Author Topic: [ SOLVED ] Problem with OpenVPN access... (Read 2949 times)

Gilberto Ferreira · « **on:** July 02, 2013, 01:34:22 am »

Hi friends...

I have set up two Zentyal servers and enable OpenVPN on both sides.
One of the sides, I configure Zentyal as a Server and the other side Zentyal act as a VPN client.
My scenario is pretty simple:

SIDE A:

eth0 - 192.168.1.3 - ADSL
eth1 - 192.168.0.254 - Internal Gateway for LAN with DHCP to windows clients

tun0 - 192.168.161.6

SIDE B:

eth0 - 192.168.1.114 - ADSL
eth1 - 192.168.10.254 - Internal Gateway for a simple Windows XP client

tun0 - 192.168.161.5

After gain VPN connection, I am able to ping to both gateway on both sides.

But, I can ping or access any other resources from clients behind VPN...

Here the logs for SIDE A ( ironman, is the name of server)

Mon Jul 1 20:28:18 2013 MULTI: multi_create_instance called
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Re-using SSL/TLS context
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 LZO compression initialized
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Local Options hash (VER=V4): '530fdded'
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Expected Remote Options hash (VER=V4): '41690919'
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 TLS: Initial packet from [AF_INET]177.16.56.230:43116 (via [AF_INET]192.168.1.3%eth0), sid=6743b87f 2392c734
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 CRL CHECK OK: /O=GTP-VPN/CN=Certification_Authority_Certificate
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 VERIFY OK: depth=1, /O=GTP-VPN/CN=Certification_Authority_Certificate
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 VERIFY X509NAME OK: /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 CRL CHECK OK: /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 VERIFY OK: depth=0, /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 [GTP-FILIAL] Peer Connection Initiated with [AF_INET]177.16.56.230:43116 (via [AF_INET]192.168.1.3%eth0)
Mon Jul 1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI_sva: pool returned IPv4=192.168.161.6, IPv6=3f00::3000:0:143a:78b7
Mon Jul 1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI: Learn: 192.168.161.6 -> GTP-FILIAL/177.16.56.230:43116
Mon Jul 1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI: primary virtual IP for GTP-FILIAL/177.16.56.230:43116: 192.168.161.6
Mon Jul 1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 send_push_reply(): safe_cap=960
Mon Jul 1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 SENT CONTROL [GTP-FILIAL]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.161.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.161.6 192.168.161.5' (status=1)

SIDE B:

Mon Jul 1 20:28:25 2013 ROUTE: default_gateway=UNDEF
Mon Jul 1 20:28:25 2013 TUN/TAP device tun0 opened
Mon Jul 1 20:28:25 2013 TUN/TAP TX queue length set to 100
Mon Jul 1 20:28:25 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul 1 20:28:25 2013 /sbin/ifconfig tun0 192.168.161.6 pointopoint 192.168.161.5 mtu 1500
Mon Jul 1 20:28:26 2013 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.161.5
Mon Jul 1 20:28:26 2013 /sbin/route add -net 192.168.161.1 netmask 255.255.255.255 gw 192.168.161.5
Mon Jul 1 20:28:26 2013 GID set to nogroup
Mon Jul 1 20:28:26 2013 UID set to nobody
Mon Jul 1 20:28:26 2013 Initialization Sequence Completed

I can ping to gatewat at SIDE A from SIDE B, but I can't do the same from SIDE B to SIDE A...

Some one can help me??

Thanks

Gilberto Ferreira · « **Reply #1 on:** July 02, 2013, 04:33:36 am »

Well...

I saw something here....

My both ADSL modem has ip range like 192.168.1.3 on SIDE A and 192.168.1.114 on SIDE B....

Perhaps this misconfiguration affect the VPN??

Gilberto Ferreira · « **Reply #2 on:** July 02, 2013, 10:14:23 pm »

Hi friends...

I solved the problem, changing the IP of the ADSL internet on SIDE B, that was previously the same that SIDE A...

Thanks

Cookies usage

Author Topic: [ SOLVED ] Problem with OpenVPN access... (Read 2949 times)

Gilberto Ferreira

[ SOLVED ] Problem with OpenVPN access...

Gilberto Ferreira

[ SOLVED ] Re: Problem with OpenVPN access...

Gilberto Ferreira

Re: [ SOLVED ] Problem with OpenVPN access...