[lug] OpenVPN second instance on a server not working
Carl Wagner
carl.wagner at verbalworld.com
Wed Sep 8 17:30:31 MDT 2010
Hi,
I have having problems getting a second instance of OpenVPN working.
The VPN server is a Linux box.
Server instance 1 works fine. Client1 is a Linux box. (this is my link
to configure everything for instance 2 - thus it works fine)
Server instance 2 server 'looks' good. I get "Initialization Sequence
Completed"
Client2 connecting to server instance 2 looks good. I get
"Initialization Sequence Completed"
Client2 is a windows box. (Not sure how to use my Linux box to test this
without breaking instance 1)
From the client2 I can ping the local tun interface: 10.0.12.10, but I
can't ping the other end of the tunnel:10.0.12.1.
Using tcpdump I can see the ICMP request packets come in on the VPN's
tun1 interface, but no replies.
On the VPN server, I am using the same keys and certificate files for
both instances - but different ports.
I have unique sets of key/cert files for the clients.
I don't understand why on the VPN server, with a tun interface of
10.0.12.1, when it receives an ICMP request to 10.0.12.1 that it doesn't
reply.
I am pretty sure this is a "can't see the forest for the trees" issue,
but I have been staring at it for to long now.
See config info below.
Any idea what might be wrong? Let me know if you need any other
information.
Thanks,
Carl.
Server config of instance one:
=====
port 1194
proto udp
dev tun0
ca ca.crt
cert vpn.abc.com.crt
key vpn.abc.com.key
dh dh2048.pem
server 10.0.11.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 60
tls-auth tls-auth 0
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4
client-config-dir clients
chroot /etc/openvpn/chroot
cd /etc/openvpn
daemon
Server config for instance two:
=====
port 1294
proto udp
dev tun1
ca /etc/openvpn_instance2/keys/ca.crt
cert /etc/openvpn_instance2/keys/vpn.abc.com.crt
key /etc/openvpn_instance2/keys/vpn.abc.com.key
dh /etc/openvpn_instance2/dh2048.pem
server 10.0.12.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 60
tls-auth tls-auth 0
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status_i2.log
log-append /var/log/openvpn_i2.log
verb 3
client-config-dir clients
chroot /etc/openvpn_instance2/chroot
cd /etc/openvpn_instance2
Client config (on a windows box) using port 1294 (instance 2)
=====
client
dev tun
proto udp
remote x.x.x.x 1294 resolv-retry 1
nobind
persist-key
persist-tun
ca ca.crt
cert cwagnerwork.crt
key cwagnerwork.key
tls-auth tls-auth 1
tls-remote vpn.verbalworld.com
comp-lzo
verb 3
Ifconfig of tun devices:
=====
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet
addr:10.0.11.1 P-t-P:10.0.11.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:31056656 errors:0 dropped:0 overruns:0 frame:0
TX packets:30214363 errors:0 dropped:38 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2838119644 (2.6 GiB) TX bytes:2472923755 (2.3 GiB)
tun1 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet
addr:10.0.12.1 P-t-P:10.0.12.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:159 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:8100 (7.9 KiB) TX bytes:0 (0.0 b)
route info (excluding eth device)
=====
Destination Gateway Genmask Flags Metric Ref Use
Iface
10.0.12.2 * 255.255.255.255 UH 0 0 0
tun1
10.0.11.2 * 255.255.255.255 UH 0 0 0
tun0
10.0.12.0 10.0.12.2 255.255.255.0 UG 0 0 0
tun1
10.0.11.0 10.0.11.2 255.255.255.0 UG 0 0 0
tun0
More information about the LUG
mailing list