openvpn - urgent help requested!
Mike Wright
mike.wright at mailinator.com
Fri Apr 10 22:36:10 UTC 2009
Timothy Murphy wrote:
> Andrew Parker wrote:
>>> What do your routes look like? What are your configs, and how do you
>>> start openvpn?
>
> My server.conf and client.conf are:
> --------------------------------------------
> port 1194
> proto udp
> dev tun
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/server.crt
> key /etc/openvpn/keys/server.key # This file should be kept secret
> dh /etc/openvpn/keys/dh1024.pem
> server 192.168.5.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> keepalive 10 120
> comp-lzo
> persist-key
> persist-tun
> status openvpn-status.log
> verb 3
> --------------------------------------------
> dev tun
> proto udp
> remote www.gayleard.com 1194
> resolv-retry infinite
> persist-key
> persist-tun
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/mary.crt
> key /etc/openvpn/keys/mary.key
> ns-cert-type server
> comp-lzo
> verb 3
> --------------------------------------------
>
> "route -n" on server and client give:
> --------------------------------------------
> Destination Gateway Genmask Flags Metric Ref Iface
> 192.168.5.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
> 192.168.5.0 192.168.5.2 255.255.255.0 UG 0 0 0 tun0
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
> 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
> --------------------------------------------
> Destination Gateway Genmask Flags Metric Ref Iface
> 192.168.5.1 192.168.5.5 255.255.255.255 UGH 0 0 0 tun0
> 192.168.5.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 eth1
> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
> --------------------------------------------
>
> I start openvpn on both machines with "sudo service openvpn restart".
Apology for being a buttinsky. I'm also trying to understand vpn. As I
look through "route -n" much of it makes sense but there is something
unclear. Would you disclose the relevant parts of the file "ipp.txt".
I have a feeling it may be revealing.
ps. thanx for the great info :m)
More information about the fedora-list
mailing list