Hi. Thanks for answer! At now I have use loglevel 5 (several time I was used level 9 but it was useless - too many information). I'm trying to find reading iroute from ccd directory but I do not find it or is it not so obvious, do you have a more precise form of this message? (I found the PUSH_REQUEST and PUSH_REPLAY and some messages about cipher)
Unfortunately the second/client router does not have a primary internet address it is reside behind the service providers nat. (I thought it is obvious, if I have an address could be access from internet I does not need vpn at all) Thanks for your time! Sincerely tovis > On Tue, Feb 23, 2016 at 7:07 PM, tovis <mailer.to...@freemail.hu> wrote: > >> The routers configuration, resulting settings and logs are on pastebin: >> server side (tovis-lab): http://pastebin.com/3VRAadXz >> client side (tovis-lak): http://pastebin.com/h8Ctfmx2 >> server side LAN is 192.168.1.0 255.255.255.0 tunnel is 10.8.0.1 >> client side LAN is 192.168.2.0 255.255.255.0 tunnel is 10.8.0.6 >> >> At now the connection is established and working! - but it's like "half >> duplex". The client could reach the LAN on the server side, but the >> server >> can not reach the client side. >> >From the server side I can only ping the client side tun address >> 10.8.0.6 >> (and of course own tun 10.8.0.1). >> I have install tcpdump on RPI, when I ping the client side tun interface >> 10.8.0.6 I can see incoming/outgoing packages, but when I try to ping >> router's LAN side 192.168.2.254 no sign of packages. At now I have only >> one box at the client side what I can not access either - no ping no >> ssh. >> > > That sounds like a missing iroute directive. I notice iroute is in the ccd > file, but is it really being read? A log at level verb=4 would show > client-specific file is being read when the client connects. The location > of ccd relative to config is not clear from the posted logs. > > Having said that, if the idea is to make a tunnel between two routers its > much simpler to use a point-to-point set up: > > Say router1 is assigned 10.8.0.1 and router2 10.8.0.2 > > config on router1 > > remote router2-public-ip > ifconfig 10.8.0.1 10.8.0.2 > dev tun0 > tls-server > dh > ca > cert > key > > config on router2 > > remote router1-public-ip > ifconfig 10.8.0.2 10.8.0.1 > dev tun0 > tls-client > ca > cert > key > > Then use up scripts to add routes: > On router 1 a route to server side LAN with gateway as router 2 tun IP and > a reciprocal one on router2: i.e., > > on router 1: ip route add router2-net/mask via 10.8.0.2 > on router 2: ip route add router1-net/mask via 10.8.0.1 > > Note the gateways are on the other end of the tunnel, no iroute needed. > > Selva > ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
