Hi guys.
I have a box which has two gateways:
-> $ ip ro
default via 10.0.16.1 dev eth2 proto static metric 99
default via 10.0.0.1 dev eth0 proto static metric 100
..
With use of rules I have specific LANs coming in via 10.0.0.1 but OVPN
fails to serve clients.
To be specific when I say 'not working' it's clients who would not
establish successful link to the server.
When 10.0.16.1 absent from routing table - so only one gateway - then
all is good.
Server is behind a NAT. Before I paste rules/route I tried, I wonder -
perhaps there is a simple recipe for dual gateway setup, which I missed?
When clients fails then server logs:
...
10.1.3.144:39293 TLS: Initial packet from [AF_INET]10.1.3.144:39293,
sid=e2741225 c41d5797
MULTI: multi_create_instance called
10.1.3.144:44646 Re-using SSL/TLS context
10.1.3.144:44646 WARNING: normally if you use --mssfix and/or
--fragment, you should also set --tun-mtu 1500 (currently it is 1279)
10.1.3.144:44646 Control Channel MTU parms [ L:1400 D:1184 EF:66 EB:0
ET:0 EL:3 ]
10.1.3.144:44646 Data Channel MTU parms [ L:1400 D:1400 EF:121 EB:369
ET:0 EL:3 ]
10.1.3.144:44646 Local Options String (VER=V4): 'V4,dev-type
tun,link-mtu 1400,tun-mtu 1279,proto UDPv4,keydir 0,cipher
AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
10.1.3.144:44646 Expected Remote Options String (VER=V4): 'V4,dev-type
tun,link-mtu 1400,tun-mtu 1279,proto UDPv4,keydir 1,cipher
AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
10.1.3.144:44646 TLS: Initial packet from [AF_INET]10.1.3.144:44646,
sid=22dcbe21 88e08f6e
10.1.3.144:39293 TLS Error: TLS key negotiation failed to occur within
60 seconds (check your network connectivity)
10.1.3.144:39293 TLS Error: TLS handshake failed
10.1.3.144:39293 SIGUSR1[soft,tls-error] received, client-instance
restarting
...
many thanks, L.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
