[lug] OpenVPN second instance on a server not working

Carl Wagner carl.wagner at verbalworld.com
Wed Sep 8 17:30:31 MDT 2010


Hi,

I have having problems getting a second instance of OpenVPN working.
The VPN server is a Linux box.
Server instance 1 works fine. Client1 is a Linux box.  (this is my link 
to configure everything for instance 2 - thus it works fine)

Server instance 2 server 'looks' good.  I get "Initialization Sequence 
Completed"
Client2 connecting to server instance 2 looks good. I get 
"Initialization Sequence Completed"
Client2 is a windows box. (Not sure how to use my Linux box to test this 
without breaking instance 1)

 From the client2 I can ping the local tun interface: 10.0.12.10, but I 
can't ping the other end of the tunnel:10.0.12.1.
Using tcpdump I can see the ICMP request packets come in on the VPN's 
tun1 interface, but no replies.

On the VPN server, I am using the same keys and certificate files for 
both instances - but different ports.
I have unique sets of key/cert files for the clients.

I don't understand why on the VPN server, with a tun interface of 
10.0.12.1, when it receives an ICMP request to 10.0.12.1 that it doesn't 
reply.

I am pretty sure this is a "can't see the forest for the trees" issue, 
but I have been staring at it for to long now.

See config info below.

Any idea what might be wrong?   Let me know if you need any other 
information.

Thanks,
Carl.



Server config of instance one:
=====
port            1194
proto            udp
dev            tun0
ca            ca.crt
cert            vpn.abc.com.crt
key            vpn.abc.com.key
dh            dh2048.pem
server            10.0.11.0            255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive    10    60
tls-auth    tls-auth    0
comp-lzo
user            openvpn
group            openvpn
persist-key
persist-tun
status    /var/log/openvpn-status.log
log-append        /var/log/openvpn.log
verb 4
client-config-dir    clients
chroot            /etc/openvpn/chroot
cd            /etc/openvpn
daemon


Server config for instance two:
=====
port            1294
proto            udp
dev            tun1
ca            /etc/openvpn_instance2/keys/ca.crt
cert            /etc/openvpn_instance2/keys/vpn.abc.com.crt
key            /etc/openvpn_instance2/keys/vpn.abc.com.key
dh            /etc/openvpn_instance2/dh2048.pem
server            10.0.12.0            255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive    10    60
tls-auth    tls-auth    0
comp-lzo
user            openvpn
group            openvpn
persist-key
persist-tun
status    /var/log/openvpn-status_i2.log
log-append        /var/log/openvpn_i2.log
verb 3
client-config-dir    clients
chroot            /etc/openvpn_instance2/chroot
cd            /etc/openvpn_instance2

Client config (on a windows box) using port 1294 (instance 2)
=====
client
dev tun
proto udp
remote x.x.x.x 1294  resolv-retry 1
nobind
persist-key
persist-tun
ca ca.crt
cert cwagnerwork.crt
key cwagnerwork.key
tls-auth tls-auth 1
tls-remote vpn.verbalworld.com
comp-lzo
verb 3


Ifconfig of tun devices:
=====
tun0      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00          inet 
addr:10.0.11.1  P-t-P:10.0.11.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:31056656 errors:0 dropped:0 overruns:0 frame:0
         TX packets:30214363 errors:0 dropped:38 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:2838119644 (2.6 GiB)  TX bytes:2472923755 (2.3 GiB)

tun1      Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00          inet 
addr:10.0.12.1  P-t-P:10.0.12.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:159 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:8100 (7.9 KiB)  TX bytes:0 (0.0 b)


route info (excluding eth device)
=====
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
10.0.12.2       *               255.255.255.255 UH    0      0        0 
tun1
10.0.11.2       *               255.255.255.255 UH    0      0        0 
tun0
10.0.12.0       10.0.12.2       255.255.255.0   UG    0      0        0 
tun1
10.0.11.0       10.0.11.2       255.255.255.0   UG    0      0        0 
tun0





More information about the LUG mailing list