David Vernon wrote: >> Is there a good tutorial for openvpn under Fedora? >> I've followed the instructions at >> <http://www.webhostingtalk.com/showthread.php?t=595436> >> but they seem to have made things worse rather than better.. > > snip... > >> >> Is there an openvpn doctor in the house? >> All advice and suggestions gratefully received. > > It would be easier to help if you posted included the contents of your > config files (minus comments). Also the output of "iptables -L" would > be good. Might want to "clean" the ip addrs just to protect the innocent > (though that cat is out of the bag at this point it seems). Thanks very much for your response. I found when following your suggestion that there was a typo in /etc/openvpn/server.conf (I had the wrong location for one of the keys). When I corrected this, and restarted openvpn on both machines, everything appeared (from /var/log/messages) to be fine. I have tun0 on my desktop at 192.168.5.1 and tun0 on my laptop at 192.168.5.6 . I guess my question now is rather different - I'm not sure what I can do with the connection. I don't seem able to ssh in either direction. And ping fails in both directions too. Here are my server.conf and client.conf : ------------------------------ ;local a.b.c.d port 1194 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /usr/local/openvpn/keys/dh1024.pem ;server 10.8.0.0 255.255.255.0 server 192.168.5.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway" ;push "dhcp-option DNS 10.8.0.1" ;push "dhcp-option WINS 10.8.0.1" client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo ;max-clients 100 ;user nobody ;group nobody persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20 ------------------------------ client ;dev tap dev tun ;dev-node MyTap ;proto tcp proto udp remote www.gayleard.com 1194 ;remote my-server-2 1194 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/martha.crt key /etc/openvpn/keys/martha.key ;ns-cert-type server ;tls-auth ta.key 1 ;cipher x comp-lzo verb 3 ;mute 20 ------------------------------ I don't think there can be anything wrong with my firewall, or I wouldn't have got this far. But I am use shorewall on my desktop, with the two added lines in /etc/shorewall/rules ------------------------------ ACCEPT net $FW udp 1194 ACCEPT $FW net udp 1194 ------------------------------ Again, any help or advice gratefully received. -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
