It is currently 23.10.2017 20:53


All times are UTC




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Routing problem
PostPosted: 03.04.2010 07:18 
Tripple-DES
Tripple-DES

Joined: 21.09.2009 21:07
Posts: 10
I dunno why, but I've routing problem under one of my client

Code:
OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Sat Apr 03 08:20:15 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Apr 03 08:20:15 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 03 08:20:20 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Apr 03 08:20:20 2010 LZO compression initialized
Sat Apr 03 08:20:20 2010 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 03 08:20:20 2010 Data Channel MTU parms [ L:1578 D:1300 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Apr 03 08:20:20 2010 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Sat Apr 03 08:20:20 2010 Local Options hash (VER=V4): 'd787f9ef'
Sat Apr 03 08:20:20 2010 Expected Remote Options hash (VER=V4): '4283ccb9'
Sat Apr 03 08:20:20 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Apr 03 08:20:20 2010 UDPv4 link local (bound): [undef]:1194
Sat Apr 03 08:20:20 2010 UDPv4 link remote: x.x.x.x:1194
Sat Apr 03 08:20:20 2010 TLS: Initial packet from x.x.x.x:1194, sid=f7ed2281 57f240a6
Sat Apr 03 08:20:21 2010 VERIFY OK: depth=1, /C=SM/O=XX/CN=XX_CA
Sat Apr 03 08:20:21 2010 VERIFY OK: nsCertType=XX
Sat Apr 03 08:20:21 2010 VERIFY OK: depth=0, /C=SM/O=V-Power/CN=x.x.x.x
Sat Apr 03 08:20:23 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 03 08:20:23 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 03 08:20:23 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 03 08:20:23 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 03 08:20:23 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Apr 03 08:20:23 2010 [194.183.86.198] Peer Connection Initiated with x.x.x.x:1194
Sat Apr 03 08:20:25 2010 SENT CONTROL [194.183.86.198]: 'PUSH_REQUEST' (status=1)
Sat Apr 03 08:20:26 2010 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.188.159.1,ping 10,ping-restart 60,ifconfig 10.188.159.18 10.188.159.17'
Sat Apr 03 08:20:26 2010 OPTIONS IMPORT: timers and/or timeouts modified
Sat Apr 03 08:20:26 2010 OPTIONS IMPORT: --ifconfig/up options modified
Sat Apr 03 08:20:26 2010 OPTIONS IMPORT: route options modified
Sat Apr 03 08:20:26 2010 ROUTE default_gateway=192.168.1.1
Sat Apr 03 08:20:26 2010 TAP-WIN32 device [Connessione alla rete locale (LAN) 2] opened: \\.\Global\{7AF5A128-E4D7-4981-A97F-75A964CB8508}.tap
Sat Apr 03 08:20:26 2010 TAP-Win32 Driver Version 9.6
Sat Apr 03 08:20:26 2010 TAP-Win32 MTU=1500
Sat Apr 03 08:20:26 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.188.159.18/255.255.255.252 on interface {7AF5A128-E4D7-4981-A97F-75A964CB8508} [DHCP-serv: 10.188.159.17, lease-time: 31536000]
Sat Apr 03 08:20:26 2010 Successful ARP Flush on interface [14] {7AF5A128-E4D7-4981-A97F-75A964CB8508}
Sat Apr 03 08:20:31 2010 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sat Apr 03 08:20:31 2010 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Sat Apr 03 08:20:31 2010 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.188.159.17
Sat Apr 03 08:20:31 2010 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Apr 03 08:20:31 2010 Route addition via IPAPI succeeded [adaptive]
Sat Apr 03 08:20:31 2010 C:\WINDOWS\system32\route.exe ADD 10.188.159.1 MASK 255.255.255.255 10.188.159.17
Sat Apr 03 08:20:31 2010 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Apr 03 08:20:31 2010 Route addition via IPAPI succeeded [adaptive]
Sat Apr 03 08:20:31 2010 Initialization Sequence Completed


I know there is conflict between local LAN and remote VPN, but always the VPN override the LAN.

But isn't this case, the VPN is covered by LAN, others clients work nice... what i'm missing?

Thank you


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing problem
PostPosted: 04.04.2010 06:29 
Tripple-DES
Tripple-DES

Joined: 21.09.2009 21:07
Posts: 10
Nobody?


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing problem
PostPosted: 04.04.2010 08:11 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hello

Basically there is no (good) way to deal with IP conflicts, except prevention. Change your networks to some rare subnet addresses (e.g. 192.168.152.0/24, 10.33.57.0/24, etc.) and hope that it won't make any trouble. :)

If the client prefers the VPN over LAN, it will most likely lose it's internet connection because the standard gateway is in the LAN. That will lead to a connection drop of OpenVPN. Result: You can't access the VPN. If the client prefers the LAN, it can still access the LAN and the standard gateway. The OpenVPN will stay alive but the result is again: You can't access the VPN.

Actually, there IS a way to get access to both networks (with some limitation). But you will need to insert some additional routes on the conflicting client. However, I would still recommend to change your subnets. Either the one of the client or the server.

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing problem
PostPosted: 04.04.2010 17:32 
Tripple-DES
Tripple-DES

Joined: 21.09.2009 21:07
Posts: 10
Yeah is a pain in the ass change all network subnet... so that I don't understand is why all other client works... I've trouble only with this.

By default (I read somewhere), openvpn doesn't route internet traffic to the vpn gateway, but it alway use the local one...

Anyway I compared the openvpn log of the PCs (one works, one doesn't work)... and are the same... same push route...

I really don't understand what is happening...


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing problem
PostPosted: 05.04.2010 18:42 
Tripple-DES
Tripple-DES

Joined: 21.09.2009 21:07
Posts: 10
I suspect a metric issue...


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net