Problem on OpenVPN

N

NindyAyuW

FreeBSD ninvpnadm 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64

Hi, I have a problem which I have no idea about

My server 80.42, subnet to use 23.96/24
Code: 
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::20c:29ff:fe25:b90e%tun0 prefixlen 64 scopeid 0x3
        inet 23.97 --> 23.97 netmask 0xfffffff0
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 2318

But on putty client it doesn't show this IP, only one IP from the computer (port 22 open).
Code: 
USER       TTY      FROM                      LOGIN@  IDLE WHAT
a-ha       pts/0    118.10            9:10AM     - w
(csh)
And can only use putty to remote the server (port 22 close).
Code: 
USER       TTY      FROM         LOGIN@  IDLE WHAT
a-ha       pts/0    118.10            9:10AM     - w
a-ha       pts/1    23.98             9:28AM     4 _su (csh)

Code: 
Routing tables
Internet:
Destination        Gateway            Flags      Netif Expire
default            80.1               UGS         em0
127.0.0.1          link#2             UH          lo0
23.96/28           23.97             UGS        tun0
23.97               link#3             UH         tun0
80.0/26             link#1             U           em0
80.48               link#1             UHS         lo0

Code: 
 netstat -rn | fgrep '23.'
23.96/28   23.97            UGS        tun0
23.97      link#3             UH         tun0


Thank you
 
NindyAyuW said:
FreeBSD ninvpnadm 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64

Hi, I have a problem which I have no idea about

My server 80.42, subnet to use 23.96/24
Code: 
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::20c:29ff:fe25:b90e%tun0 prefixlen 64 scopeid 0x3
        inet 23.97 --> 23.97 netmask 0xfffffff0
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 2318
Click to expand...
The VPN netmask you are showing is 23.96/28 (0xfffffff0) and not a /24 (0xffffff00).

NindyAyuW said:
But on putty client it doesn't show this IP, only one IP from the computer (port 22 open).
Code: 
USER       TTY      FROM                      LOGIN@  IDLE WHAT
a-ha       pts/0    118.10            9:10AM     - w
(csh)
And can only use putty to remote the server (port 22 close).
Code: 
USER       TTY      FROM         LOGIN@  IDLE WHAT
a-ha       pts/0    118.10            9:10AM     - w
a-ha       pts/1    23.98             9:28AM     4 _su (csh)
Click to expand...
I'm not entirely sure what you are asking here. What commands are you running or what actions are you taking with Putty? All I can see is the w output with users logged in and I don't understand the context of it.

NindyAyuW said:
Code: 
Routing tables
Internet:
Destination        Gateway            Flags      Netif Expire
default            80.1               UGS         em0
127.0.0.1          link#2             UH          lo0
23.96/28           23.97             UGS        tun0
23.97               link#3             UH         tun0
80.0/26             link#1             U           em0
80.48               link#1             UHS         lo0

Code: 
 netstat -rn | fgrep '23.'
23.96/28   23.97            UGS        tun0
23.97      link#3             UH         tun0


Thank you
Click to expand...

This looks correct for an OpenVPN connection to a /28 that your ifconfig shows.
 
What I'm trying to ask here:
My OpenVPN server still doesn't work as gateway.
I test it with putty to see where the connection come from, and it still use IP from my modem instead of IP from OpenVPN server.
 
Can you provide your OpenVPN config? OpenVPN does not work as a gateway by default. Only connections on the tunnel subnet will be over the VPN initially. You need to push a route to the client for more traffic to use it.
 
I have solved it.
As you said, it doesn't work as gateway by default, so I route my client virtual IP to my server. And now it works.
My client can also connect outside with authentication too.

Thanks anyway.
 
You must log in or register to reply here.
Back
Top