Re: openvpn 2.0-beta6: problem with ifconfig-pool and pull

Mark,

I tried your config files, Server=Linux, Client=XP-SP1, OpenVPN=2.0-beta6, and
they work fine for me, so I'm not sure what the problem is.

Try an "ipconfig /all" on the client to see what's happening with regards to
the --ifconfig pool address assignment.  Debug output from both sides would be
useful as well.

James

Mark Reidenbach <m.reidenbach@xxxxxxxxxxxxxxxxx> said:

> I tried to switch from openvpn 1.6 to 2.0beta6 yesterday and my windows 
> 2000 vpn client will not assign an ip address when it connects to the 
> server using pull on the client and ifconfig-pool on the server.
> 
> Both my test client and openvpn server are behind cheap broadband 
> firewall/routers.  The client also will not add a route using route 
> 192.168.1.0 255.255.255.0 192.168.2.1, which it would do using version 
> 1.6. The route command doesn't work whether I'm using pull or ifconfig 
> on the client, so I'm beginning to wonder if the problem has something 
> to do with the TAP driver on my client.
> 
> I can get the vpn to function if the client configuration uses ifconfig 
> rather than pull and I manually add the route using the command line on 
> the client.  As soon I try to use push/pull, the vpn seems to fail even 
> if the only thing I try to push/pull is a "ping 10".
> 
> Thanks for any help you can provide.
> Mark Reidenbach
> 
> 
> ---- Server Config ----------
> # Tunnel configuration
> dev tap
> port 5001
> 
> # Tunnel Options
> #mtu-test
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1400
> fragment 1400
> comp-lzo
> 
> # TLS parms
> tls-server
> ca /usr/local/ssl/demoCA/my-ca.crt
> cert /usr/local/ssl/office.crt
> key /usr/local/ssl/office.key
> dh /usr/local/ssl/demoCA/dh2048.pem
> 
> # Tell OpenVPN to be a multi-client udp server
> mode server
> 
> # The server's virtual subnet
> ifconfig 192.168.2.1 255.255.255.0
> 
> # Client configuration
> ifconfig-pool 192.168.2.5 192.168.2.10
> #push "route 192.168.1.0 255.255.255.0 192.168.2.1"
> #push "ip-win32 dynamic 3"
> #push "dhcp-option WINS 192.168.1.150"
> #push "dhcp-option NBT 2"
> 
> # The server doesn't need privileges
> user nobody
> group nobody
> 
> verb 4
> 
> 
> 
> ---- Client Config ----------
> # Tunnel configuration
> dev tap
> remote {public-ip}
> port 5001
> 
> # Tunnel options
> #mtu-test
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix 1400
> fragment 1400
> comp-lzo
> 
> # TLS parms
> tls-client
> ca c:\\certs\\my-ca.crt
> cert c:\\certs\\home.crt
> key c:\\certs\\home.key
> 
> # Client configuration
> #tap-sleep 25
> #ifconfig-nowarn
> pull
> 
> #ifconfig 192.168.2.5 255.255.255.0
> #route 192.168.1.0 255.255.255.0 192.168.2.1
> #ip-win32 dynamic
> #dhcp-option WINS 192.168.1.150
> 
> 
> # Debug Level
> verb 4
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



-- 





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com