On Jan 2, 2008 8:05 PM, Timothy Murphy <tim@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Andrew Parker wrote:
>
> >> I found when following your suggestion
> >> that there was a typo in /etc/openvpn/server.conf
> >> (I had the wrong location for one of the keys).
> >> When I corrected this, and restarted openvpn on both machines,
> >> everything appeared (from /var/log/messages) to be fine.
> >> I have tun0 on my desktop at 192.168.5.1
> >> and tun0 on my laptop at 192.168.5.6 .
> >>
> >> I guess my question now is rather different -
> >> I'm not sure what I can do with the connection.
> >> I don't seem able to ssh in either direction.
> >> And ping fails in both directions too.
> >
> > for a connectivity test, each node should be able to ping the other.
> > i.e. desktop can ping 192.168.5.6 and laptop can ping 192.168.5.1.
>
> As I mentioned, I cannot ping either openvpn address,
> though I can ping my desktop alfred (in Ireland)
> from my laptop martha (in Italy);
> ---------------------------------
> [tim@martha ~]$ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.5.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
> 192.168.5.0 192.168.5.5 255.255.255.0 UG 0 0 0 tun0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
> [tim@martha ~]$ ping -v -c2 192.168.5.1
> PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
> >From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
> >From 192.168.5.1 icmp_seq=2 Destination Host Unreachable
> [tim@martha ~]$ ping -v -c2 www.gayleard.com
> PING www.gayleard.com (86.43.71.228) 56(84) bytes of data.
> 64 bytes from 86.43.71.228: icmp_seq=1 ttl=240 time=105 ms
> 64 bytes from 86.43.71.228: icmp_seq=2 ttl=240 time=106 ms
> ---------------------------------
> [tim@alfred ~]$ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.5.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
> 192.168.5.0 192.168.5.2 255.255.255.0 UG 0 0 0 tun0
> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
> 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
> [tim@alfred ~]$ ping -v -c2 87.6.120.53
> PING 87.6.120.53 (87.6.120.53) 56(84) bytes of data.
> 64 bytes from 87.6.120.53: icmp_seq=1 ttl=49 time=114 ms
> 64 bytes from 87.6.120.53: icmp_seq=2 ttl=49 time=104 ms
> [tim@alfred ~]$ ping -v -c2 192.168.5.6
> PING 192.168.5.6 (192.168.5.6) 56(84) bytes of data.
> >From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
> >From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
> ---------------------------------
your configs are very similar to mine, apart from a few cosmetic
differences. ditto for the routing tables.
do you have a firewall at either end? have you enabled tun+ devices
access? I have the following in mine, but depending on your f/w you
might want to insert the rules at the beginning rather than append:
/sbin/iptables --append INPUT --in-interface tun+ --jump ACCEPT
/sbin/iptables --append FORWARD --in-interface tun+ --jump ACCEPT
/sbin/iptables --append OUTPUT --out-interface tun+ --jump ACCEPT
/sbin/iptables --append FORWARD --out-interface tun+ --jump ACCEPT
