It is currently 21.09.2017 03:19


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Cannot ping server, can ping clients ??
PostPosted: 28.10.2011 14:09 
DES
DES

Joined: 28.10.2011 13:57
Posts: 2
Hello,
i've a problem with configuring my OpenVPN.
My network is:
[subnet 192.168.2...] <> [VPN client 192.168.2.1 (10.8.0.] <net> /eth1/[VPN server 192.168.0.1 (10.8.0.1)]/eth0/ <> [subnet 192.168.0...]

Tunnel is OK. The problem is I cannot access (even ping) my VPN server and all server's subnet computers from client. But I can ping client from server and all server's subnet PCs.
But i can ping server using vpn's virtual IP.
So it is:
client side:
ping 192.168.0.1 = fail
ping 10.8.0.1 = OK

server side:
ping 192.168.2.1 = OK

please help... it's driving me nuts!

Server's iptables:
Code:
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*mangle
:PREROUTING ACCEPT [68232:43165935]
:INPUT ACCEPT [1579:159656]
:FORWARD ACCEPT [66653:43006279]
:OUTPUT ACCEPT [1185:131888]
:POSTROUTING ACCEPT [67701:43129175]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*nat
:PREROUTING ACCEPT [1579:110478]
:POSTROUTING ACCEPT [8:1480]
:OUTPUT ACCEPT [260:17655]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*filter
:INPUT ACCEPT [584:63835]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1185:131888]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT ! -i eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT ! -i eth0 -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -m state --state INVALID -j LOG --log-prefix "INPUT DROP INVALID " --log-tcp-options --log-ip-options
-A INPUT -m state --state INVALID -j DROP
-A FORWARD -d 192.168.0.0/16 -i eth0 -j DROP
-A FORWARD -s 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i eth1 -j ACCEPT
-A FORWARD -m state --state INVALID -j LOG --log-prefix "FORWARD DROP INVALID " --log-tcp-options --log-ip-options
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD ! -i lo -j LOG --log-prefix "FORWARD DROP " --log-tcp-options --log-ip-options
-A OUTPUT -m state --state INVALID -j LOG --log-prefix "OUTPUT DROP INVALID " --log-tcp-options --log-ip-options
COMMIT
# Completed on Fri Oct 28 16:08:03 2011


routes:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
xxx.xxx.xxx.xxx  *               255.255.255.240 U     0      0        0 eth1
192.168.7.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.2.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.16.0    10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.15.0    10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.2.0   10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.9.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
default         xxx.xxx.xxx.xxx 0.0.0.0         UG    0      0        0 eth1



Top
Offline Profile  
Reply with quote  
 Post subject: Re: Cannot ping server, can ping clients ??
PostPosted: 29.10.2011 10:58 
DES
DES

Joined: 28.10.2011 13:57
Posts: 2
SOLVED!!
by adding to openvpn.conf (client):
Code:
ifconfig 10.8.0.2 10.8.0.1

and server's openvpn.conf:
Code:
ifconfig 10.8.0.1 10.8.0.2

from now I can access server and client's subnet.
To connect server's subnet, enable forwarding on server:
Code:
iptables -A FORWARD -i tun0 -j ACCEPT

then restart openvpn.
cheers


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net