way of checking if the CCD file is picked up is by adding
> ccd-exclusive
>
> If there is no CCD file then the client is refused access - thus, if the
> server is misconfigured and cannot find the right file, the client won't
> be able to connect.
>
> If the CCD file IS being picked up then check the server side routing
> table after the VPN connects *AND* check the client side routing table
> and firewall rules.
>
> HTH,
>
> JJK
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
This e-mail and its attachments are confidential, legally privileged, may be
subject to copyright and sent solely for the attention of the addressee(s).
Any unauthorized use or disclosure is prohibited. Statements and opinions
expressed in this e-mail may not represent those of Technotic.------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
