Openvpn Fedora tutorial?

Andrew Parker andrewparker at bigfoot.com
Thu Jan 3 07:57:55 UTC 2008


On Jan 2, 2008 8:05 PM, Timothy Murphy <tim at birdsnest.maths.tcd.ie> wrote:
> Andrew Parker wrote:
>
> >> I found when following your suggestion
> >> that there was a typo in /etc/openvpn/server.conf
> >> (I had the wrong location for one of the keys).
> >> When I corrected this, and restarted openvpn on both machines,
> >> everything appeared (from /var/log/messages) to be fine.
> >> I have tun0 on my desktop at 192.168.5.1
> >> and tun0 on my laptop at 192.168.5.6 .
> >>
> >> I guess my question now is rather different -
> >> I'm not sure what I can do with the connection.
> >> I don't seem able to ssh in either direction.
> >> And ping fails in both directions too.
> >
> > for a connectivity test, each node should be able to ping the other.
> > i.e. desktop can ping 192.168.5.6 and laptop can ping 192.168.5.1.
>
> As I mentioned, I cannot ping either openvpn address,
> though I can ping my desktop alfred (in Ireland)
> from my laptop martha (in Italy);
> ---------------------------------
> [tim at martha ~]$ route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.5.5     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
> 192.168.5.0     192.168.5.5     255.255.255.0   UG    0      0        0 tun0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
> 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
> [tim at martha ~]$ ping -v -c2 192.168.5.1
> PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
> >From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
> >From 192.168.5.1 icmp_seq=2 Destination Host Unreachable
> [tim at martha ~]$ ping -v -c2 www.gayleard.com
> PING www.gayleard.com (86.43.71.228) 56(84) bytes of data.
> 64 bytes from 86.43.71.228: icmp_seq=1 ttl=240 time=105 ms
> 64 bytes from 86.43.71.228: icmp_seq=2 ttl=240 time=106 ms
> ---------------------------------
> [tim at alfred ~]$ route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.5.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
> 192.168.5.0     192.168.5.2     255.255.255.0   UG    0      0        0 tun0
> 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth2
> 0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
> [tim at alfred ~]$ ping -v -c2 87.6.120.53
> PING 87.6.120.53 (87.6.120.53) 56(84) bytes of data.
> 64 bytes from 87.6.120.53: icmp_seq=1 ttl=49 time=114 ms
> 64 bytes from 87.6.120.53: icmp_seq=2 ttl=49 time=104 ms
> [tim at alfred ~]$ ping -v -c2 192.168.5.6
> PING 192.168.5.6 (192.168.5.6) 56(84) bytes of data.
> >From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
> >From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
> ---------------------------------

your configs are very similar to mine, apart from a few cosmetic
differences.  ditto for the routing tables.

do you have a firewall at either end?  have you enabled tun+ devices
access?  I have the following in mine, but depending on your f/w you
might want to insert the rules at the beginning rather than append:

    /sbin/iptables --append INPUT    --in-interface tun+ --jump ACCEPT
    /sbin/iptables --append FORWARD  --in-interface tun+ --jump ACCEPT
    /sbin/iptables --append OUTPUT  --out-interface tun+ --jump ACCEPT
    /sbin/iptables --append FORWARD --out-interface tun+ --jump ACCEPT




More information about the fedora-list mailing list