Andrew Parker wrote: >> Just to follow up on myself - I'm in Italy now, >> and everything works fine _except_ VPN. >> I can ssh into my home server, get IMAP email from it, >> and generally interact with it as I do at home, >> >> If I ssh into my home server, ifconfig gives: >> -------------------------------------------- >> tun0 Link encap:UNSPEC HWaddr >> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >> inet addr:192.168.5.1 P-t-P:192.168.5.2 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >> RX packets:9 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:100 >> RX bytes:756 (756.0 b) TX bytes:1008 (1008.0 b) >> -------------------------------------------- >> while ifconfig on my laptop gives >> -------------------------------------------- >> tun0 Link encap:UNSPEC HWaddr >> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >> inet addr:192.168.5.6 P-t-P:192.168.5.5 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >> RX packets:3 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:100 >> RX bytes:336 (336.0 b) TX bytes:252 (252.0 b) >> -------------------------------------------- >> As I point out, the P-t-P addresses are different - >> I don't know if that is significant. > this is normal. > > What do your routes look like? What are your configs, and how do you > start openvpn? My server.conf and client.conf are: -------------------------------------------- port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /etc/openvpn/keys/dh1024.pem server 192.168.5.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 -------------------------------------------- dev tun proto udp remote www.gayleard.com 1194 resolv-retry infinite persist-key persist-tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/mary.crt key /etc/openvpn/keys/mary.key ns-cert-type server comp-lzo verb 3 -------------------------------------------- "route -n" on server and client give: -------------------------------------------- Destination Gateway Genmask Flags Metric Ref Iface 192.168.5.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.5.0 192.168.5.2 255.255.255.0 UG 0 0 0 tun0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 -------------------------------------------- Destination Gateway Genmask Flags Metric Ref Iface 192.168.5.1 192.168.5.5 255.255.255.255 UGH 0 0 0 tun0 192.168.5.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 -------------------------------------------- I start openvpn on both machines with "sudo service openvpn restart". The server is running Centos-5.3, the client Fedora-10. I don't see anything in /var/log/messages on either machine to suggest that anything is wrong. > do you have a firewall running? I do have shorewall running on the server. But I have a rule to allow udp packets in and out through port 1194: -------------------------------------------- ACCEPT net $FW udp 1194 # OpenVPN ACCEPT $FW net udp 1194 # OpenVPN -------------------------------------------- I have a pinhole on my ADSL modem at home allowing these packets through. As I said earlier, openvpn did work on a previous visit. That was with a different server, running Fedora-9. But I'm pretty sure I have not altered the modem. As always, any and all enlightenment gratefully received. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
