Create openvpn connection
-
WARNING: potential route subnet conflict between local LAN [10.0.0.0/255.255.255.0] and remote VPN [10.0.0.0/255.255.255.0]
I think this is the problem, too.
Connection is established but if you try to ping then there is the route conflict.
use different subnets -
thank's for reply
this openvpn config file
dev tun
persist-tun
persist-key
proto udp
cipher BF-CBC
tls-client
client
resolv-retry infinite
remote my static IP Address 1194
tls-remote openvpntest1
auth-user-pass
pkcs12 jrcfw01-udp-1194.p12
tls-auth jrcfw01-udp-1194-tls.key 1
comp-lzo
and i use the exporter to build the client config
also i use a different subnet but nothing changethanks.
-
Do you still have a route conflict ?
-
Need openvpn server settings.
-
yes i still have conflict route
this's my server settings
server mode : reomte access (ssl/tls + user auth )
backend of authentication : local DB
protocol : udp
device mode : tun
interface : pppoe
local port : 1194
tls authentication : enable
peer certificate authority : vpn
Server Certificate : openvpvtest1 (CA : vpn )*in use
DH Parameters Length : 1024 bit
Encryption algorithm : bf–cbc (128 bit)
Hardware Crypto : no hardware crypto
Tunnel Network : 10.0.1.0/24
Local Network : 10.0.0.0/24
Concurrent connections : 2
Compression : enable
Inter-client communication :
Dynamic IP : enable
Address Pool : enable
thanks.
-
If you still have subnet conflict than you have to solve this first.
you have the same subnet (10.0.0.0/24) on two points.
change this!!! restart openvpn server and try again. -
I solved my conflict problem by check redirect gateway from openvpn server settings
redirect gateway : Force all client generated traffic through the tunnel.
but still can't ping or map my network drive
this my new openvpn log file
Tue Nov 15 13:17:02 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Tue Nov 15 13:17:11 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Nov 15 13:17:11 2011 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Tue Nov 15 13:17:11 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Nov 15 13:17:12 2011 Control Channel Authentication: using 'jrcfw01-udp-1194-tls.key' as a OpenVPN static key file
Tue Nov 15 13:17:12 2011 LZO compression initialized
Tue Nov 15 13:17:12 2011 UDPv4 link local (bound): [undef]:1194
Tue Nov 15 13:17:12 2011 UDPv4 link remote: 212.38.147.97:1194
Tue Nov 15 13:17:12 2011 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Tue Nov 15 13:17:16 2011 [openvpntest1] Peer Connection Initiated with 212.38.147.97:1194
Tue Nov 15 13:17:19 2011 TAP-WIN32 device [Local Area Connection 2] opened: \.\Global{2E40862B-D349-4AC8-977A-C169CB28BF1E}.tap
Tue Nov 15 13:17:19 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.1.6/255.255.255.252 on interface {2E40862B-D349-4AC8-977A-C169CB28BF1E} [DHCP-serv: 10.0.1.5, lease-time: 31536000]
Tue Nov 15 13:17:19 2011 Successful ARP Flush on interface [15] {2E40862B-D349-4AC8-977A-C169CB28BF1E}
Tue Nov 15 13:17:24 2011 Initialization Sequence Completed
any suggestion
thanks. -
Did you create Firewall rules according to the tunnel network (subnet) on the new OpenVPN firewall tab ?
-
on the new openVPN tab I found this rule
protocol source port Destination Port Gateway Queue
* * * * * * none
is this enough ? or I need to add something else.
thanks.
-
This is enough. It allows all traffic from all OpenVPN connections to everywhere.
Can you do a tracert from the OpenVPN Client and check till which point/hop the traffic comes ?
Are you sure that the firewall of the destination's host is correctly configured? Perhaps try with complete turned off firewall first.can you post a screenshot or something else of your network topology ?
-
hello,
thanks for reply, i do nothing on the destination host
should i do something on it ? ;D
-
this's my network environment
office 1
pfsense 2.0-RELEASE (i386)
LAN : 10.0.0.0/24
WAN : 212.38.142.254- i have more than one LAN in this office
office 2
pfsense 2.0-RELEASE (i386)
LAN : 10.0.1.0/24
WAN : 212.38.142.151 -
on office1 you have to:
push "route 10.0.0.0 255.255.255.0";So the client (office2) gets an route through openvpn to your LAN on office1.
If you configured this correct and configured the correct firewall rules on both sites than this should be possible:pfsense (office2) from GUI can ping pfsense (office1) and clients on office1 LAN and vice versa.
So now I am not sure at all but you need additional configuration on the client (office2) so that the LAN(s) behind this router are reachable.
On office1 you could add a client specific override for the client (office2). Add this in advanced options:iroute 10.0.1.0 255.255.255.0;Restart OpenVPN Server (office1) and Client (office2).
But take a look here:
http://forum.pfsense.org/index.php/topic,12888.0.html -
Ok, after a week of this…I may be alone here, but I feel like if we had all the particulars up front, this issue would've been solved several days ago. Lets go back to the beginning... please give us explicit details on what you're trying to do.
At first, it sounded like you were trying to get a road warrior setup going. Now it looks like you may be doing site to site... instead of us speculating and taking pot shots, let us know what you're doing and provide ALL the details so we can help you. Also a network map would be helpful.
-
Okay, it's working now
i change the client machine
thanks for all of youother thing can i make it automatically connect when windows start i mean on startup windows XP ?