Hi Xen,
On 03/10/17 12:16, Xen wrote:
Jan Just Keijser schreef op 03-10-2017 11:29:
On 02/10/17 19:17, Xen wrote:
So it appears that by upgrading a client to 2.4 something stopped working.
I have a rather old Synology server.
Version is 2.1.4
Topology is as follows:
Home network --> VPN server --> VPN client --> client behind client
Home network (my computer) has a route for the VPN and a route for the client
behind client.
10.3.0.0 255.255.255.0 192.168.0.3 192.168.0.100 26
10.8.0.0 255.255.255.0 192.168.0.3 192.168.0.100 26
Well I guess it is cryptic, but this is the route for the regular PC via the
VPN server which is in this case 192.168.0.3
The client config file is as follows:
ifconfig-push 10.8.0.25 255.255.255.0
iroute 10.3.0.0 255.255.255.0
push 'route 192.168.0.0 255.255.255.0'
Before, I used no topology. I did use the above. Now the 2.4 client expects a p2p topology by default and complains about
the above ifconfig-push directive.
what does it say in the client-side logs when this is pushed?
And are you specifying "topology subnet" on the server side? then that get's
pushed to the clients also.
I assume the iroute is currently not working.
What topology should I use? I now forced it to "subnet".
the 'iroute' does not do anything on the client, that's a server
statement. The 'ifconfig-push' should have worked with OpenVPN 2.4.
Ehm, I thought it would be obvious that this is a file on the server in the
client-config-dir.
That's why I call it a client-config-file.
it could also have been the client-side config file ;)
Try adding an
iroute 10.3.0.0. 255.255.255.0
to a CCD file named 'bugger' inside the *SERVER* config, so that the
VPN server knows that the network 10.3.0.0 is to be found "behind" the
VPN client 'bugger', e.g
Well like I said this was already the case. It would not have worked at all if
this was not true.
And add "client-config-dir /etc/openvpn/clients" to the VPN server
config.
I have that.
Add "route 10.3.0.0 255.255.255.0" to the server-side config file (main config file) to ensure that the routing table is also
updated each time OpenVPN starts and stops.
Also, check that IP forwarding is enabled (I would assume so already). Then, finally, post the routing tables once the VPN
server+client are up. Run tcpdump (e.g. on the server) to see where packets are getting lost between subnet-behind-server vs
subnet-behind-client.
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
