[Clug-tech] Still Looking for OpenVPN Help

Jon me at jonwatson.ca
Thu Nov 30 20:14:50 PST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Jamie,

Mine is largely the same as yours and I've tried the ones that are
missing or different on my end and get the same result. About the only
major difference is that you're using tap and I'm using tun. I admit to
not really understanding the difference even after reading about them,
so perhaps therein lies the problem.

Since my first post, I have discovered something. Don't know if it's
good or bad, but I changed my 'client-config-directory ccd' to
'client-config-directory /etc/openvpn/ccd'. I no longer get the dropped
packets message which leads me to believe that the client config file in
my ccd directory wasn't being read at all prior to this.

It's nice that the dropped packets message is gone, but now I get no
messages and still no traffic. Not sure what's going on now.

When connected, my client is 10.8.0.6 and my server is 10.8.0.1. I can
ping the server from the client and vice versa with those IP addresses.
I think that means my connect is good, there's just something weird with
my routing.

The connect looks so good, though. There's even a line that reads:

Thu Nov 30 22:12:23 2006 jonzlaptop/68.145.41.64:47767 MULTI: Learn:
192.168.0.103 -> jonzlaptop/68.145.41.64:47767

Which is exactly true...

Confuzzled...

J

Jamie Furtner wrote:
> Jon wrote:
> I've come to the conclusion that I've left one very important fact out
> of the description of my problems with OpenVPN. It's entirely logical to
> assume that I'm trying to set up the server on my home network (behind
> my router) in order to access it from other locations. Not true.
> 
> Because I have no desire to leave any of my home computers on all day
> long, I use VPSes on the Internet to play with. That's where I want my
> OpenVPN server.
> 
> While setting this thing up, I am using my laptop as the client from
> behind my home router and attempting to connect to the OpenVPN server.
> It looks something like this:
> 
> Me (192.168.0.103) -> Router (68.145.41.64) -> OpenVPN Server
> (75.126.18.55).
> 
> To recap, my problem is that after I connect, I get a slew of these errors:
> 
> Thu Nov 30 21:05:16 2006 jonzlaptop/68.145.41.64:34309 MULTI: bad source
> address from client [192.168.0.103], packet dropped
> 
> My goal is to connect to my OpenVPN server and then have ALL my traffic
> sent through it and out to the Internet when I am connected. My troubles
> are most frustrating because I know there are 40 bigajillion people on
> the planet who have this simple VPN thing working, but I can't get it to
> happen.
> 
> Anyone have any ideas before I throw OpenVPN in the trash and try
> something else?
> 
> Thanks!
> 
> J
>>
_______________________________________________
clug-tech mailing list
clug-tech at clug.ca
http://clug.ca/mailman/listinfo/clug-tech_clug.ca

> Can you ping the VPN endpoints once you connect using their internal 
> private IP addresses? Start with your local IP, then try the server's 
> VPN IP address.

> Is it possible that *all* your traffic (including the VPN connection 
> itself) is attempting to be tunneled through the VPN? The 
> redirect-gateway directive shouldn't cause that to happen, but step one 
> is to verify that you can ping across the tunnel or if it's traffic 
> getting out that's the problem.

> I use OpenVPN myself and can tunnel all my traffic over it when I need 
> to (using the redirect-gateway directive). Here's my client config (note 
> it's using TCP as some of the firewalls I'm behind don't allow UDP traffic):
> dev tap

> cipher BF-CBC

> mssfix 1300

> client
> remote my.openvpn.server 1194
> proto tcp-client

> ns-cert-type server
> key openvpn.key
> cert openvpn.crt
> ca cacert.crt

> comp-lzo
> persist-tun
> nobind

> auto-proxy
> redirect-gateway bypass-dhcp bypass-dns
> route-gateway a.b.c.200



> _______________________________________________
> clug-tech mailing list
> clug-tech at clug.ca
> http://clug.ca/mailman/listinfo/clug-tech_clug.ca

- --
Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E
http://www.jonwatson.ca
+1.403.875.6048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFb6wE2GF4dw07gT4RAlsPAKCathac2Wo9hbJn4QY27yiTjnTU9QCfbyMV
UPZR9mBWCtzsLTkeqahpfaQ=
=DmNf
-----END PGP SIGNATURE-----

More information about the clug-tech mailing list