OpenVPN: can't ping network computers

I have setup a vpn using OpenVPN. The server side is on a CentOS machine and I'm connecting using a windows client.
I can connect to the VPN without errors but I have two issues.

One is regarding the server side, where I get this error in the openvpn.log file every second.

Mon Sep 20 14:33:39 2010 10.0.0.1:37854 TLS Error: reading acknowledgement record from packet

and this error every minute:

Mon Sep 20 14:43:58 2010 10.0.0.1:38395 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep 20 14:43:58 2010 10.0.0.1:38395 TLS Error: TLS handshake failed
Mon Sep 20 14:43:58 2010 10.0.0.1:38395 SIGUSR1[soft,tls-error] received, client-instance restarting



10.0.0.1 is the internal ip of the fortigate firewall. I have disabled the linux firewall and accept all connections between the fortigate and linux pc. I also disabled tls-auth temporarily.

The other issue is when I connect to the vpn from the client, everything runs ok, but I cannot ping any pc in the lan.

here's the configuration files from the server and the client pc, firewall is off in the windows client as well

server

port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server-bridge 10.0.0.81 255.255.254.0 10.0.0.82 10.0.0.86
push "route 10.0.0.0 255.255.254.0"
push "dhcp-option DNS 10.0.0.21"
push "dhcp-option DNS 10.0.0.27"
client-to-client
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3

client

client
dev tap0
dev-node "OpenVPN"
proto udp
remote 217.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
;tls-auth ta.key 1
comp-lzo
verb 3
uilliAsked:
Who is Participating?
 
McNeticConnect With a Mentor Commented:
For the pinging problem: The lan pcs also have to know how to reach the vpn clients; either by setting an explicit route on them for the client network to point to the vpn gateway, or by setting a route to the client network on the default gateway of the lan (in this case all packets will take 1 more hop).
Next, the vpn gateway must also have ip forwarding enabled.
0
 
uilliAuthor Commented:
Is it correct that the gw for the vpn client is the openvpn server?
[q]Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.45       20
       10.30.12.0    255.255.254.0      10.30.12.82     10.30.12.82       30
      10.30.12.82  255.255.255.255        127.0.0.1       127.0.0.1       30
    192.168.1.0    255.255.255.0     192.168.1.45    192.168.1.45       20
     192.168.1.45  255.255.255.255        127.0.0.1       127.0.0.1       20[/q]




0
 
uilliAuthor Commented:
actually 10.30.12.82 is the ip assigned to the client of the vpn, shouldn' t the gateway be the openvpn server?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.