News: This forum is now permanently frozen.
Pages: [1]
Topic: OpenVPN and ping  (Read 1781 times)
« on: May 05, 2008, 15:03:46 »
Jackill *
Posts: 1

Hi all
I'm sorry in advance, behind my English.
Shall I question as to problem with ping, when is client appendant to server, and cannot ping another's client.
Acts about it, that the shall we three practically same VPN (same configuration).
In one’s to us works everything without problems. It makes no odds, what system client has (Windows XP, or Vista). Ping works without any difficulty and all client sees each other.
But on two to us without any difficulty work only client with Windows XP. At the moment of, when has client Windows Vista, so ping anybody and anybody ping his. Sign on to VPN will pass without any difficulty and everything functions just as has. Client ping server and server ping client. But for other there is no and they there is no to him.
I hope, that the am it described enough, join on needed information, perhaps be not good for anything open-type substation.
In advance thank you for help.
 
OUTPUT TCPDUMP (network activity):
 
20:22:18.720375 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:19.721475 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:20.713851 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:21.669282 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:22.669308 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:23.708994 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:24.669071 arp who-has 10.10.2.14 tell 10.10.2.12
20:22:25.723137 arp who-has 10.10.2.14 tell 10.10.2.12
 
 
 
CONFIGURATION SERVER
 
dev tap2
local xx.xx.xx.xx
 
#--nastaveni IP pro tento VPN server
ifconfig 10.10.2.254 255.255.255.0
 
#--vytvorit pull adres pro klienty
ifconfig-pool 10.10.2.10 10.10.2.100 255.255.255.0
push "route 10.10.2.0 255.255.255.0"
push "route xx.xx.xx.xx" 
push "route-gateway 10.10.2.254"
 
 
#-- kazdy klient by mel dostavat IP automaticky
#client-config-dir /etc/openvpn-intra/users2
#client-to-client
 
#--povolit pristup klientu se stejnym common name
#duplicate-cn
 
# Mode
mode server
 
# SSL/TLS key change role
tls-server
 
# Diffie-Hellman Parameters (tls-server only)
dh ./keys2/dh1024.pem
ca ./keys2/phc-openvpn2-ca.pem
cert ./keys2/phc-openvpn2-server.pem
key ./keys2/phc-openvpn2-server.pem
tls-auth ./keys2/tls-auth.key 0
 
crl-verify ./keys2/ca.crl
 
# Port running
port 1196
 
# User and group to be after initialize
user nobody
group nobody
 
# Fast compression
comp-lzo
tun-mtu 1500
mssfix 1400
replay-window 128 30
 
persist-tun
persist-key
 
persist-local-ip
persist-remote-ip
 
mute-replay-warnings
 
push "inactive 900"
keepalive 60 180
status /etc/openvpn-intra/status2.log
status-version 2
# Verbosity level.
verb 3
 
#learn-address ./logger2.sh
 
#chroot /etc/openvpn/chroot
log-append /var/log/openvpn-intra2/openvpn.log
 
 
 
ROUTE TABLE
 
10.10.2.0/24 dev tap2 proto kernel scope link src 10.10.2.254
169.254.0.0/16 dev eth0 scope link
default via xx.xx.xx.xx dev eth0



CONFIGURATION CLIENT

dev tap
remote xxx                                         

port 1195
#port 1196

pull                                 
tls-client


# certificate
xxx

tls-auth tls-auth.key 1


comp-lzo                                                                       
tun-mtu 1500

ping 15
ping-restart 45
ping-timer-rem       
persist-tun
persist-key

verb 3
« Reply #1 on: May 08, 2008, 20:07:32 »
dusan *
Posts: 8

Quote
Hi all
I'm sorry in advance, behind my English.
Shall I question as to problem with ping, when is client appendant to server, and cannot ping another's client.
Acts about it, that the shall we three practically same VPN (same configuration).
In one’s to us works everything without problems. It makes no odds, what system client has (Windows XP, or Vista). Ping works without any difficulty and all client sees each other.
But on two to us without any difficulty work only client with Windows XP. At the moment of, when has client Windows Vista, so ping anybody and anybody ping his. Sign on to VPN will pass without any difficulty and everything functions just as has. Client ping server and server ping client. But for other there is no and they there is no to him.
I hope, that the am it described enough, join on needed information, perhaps be not good for anything open-type substation.
In advance thank you for help.

Pls do not use automated translators, as they are bad. Rather, try to write your question yourself, in some simple form of English.
(Nepouzivejte prosim strojove prekladace. Ty jsou spatne. Radsi se snazte napsat svuj dotaz sam/-a, byt v nejake jednoduche forme anglickeho jazyka.)

 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines