[juneau-lug] Re: OpenVPN continued...
- From: James Zuelow <e5z8652@xxxxxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Mon, 24 Jul 2006 07:05:59 -0800
> >
> > On the OpenVPN installation I set up at work, all OpenVPN tunnels had a=
netmask of 255.255.255.252 - a small, two host network, just server and cl=
ient. =A0All of the normal, unencrypted interfaces the tun interfaces piggy=
backed on had normal, legal netmasks. =A0Not one 255.255.255.255 anywhere.
> >
> > Cheers,
> >
> > James
OK, Kevin I spent some time Sunday playing with this again.
I re-did my OpenVPN setup to mirror yours, with the exception that I didn't=
use a default route. =A0Instead, I just mapped a class C over. =A0So I did=
a one-server to many-clients setup.
Just like you, OpenVPN filled up my routing table with 255.255.255.255 entr=
ies. =A0Odd. =A0It weren't that way with the static key setup, where they w=
ere 255.255.255.252 routes. =A0
Did some very basic research that I should have done before and I guess tha=
t all point to point interfaces use these maps. =A0Something I never though=
t about, even though I've seen my share of pptp connections before. =A0The =
software handles routing on either end, not the kernel. =A0(I guess learnin=
g networking with a cable modem instead of DSL has it's drawbacks.)
=46or a time I had a similar problem as you do - the OpenVPN tunnel would c=
ome up, but no packets would go over the tunnel. =A0That was because my ser=
ver did not have a valid route back to the client. =A0I think this is the s=
ame thing you are seeing since when you provide an alternate path (plugging=
the cable in), the tunnel suddenly works.
So: pf on the server, route tables on the server, or else a firewall on the=
client.
One other thing to look at - in my configs I use "device tun" and you use "=
device tun0".
Cheers,
James
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
