Re: Fwd: openvpn, no errors but no workie...

[George Georgalis <george%galis.org@localhost>]

Okay, I'm going to try it on i386 today (like the old
one), the non-working replacement vpn is amd64.

// George

On Sun 13 Jul 2008 at 10:34:27 PM -0700, Brian Buhrow wrote:
>       Hello.  I'm running OpenVPN 2.0.5 on NetBSD-4.0 with both clients and
>servers, and it works flawlessly.  It's very stable, connects right away,
>and runs for weeks without a hickup.
>       The difference between my setup and yours is that I'm using tun
>devices rather than tap devices.  Since tap devices imply layer 2 level
>switching, I wonder if there's some problem with the config as you
>transfered it from FreeBSD to  NetBSD?  I know the tap driver works on
>NetBSD-4.x because I'm using it elsewhere without difficulty.
>-Brian
>
>On Jul 13, 10:24pm, George Georgalis wrote:
>} Subject: Fwd: openvpn, no errors but no workie...
>} Maybe I should run this by the kernel list? I think the
>} only option needed for this openvpn configuration is
>} pseudo-device tap? (which is enabled)
>} 
>} // George
>} 
>} ----- Forwarded message from George Georgalis <george%galis.org@localhost> 
>-----
>} 
>} Date: Sun, 13 Jul 2008 21:44:56 -0400
>} From: George Georgalis <george%galis.org@localhost>
>} To: openvpn-users%lists.sourceforge.net@localhost, 
>pkgsrc-users%netbsd.org@localhost
>} Subject: openvpn, no errors but no workie...
>} 
>} I deployed openvpn a few years ago on a FreeBSD box and
>} it has worked flawlessly. But the other day the hardware
>} failed and I put the config and keys on a netbsd-4
>} box. The daemon starts up normal, and clients initialize
>} quickly. It is a tap based vpn, and the route is pushed
>} by the server, but not the gateway or ns.
>} 
>} Besides all the logs not showing errors, the clients do
>} get a proper route added for the remote subnet, eg this
>} IP is on the remote side of the connection:
>} 
>} # route get 192.168.15.1
>}    route to: 192.168.15.1
>} destination: 192.168.15.0
>}        mask: 255.255.255.0
>}   interface: tap0
>}       flags: <UP,DONE,CLONING>
>}  recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     
>expire
>}        0         0         0         0         0         0      1500      
>-122 
>} 
>} the vpn server lan ip and subnet show in my client
>} routing table...
>} 
>} 192.168.15         link#7             UC          1        0   tap0
>} 192.168.15.85      link#7             UHLW        0        0   tap0
>} 
>} and you can see my client connection in the status log
>} 
>} Virtual Address,Common Name,Real Address,Last Ref
>} 
>ae:fa:86:7a:84:a9,George_Georgalis_fuji_2007.07.27.1854.07,70.183.8.249:63779,Sun
> Jul 13 21:33:15 2008
>} 
>} but that's it. no workie. I can't ping the client ip
>} from the cooresponding ipp.txt:
>} 
>} George_Georgalis_fuji_2007.07.27.1854.07,192.168.15.229
>} 
>} (I'm not sure where else I might find that IP on the
>} server, it's not in the arp table), nor can I reach any
>} other ip on the remote subnet, including the server's
>} lan IP.
>} 
>} I've turned off all firewalling and I can reach the
>} private subnet from a shell on the vpn server.
>} 
>} What could be the problem here?
>} 
>} // George
>} 
>} 
>} -- 
>} George Georgalis, information system scientist <IXOYE><
>} 
>} 
>} ----- End forwarded message -----
>} 
>} -- 
>} George Georgalis, information system scientist <IXOYE><
>>-- End of excerpt from George Georgalis
>
>

-- 
George Georgalis, information system scientist <IXOYE><