[leaf-user] OpenVPN compatibility question

Sat, 12 Aug 2006 08:59:21 -0700 

Hi,

I'm trying to do a simple OpenVPN between a couple of systems, and I'm
having trouble. The tunnel comes up fine according to the OpenVPN logs on
both sides, but they can't ping. Tcpdump -i tun0 on the server while the
client pings shows everything working fine, but tcpdump -i tun0 on the
client shows no traffic at all, zero packets captured (which is obviously
not correct since the server sees the pings and answers them).

Client:
VMWare bridged interface, currently bridged to wireless (host is XP).
LEAF Bering ucLibc 2.2 (2.4.31)
OpenVPN 2.0.6
Shorewall 2.4.2
**openvpn/client.conf
   remote 1.2.3.4
   dev tun
   ifconfig 172.16.42.2 172.16.42.1
   secret static.key
**shorewall/tunnels
    openvpn   net   1.2.3.4
**shorewall/policy
    all   all   accept
**shorewall/interfaces
    net    eth0    detect    dhcp,routefilter
    dmz  eth1    detect    dhcp
    loc    eth2    detect    dhcp
    vpn    tun0    detect    -
**shorewall/zones
    net    Outside    Internet
    dmz   Servers    DMZ
    loc     Clients     Local
    vpn     Home      VPN

Server:
basic physical whitebox (2.6.13-15.10-default)
OpenSuSE 10.0
OpenVPN 2.0.2
Shorewall 3.0.3
**openvpn/server.conf
    dev tun
    ifconfig 172.16.42.1 172.16.42.2
    route 172.16.252.0 255.255.255.0 172.16.42.2
    route 192.168.11.0 255.255.255.0 172.16.42.2
    secret static.key
**shorewall/tunnels
    openvpn       net    0.0.0.0/0
**shorewall/policy
    in              all             ACCEPT
    fw              all             ACCEPT
    vpn             all             ACCEPT
    net             all             DROP            info
    all             all             REJECT          info
**shorewall/interfaces
    net     eth0    detect  norfc1918,nosmurfs
    in  eth1    detect      dhcp
    in  eth2    detect      dhcp
    in  eth3    detect      dhcp
    vpn tun0    detect      -
**shorewall/zones
    net     ipv4
    in      ipv4
    vpn     ipv4
...Server's tcpdump shows:
08:53:19.756950 IP 172.16.42.2 > 172.16.42.1: ICMP echo request, id 22625,
seq 512, length 64
08:53:19.757007 IP 172.16.42.1 > 172.16.42.2: ICMP echo reply, id 22625, seq
512, length 64


Is there something obvious I'm missing? And yes, I know that preshared
static key is not as secure as other options, I'm just keeping it simple
while I troubleshoot this pinging problem.
-- 
"I spent all me tin with the ladies drinking gin,
So across the Western ocean I must wander" -- traditional
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to