[Clug-tech] Still Looking for OpenVPN Help

Jamie Furtner jamie at furtner.ca
Thu Nov 30 19:50:05 PST 2006


Jon wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've come to the conclusion that I've left one very important fact out
> of the description of my problems with OpenVPN. It's entirely logical to
> assume that I'm trying to set up the server on my home network (behind
> my router) in order to access it from other locations. Not true.
>
> Because I have no desire to leave any of my home computers on all day
> long, I use VPSes on the Internet to play with. That's where I want my
> OpenVPN server.
>
> While setting this thing up, I am using my laptop as the client from
> behind my home router and attempting to connect to the OpenVPN server.
> It looks something like this:
>
> Me (192.168.0.103) -> Router (68.145.41.64) -> OpenVPN Server
> (75.126.18.55).
>
> To recap, my problem is that after I connect, I get a slew of these errors:
>
> Thu Nov 30 21:05:16 2006 jonzlaptop/68.145.41.64:34309 MULTI: bad source
> address from client [192.168.0.103], packet dropped
>
> My goal is to connect to my OpenVPN server and then have ALL my traffic
> sent through it and out to the Internet when I am connected. My troubles
> are most frustrating because I know there are 40 bigajillion people on
> the planet who have this simple VPN thing working, but I can't get it to
> happen.
>
> Anyone have any ideas before I throw OpenVPN in the trash and try
> something else?
>
> Thanks!
>
> J
> - --
> Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E
> http://www.jonwatson.ca
> +1.403.875.6048
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFb51z2GF4dw07gT4RAn74AJ4scIKWpcxiF6SrIhBHppBSOIkhJwCbBfFN
> 8eWtzf94GE3lJm4AxSgq50k=
> =MEI3
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> clug-tech mailing list
> clug-tech at clug.ca
> http://clug.ca/mailman/listinfo/clug-tech_clug.ca
>   
Can you ping the VPN endpoints once you connect using their internal 
private IP addresses? Start with your local IP, then try the server's 
VPN IP address.

Is it possible that *all* your traffic (including the VPN connection 
itself) is attempting to be tunneled through the VPN? The 
redirect-gateway directive shouldn't cause that to happen, but step one 
is to verify that you can ping across the tunnel or if it's traffic 
getting out that's the problem.

I use OpenVPN myself and can tunnel all my traffic over it when I need 
to (using the redirect-gateway directive). Here's my client config (note 
it's using TCP as some of the firewalls I'm behind don't allow UDP traffic):
dev tap

cipher BF-CBC

mssfix 1300

client
remote my.openvpn.server 1194
proto tcp-client

ns-cert-type server
key openvpn.key
cert openvpn.crt
ca cacert.crt

comp-lzo
persist-tun
nobind

auto-proxy
redirect-gateway bypass-dhcp bypass-dns
route-gateway a.b.c.200





More information about the clug-tech mailing list