Re: Fwd: openvpn, no errors but no workie...

[buhrow%lothlorien.nfbcal.org@localhost (Brian Buhrow)]

        Hello.  I'm running OpenVPN 2.0.5 on NetBSD-4.0 with both clients and
servers, and it works flawlessly.  It's very stable, connects right away,
and runs for weeks without a hickup.
        The difference between my setup and yours is that I'm using tun
devices rather than tap devices.  Since tap devices imply layer 2 level
switching, I wonder if there's some problem with the config as you
transfered it from FreeBSD to  NetBSD?  I know the tap driver works on
NetBSD-4.x because I'm using it elsewhere without difficulty.
-Brian

On Jul 13, 10:24pm, George Georgalis wrote:
} Subject: Fwd: openvpn, no errors but no workie...
} Maybe I should run this by the kernel list? I think the
} only option needed for this openvpn configuration is
} pseudo-device tap? (which is enabled)
} 
} // George
} 
} ----- Forwarded message from George Georgalis <george%galis.org@localhost> 
-----
} 
} Date: Sun, 13 Jul 2008 21:44:56 -0400
} From: George Georgalis <george%galis.org@localhost>
} To: openvpn-users%lists.sourceforge.net@localhost, 
pkgsrc-users%netbsd.org@localhost
} Subject: openvpn, no errors but no workie...
} 
} I deployed openvpn a few years ago on a FreeBSD box and
} it has worked flawlessly. But the other day the hardware
} failed and I put the config and keys on a netbsd-4
} box. The daemon starts up normal, and clients initialize
} quickly. It is a tap based vpn, and the route is pushed
} by the server, but not the gateway or ns.
} 
} Besides all the logs not showing errors, the clients do
} get a proper route added for the remote subnet, eg this
} IP is on the remote side of the connection:
} 
} # route get 192.168.15.1
}    route to: 192.168.15.1
} destination: 192.168.15.0
}        mask: 255.255.255.0
}   interface: tap0
}       flags: <UP,DONE,CLONING>
}  recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     
expire
}        0         0         0         0         0         0      1500      
-122 
} 
} the vpn server lan ip and subnet show in my client
} routing table...
} 
} 192.168.15         link#7             UC          1        0   tap0
} 192.168.15.85      link#7             UHLW        0        0   tap0
} 
} and you can see my client connection in the status log
} 
} Virtual Address,Common Name,Real Address,Last Ref
} 
ae:fa:86:7a:84:a9,George_Georgalis_fuji_2007.07.27.1854.07,70.183.8.249:63779,Sun
 Jul 13 21:33:15 2008
} 
} but that's it. no workie. I can't ping the client ip
} from the cooresponding ipp.txt:
} 
} George_Georgalis_fuji_2007.07.27.1854.07,192.168.15.229
} 
} (I'm not sure where else I might find that IP on the
} server, it's not in the arp table), nor can I reach any
} other ip on the remote subnet, including the server's
} lan IP.
} 
} I've turned off all firewalling and I can reach the
} private subnet from a shell on the vpn server.
} 
} What could be the problem here?
} 
} // George
} 
} 
} -- 
} George Georgalis, information system scientist <IXOYE><
} 
} 
} ----- End forwarded message -----
} 
} -- 
} George Georgalis, information system scientist <IXOYE><
>-- End of excerpt from George Georgalis