Hi, d...@quantentunnel.de wrote: > Hello, > > I am currently stuck at configuring OpenVPN and wonder if the following > behavior is supposed to be. Pinging the server from the clients is fine, but > the other way round won't work. No way to ping the clients from the server > I am on OpenBSD 5.2 and OpenVPN 2.2.2. pf on OpenBSD is set to "pass in pass > out". As client I tried Tunnelblick 3.3beta on recent OSX and recent openvpn > packages on pfSense and debian. The behavior was the same on all of them. > Tunnel network is 10.0.1.0/24. Any ideas appreciated. > > if the server can ping a client but that same client cannot ping the server then you're looking at a firewall issue (with 99.9% certainty). The only other thing that could happen is that you *think* you're pinging the client from the server, but in reality you're pinging another host. I'd tackle this problem by running wireshark/tcpdump on both ends and then ping the client from the server and the server from the client - what tcpdump traffic is seen?
HTH, JJK > > === server config === > proto udp > port 444 > dev tun0 > ca /etc/openvpn/ca.crt > cert /etc/openvpn/private/picard.goetzinger.cc.crt > key /etc/openvpn/private/picard.goetzinger.cc.key > dh /etc/openvpn/dh2048.pem > server 10.0.1.0 255.255.255.0 > keepalive 10 120 > comp-lzo > user openvpn > group openvpn > daemon openvpn > persist-key > persist-tun > tls-auth /etc/openvpn/private/ta.key 0 > cipher AES-256-CBC > push "route 10.0.0.0 255.255.255.0" > push "dhcp-option DNS 10.0.0.2" > client-to-client > status /var/log/openvpn-status.log > > === client config === > client > dev tun > proto udp > remote HOSTDNS 444 > resolv-retry infinite > nobind > persist-key > persist-tun > ca ca.crt > cert client.crt > key client.key > tls-auth ta.key 1 > cipher AES-256-CBC > comp-lzo > verb 3 > > === routing table server === > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default static.1.6.9.5.cli UGS 12 889109 - 8 em0 > static.0.6.9.5.cli link#1 UC 1 0 - 4 em0 > static.1.6.9.5.cli 78:fe:3d:47:19:0f UHLc 2 0 - 4 em0 > name1 localhost UGHS 0 0 33196 8 lo0 > 10.0.0/24 link#2 UC 1 0 - 4 em1 > name2 08:00:27:45:c7:c1 UHLc 2 606332 - 4 em1 > 10.0.1/24 10.0.1.2 UGS 0 285890 - 8 tun0 > 10.0.1.2 10.0.1.1 UH 2 0 - 4 tun0 > 10.0.11/24 10.0.1.2 UGS 0 0 - 8 tun0 > 85-126-x-x.work static.1.6.9.5.cli UGHD 2 888959 - L 56 em0 > loopback localhost UGRS 0 0 33196 8 lo0 > localhost localhost UH 7 145056 33196 L 4 lo0 > BASE-ADDRESS.MCAST localhost URS 0 0 33196 8 lo0 > > === routing table client === > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 192.168.1.30 UGSc 133 0 en0 > 10/24 10.0.1.13 UGSc 1 0 tun0 > 10.0.1/24 10.0.1.13 UGSc 1 10 tun0 > 10.0.1.13 10.0.1.14 UH 5 414 tun0 > 127 127.0.0.1 UCS 0 0 lo0 > 127.0.0.1 127.0.0.1 UH 9 88589 lo0 > 169.254 link#4 UCS 1 0 en0 > 169.254.100.100 0:14:6c:90:17:86 UHLSWi 0 0 en0 > 895 > 192.168.1 link#4 UCS 6 0 en0 > 192.168.1.10 link#4 UHRLWIi 0 7 en0 > 192.168.1.30 0:c:29:3f:c7:b6 UHLWIir 133 25 en0 > 1184 > 192.168.1.32 0:c:29:d2:d1:d7 UHLWIi 0 1 en0 > 895 > 192.168.1.167 127.0.0.1 UHS 0 2 lo0 > 192.168.1.181 0:14:6c:90:17:86 UHLWIi 0 0 en0 > 895 > 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en0 > > === ifconfig server === > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196 > priority: 0 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet 127.0.0.1 netmask 0xff000000 > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:50:56:00:2b:26 > priority: 0 > groups: egress > media: Ethernet autoselect (1000baseT full-duplex) > status: active > inet6 fe80::250:56ff:fe00:2b26%em0 prefixlen 64 scopeid 0x1 > inet 5.9.X.X netmask 0xffffffe0 broadcast 5.9.X.X > em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 08:00:27:24:25:b9 > priority: 0 > media: Ethernet autoselect (1000baseT full-duplex) > status: active > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > inet6 fe80::a00:27ff:fe24:25b9%em1 prefixlen 64 scopeid 0x2 > enc0: flags=0<> > priority: 0 > groups: enc > status: active > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196 > priority: 0 > groups: pflog > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 > priority: 0 > groups: tun > status: active > inet 10.0.1.1 --> 10.0.1.2 netmask 0xffffffff > > === ifconfig client === > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 > stf0: flags=0<> mtu 1280 > en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > ether 20:c9:d0:47:33:af > inet6 fe80::22c9:d0ff:fe47:33af%en0 prefixlen 64 scopeid 0x4 > inet 192.168.1.167 netmask 0xffffff00 broadcast 192.168.1.255 > media: autoselect > status: active > p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 > ether 02:c9:d0:47:33:af > media: autoselect > status: inactive > tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 10.0.1.14 --> 10.0.1.13 netmask 0xffffffff > open (pid 80177) > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
