Topic: Hans-Cees Speel's openvpn

[compdoc]

I'm in the process of installing your how-to at:

Code: [Select]

http://web.inter.nl.net/users/hanscees/sme7/openvpnsitetositetunnelsme7.html
And I had a question. In the openvpn.up script you mention:

Code: [Select]

#you should add this route in sme7 server-manager or it will dissappear
route add -net 192.168.50.0 netmask 255.255.255.0 gw 192.168.4.2

Where in the server-manager would you add the route? Or do you mean typing this into the shell? Does simply adding it as root make it permanent?

Also, if the route is added permanately, can it be commented out (deleted) from the openvpn.up script?

Thanks for the howto. I'm going to connect a company with three of its warehouses in other states here in the US. They currently use expensive, slow frame relay circuits. The how-to is exactly what I needed after spending a week researching/learning openvpn.

Thanks

[hanscees]

I'm in the process of installing your how-to at:

Code: [Select]

http://web.inter.nl.net/users/hanscees/sme7/openvpnsitetositetunnelsme7.html
And I had a question. In the openvpn.up script you mention:

Code: [Select]

#you should add this route in sme7 server-manager or it will dissappear
route add -net 192.168.50.0 netmask 255.255.255.0 gw 192.168.4.2

Where in the server-manager would you add the route? Or do you mean typing this into the shell? Does simply adding it as root make it permanent?

Also, if the route is added permanately, can it be commented out (deleted) from the openvpn.up script?

Thanks for the howto. I'm going to connect a company with three of its warehouses in other states here in the US. They currently use expensive, slow frame relay circuits. The how-to is exactly what I needed after spending a week researching/learning openvpn.

Thanks

I mean in the server manager you can add a local network with a gateway.

[CharlieBrady]

In the openvpn.up script you mention:

Code: [Select]

#you should add this route in sme7 server-manager or it will dissappear
route add -net 192.168.50.0 netmask 255.255.255.0 gw 192.168.4.2


That section of the script should be removed, and the route added only via the server-manager local networks panel.

[compdoc]

try as might, I just cant get it to work. At various stages, Ive been able to ping both end-points of the tunnel, and the internal network cards of the servers. But I've never been able to ping any workstation on the internal LAN of the server. I just cant get past the tunnel. Prolly a routing issue, but I cant figure it out.

I've gotten a bridge working perfectly, as outlined here:

http://sme.firewall-services.com/downloads/smeserver-openvpn/smeserver-openvpn-bridge_beta1.pdf

and I've tried installing your example twice on fresh copies of SME. Too bad too, as a routed install would have been preferrable to a bridge. But OpenVPN is great in any case.  

[gerd]

There are some hints availible @contribs.org....I guess that something is going wrong with the firewall on the SME Server - might an idea to have a look at the iptables. Also, pls consider the following link:

http://nilz.free.fr/sme/Connexion%20OpenVPN%20Tuneling%20entre%202%20serveurs%20SME7.pdf

Even the language is french these infos might help you. I know fm Nilz that he has faced the same problems as you (pls consult the french contribs), so I think it is worth to have a deeper look at the .pdf file fm Nilz.

Good luck

gerd

[compdoc]

thanks for the replies - got it working. I'll give you the details in a bit...

[compdoc]

I got it working. Had to fix some minor issues like matching mtu settings on the client and server. And if you dont add the tunnel's subnet as a local network in the server-manager correctly, it doesn’t work.

On the server, if you're setting it up for a single client:

#server.conf example
remote 1.2.3.4
ifconfig x.x.x.1  x.x.x.2

Then you need to add a local network into server-manager, like so:

Network address: x.x.x.0 (same subnet as ifconfig above)
Subnet mask: 255.255.255.0
Router: <ip addy of the internal nic of the server>


But, if you are setting it for multiple clients like this:

#server.conf example
mode server
server x.x.x.0 255.255.255.0

Then you have to use a subnet mask of  255.255.255.252 (4 addresses) or 255.255.255.248 (8 addresses, etc),  in the server-manager when you add the local network:

Network address: x.x.x.0 (same subnet as x.x.x.0 above)
Subnet mask: 255.255.255.248
Router: <ip addy of the internal nic of the server>

If you don’t, you get this error when restarting openvpn:

[root@gate1 ~]# service openvpn restart
Shutting down openvpn:                                     [  OK  ]
Starting openvpn: RTNETLINK answers: File exists [  OK  ]

That error might be caused by over-lapping addresses used by Openvpn’s dhcp service for the clients, but for whatever reason, you have to define the amount of ip addresses used.  

Anyway, tiz cool, mon...