From owner-freebsd-questions@FreeBSD.ORG Wed Jun 11 17:30:14 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39474106567B for ; Wed, 11 Jun 2008 17:30:14 +0000 (UTC) (envelope-from andrewberry@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.freebsd.org (Postfix) with ESMTP id D38F78FC1B for ; Wed, 11 Jun 2008 17:30:13 +0000 (UTC) (envelope-from andrewberry@sentex.net) Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by smarthost2.sentex.ca (8.14.2/8.14.2) with ESMTP id m5BGsnr4036307; Wed, 11 Jun 2008 12:54:49 -0400 (EDT) (envelope-from andrewberry@sentex.net) Received: from [192.168.0.137] (p188ds3inxs.xDSL-1mm.sentex.ca [67.43.135.189]) by smtp1.sentex.ca (8.14.2/8.14.2) with ESMTP id m5BGsmKv064514; Wed, 11 Jun 2008 12:54:48 -0400 (EDT) (envelope-from andrewberry@sentex.net) Message-ID: <4850034B.607@sentex.net> Date: Wed, 11 Jun 2008 12:54:35 -0400 From: Andrew Berry User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: =?windows-1252?Q?Nejc_=8Akoberne?= References: <4AF0C677-6628-49A6-BDD8-F5620CBF05F1@sentex.net> <484D895A.4050300@skoberne.net> <484E26FD.4080605@skoberne.net> In-Reply-To: <484E26FD.4080605@skoberne.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV 0.93/7040/Mon May 5 21:52:15 2008 clamav-milter version 0.93 on clamscanner1 X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.64 on 205.211.164.50 Cc: User Questions Subject: Re: Openvpn on FreeBSD 7 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2008 17:30:14 -0000 On 10-Jun-08, at 3:02 AM, Nejc Škoberne wrote: > Actually I don't think you can do the same thing with a tunnel. You have > to use a different IP addresses for the tunnel itself. Have you read the > OpenVPN manual? Yes, I should have been clearer: With a tunnel, I can still push routes and DNS, as long as I'm willing to sacrifice the same IP address. >> Yes, I did: 'tcpdump -i tun0'. Nothing shows up on the server, but on >> the client (OS X) I can see the pings being sent. > This means that there is a problem with the OpenVPN connection. Can > you show > the tail of your logs on both sides? Here's what I found: Wed Jun 11 12:49:46 2008 client1/192.168.0.1:53237 MULTI: Learn: 10.8.0.6 -> client1/192.168.0.1:53237 Wed Jun 11 12:49:46 2008 client1/192.168.0.1:53237 MULTI: primary virtual IP for client1/192.168.0.1:53237: 10.8.0.6 This was interesting since that IP wasn't being set by the client. I'd been manually setting it to 10.8.0.2, which caused this: Wed Jun 11 12:50:04 2008 client1/192.168.0.1:53237 MULTI: bad source address from client [10.8.0.2], packet dropped Wed Jun 11 12:50:05 2008 client1/192.168.0.1:53237 MULTI: bad source address from client [10.8.0.2], packet dropped Wed Jun 11 12:50:06 2008 client1/192.168.0.1:53237 MULTI: bad source address from client [10.8.0.2], packet dropped Wed Jun 11 12:50:07 2008 client1/192.168.0.1:53237 MULTI: bad source address from client [10.8.0.2], packet dropped Changing it to 10.8.0.6 allowed the VPN to work over the tunnel. I could access the VPN server on .1. Bridging still doesn't work - and I don't see any traffic over the interface either. Unfortunately, my laptop's network card just kicked the dust so it's going in for servicing. I might test it out using the Windows client on my desktop, but since it's inside the network all ready I imagine it would be much harder to test. >> proto tcp > > Why are you using TCP anyway? I'd been having problems with UDP and QoS a long time ago. I just hadn't bothered to change it since it was working. Thanks, --Andrew