|
|
Passing remote routes: msg#00468network.openvpn.user
Hello, I'm using OpenVPN 2.0_beta5 and trying to setup a server mode VPN using tap. From a remote laptop, I can ping the VPN endpoints and the internal nic on the Fedora box. I can even ping other vpn clients. But I can't ping my remote nets. laptop endpoint 10.8.0.4 laptop pub ip 4.3.2.1 ---internet--- server pub ip 1.2.3.4 server endpoint 10.8.0.1 *can ping. server priv nic 192.168.10.6 *can ping. internal cisco switch 192.168.10.1 *can't ping whole slew of nets 192.168.20-80.0 *can't ping What am I missing. iroute? I need to use remote control software on the remote nets. Am I pushing the correct gw address to the client? I've also tried connecting with another linux box and get the same behavior. And yes, I plan to generate real certs after I get everything working. Thank you. jeff <at> jeffborders dot com ######################################## # Server openvpn.conf file ######################################## port 5000 dev tap tls-server ca sample-keys/tmp-ca.crt cert sample-keys/server.crt key sample-keys/server.key dh sample-keys/dh1024.pem mode server ifconfig 10.8.0.1 255.255.255.0 ifconfig-pool 10.8.0.4 10.8.0.255 push "route 192.168.10.0 255.255.255.0 10.8.0.1" push "route 192.168.20.0 255.255.255.0 10.8.0.1" push "route 192.168.30.0 255.255.255.0 10.8.0.1" push "route 192.168.40.0 255.255.255.0 10.8.0.1" push "route 192.168.50.0 255.255.255.0 10.8.0.1" push "route 192.168.60.0 255.255.255.0 10.8.0.1" push "route 192.168.70.0 255.255.255.0 10.8.0.1" push "route 192.168.80.0 255.255.255.0 10.8.0.1" client-to-client duplicate-cn ping 10 ping-restart 120 push "ping 10" push "ping-restart 60" user nobody group nobody verb 4 ######################################### # Client openvpn.ovpn file ######################################### port 5000 dev tap remote 1.2.3.4 tls-client ca sample-keys/tmp-ca.crt cert sample-keys/client.crt key sample-keys/client.key pull verb 3 ######################################## # acme.sh in /etc/openvpn on server ######################################## iptables -A INPUT -i tap+ -j ACCEPT ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: maximum performance for 100Mbit/s - how to optimize: 00468, Ralph Paßgang |
|---|---|
| Next by Date: | Re: Passing remote routes: 00468, James Yonan |
| Previous by Thread: | openvpn-2.0_beta6, OpenBSD 3.5i: 00468, Adam Pavelec |
| Next by Thread: | Re: Passing remote routes: 00468, James Yonan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |