tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Fwd: openvpn, no errors but no workie...



Maybe I should run this by the kernel list? I think the
only option needed for this openvpn configuration is
pseudo-device tap? (which is enabled)

// George

----- Forwarded message from George Georgalis <george%galis.org@localhost> -----

Date: Sun, 13 Jul 2008 21:44:56 -0400
From: George Georgalis <george%galis.org@localhost>
To: openvpn-users%lists.sourceforge.net@localhost, 
pkgsrc-users%netbsd.org@localhost
Subject: openvpn, no errors but no workie...

I deployed openvpn a few years ago on a FreeBSD box and
it has worked flawlessly. But the other day the hardware
failed and I put the config and keys on a netbsd-4
box. The daemon starts up normal, and clients initialize
quickly. It is a tap based vpn, and the route is pushed
by the server, but not the gateway or ns.

Besides all the logs not showing errors, the clients do
get a proper route added for the remote subnet, eg this
IP is on the remote side of the connection:

# route get 192.168.15.1
   route to: 192.168.15.1
destination: 192.168.15.0
       mask: 255.255.255.0
  interface: tap0
      flags: <UP,DONE,CLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500      -122 

the vpn server lan ip and subnet show in my client
routing table...

192.168.15         link#7             UC          1        0   tap0
192.168.15.85      link#7             UHLW        0        0   tap0

and you can see my client connection in the status log

Virtual Address,Common Name,Real Address,Last Ref
ae:fa:86:7a:84:a9,George_Georgalis_fuji_2007.07.27.1854.07,70.183.8.249:63779,Sun
 Jul 13 21:33:15 2008

but that's it. no workie. I can't ping the client ip
from the cooresponding ipp.txt:

George_Georgalis_fuji_2007.07.27.1854.07,192.168.15.229

(I'm not sure where else I might find that IP on the
server, it's not in the arp table), nor can I reach any
other ip on the remote subnet, including the server's
lan IP.

I've turned off all firewalling and I can reach the
private subnet from a shell on the vpn server.

What could be the problem here?

// George


-- 
George Georgalis, information system scientist <IXOYE><


----- End forwarded message -----

-- 
George Georgalis, information system scientist <IXOYE><


Home | Main Index | Thread Index | Old Index