uilli
asked on
OpenVPN: can't ping network computers
I have setup a vpn using OpenVPN. The server side is on a CentOS machine and I'm connecting using a windows client.
I can connect to the VPN without errors but I have two issues.
One is regarding the server side, where I get this error in the openvpn.log file every second.
and this error every minute:
10.0.0.1 is the internal ip of the fortigate firewall. I have disabled the linux firewall and accept all connections between the fortigate and linux pc. I also disabled tls-auth temporarily.
The other issue is when I connect to the vpn from the client, everything runs ok, but I cannot ping any pc in the lan.
here's the configuration files from the server and the client pc, firewall is off in the windows client as well
server
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server-bridge 10.0.0.81 255.255.254.0 10.0.0.82 10.0.0.86
push "route 10.0.0.0 255.255.254.0"
push "dhcp-option DNS 10.0.0.21"
push "dhcp-option DNS 10.0.0.27"
client-to-client
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
client
client
dev tap0
dev-node "OpenVPN"
proto udp
remote 217.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
;tls-auth ta.key 1
comp-lzo
verb 3
I can connect to the VPN without errors but I have two issues.
One is regarding the server side, where I get this error in the openvpn.log file every second.
Mon Sep 20 14:33:39 2010 10.0.0.1:37854 TLS Error: reading acknowledgement record from packet
and this error every minute:
Mon Sep 20 14:43:58 2010 10.0.0.1:38395 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep 20 14:43:58 2010 10.0.0.1:38395 TLS Error: TLS handshake failed
Mon Sep 20 14:43:58 2010 10.0.0.1:38395 SIGUSR1[soft,tls-error] received, client-instance restarting
10.0.0.1 is the internal ip of the fortigate firewall. I have disabled the linux firewall and accept all connections between the fortigate and linux pc. I also disabled tls-auth temporarily.
The other issue is when I connect to the vpn from the client, everything runs ok, but I cannot ping any pc in the lan.
here's the configuration files from the server and the client pc, firewall is off in the windows client as well
server
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server-bridge 10.0.0.81 255.255.254.0 10.0.0.82 10.0.0.86
push "route 10.0.0.0 255.255.254.0"
push "dhcp-option DNS 10.0.0.21"
push "dhcp-option DNS 10.0.0.27"
client-to-client
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
client
client
dev tap0
dev-node "OpenVPN"
proto udp
remote 217.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
;tls-auth ta.key 1
comp-lzo
verb 3
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
actually 10.30.12.82 is the ip assigned to the client of the vpn, shouldn' t the gateway be the openvpn server?
ASKER
[q]Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.45 20
10.30.12.0 255.255.254.0 10.30.12.82 10.30.12.82 30
10.30.12.82 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.0 255.255.255.0 192.168.1.45 192.168.1.45 20
192.168.1.45 255.255.255.255 127.0.0.1 127.0.0.1 20[/q]