Hi,
On 23/05/17 00:25, Xen wrote:
Gert Doering schreef op 22-05-2017 19:03:
learn-address is only called if the route is not already-known - so
if the client has previously connected, and the server did not notice
that it went away (no --ping and no explicit-exit-notify), it will
not tell you "delete first, add again right after" just keep it around.
I know, but there had been a delete and not a add again. Maybe it was
related to a hanging connect script. I'll have to background it if this
php has the tendency to hang, because a blocking connect script also
blocks proper operation.
Better to just background all tasks that are not relevant for exit
status, I think.
But without logs from the server, it's hard to say what happened
exactly.
Aye, I'll have to wait. I couldn't make anything from the logs because
there is nothing written for "unlearn", so my script now gives that
output.
It is these unreliablities that make it rather hard to use openvpn.
It's always nice to hear kind words from users :-)
Well openvpn works flawlessly when it does run. I've just had to create
a restart script on the client because otherwise it would stop
reconnecting; I didn't know how to fix it otherwise other than to just
run system-based restarts.
Today I spent at least 15 minutes trying to figure out why I couldn't
get to a VPN-internal host. :p.
At first I thought it was recent changes to my configuration system, but
that was not it. Took me a while to realize external hosts could access
it, but not me ;-). I'm just a bit fed up with those kinds of
troubleshooting sessions ;-).
Been trying to get this working for several years now lol.
if all external hosts can reach the server but you (internal host? vpn
server?) then it's - as always - a routing or NATting issue.
<shameless plug>
This _IS_ covered in a recipe of my OpenVPN cookbook
</shameless_plug>
Or when my learn address script would get fed the IP addresses of the
hosts behind the forwarded subnet ;-).
Suddenly the DNS of the client pointed to a host behind it, because my
version of OpenVPN running there on that server sends learn-address
messages each time that forwarded host is getting accessed. So I have to
verify it is the same as ifconfig_pool_remote.
Regardless I don't think openvpn ever fails in its operation, it is just
the management around it that makes it stop working now and then which
is just a headache. I wouldn't ever want to use anything else but now I
have restart scripts on the client and soon maybe also on the server :p.
Maybe it is the job of monitoring scripts to ensure proper operation
anyway. Regardless of which software you use.
95% of the questions on the openvpn mailing list and forums are about
routing; usually it is fairly straightforward to get OpenVPN itself up
and running, but integrating it into your existing network setup is
harder. And this is not something that OpenVPN can/should do, IMHO.
OpenVPN is for securing connections between client and server.
Everything else is routing.
JM2CW,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
