[TriLUG] Cross-post: OpenVPN problem: no route to host

Josh Vickery josh at vickeryj.com
Tue Jun 6 08:47:46 EDT 2006


Could you share the routing tables on both the XP OpenVPN client and
the Fedora OpenVPN server?

The OpenVPN wiki has been down for quite some time, but when it was up
a wrote a up a howto to setup bridge mode with a Debian client and
server.  The actual commands won't apply, but I found some things that
weren't in the Bridge howto during my install, and I added them to the
howto I wrote.  Since the wiki is down, here is a copy I made of
Google's cache of the wiki when it was up:

http://vickeryj.freeshell.org/notes/open_vpn_howto.htm

Josh

On 6/2/06, Jason <jason at monsterjam.org> wrote:
> sounds like youre using transport mode instead of tunnel mode.
> either that, or you need to add a some routes for the remote networks
> after you connect.
>
> Jason
>
> On Fri, Jun 02, 2006 at 01:15:16PM -0400, Brian Henning wrote:
> > Hi Gang,
> >   Throwing more hooks in more ponds in hopes of getting more help
> > faster..  I posted this message to the openvpn-users list as well;
> > apologies to members of both lists who see this twice.
> >
> > Anyway...
> >
> >    I've just recently (read: yesterday!) set up OpenVPN in bridging mode
> > on a Fedora Core 3 server, connecting a single remote XP Pro client
> > computer into our main network.  I've followed the HOWTO, and read the
> > Bridging Mini-HOWTO, as well as the FAQs, and am left with a problem.
> >
> > Both the server and client OpenVPN instances appear to start up and
> > handshake without problem.  Once the connection is established, I can
> > ping all over the place, both from the client to any host on the main
> > network, and from any host on the main network to the remote client.
> >
> > Then the problems start.  I can (apparently) establish TCP connections
> > to various services running on the server itself (the one that also
> > serves the OpenVPN connection), and from the server back to the client.
> >   What I can't seem to do is establish TCP connections to other machines
> > on the network from the client, or from other machines on the network
> > back to the client.
> >
> > Here's some background info and examples of my problem.
> >
> > Server: 192.168.1.125
> >    - tap0 interface is wide open firewall-wise, and
> >    - tap0 is bridged with eth0 on bridge device br0
> > My workstation: 192.168.1.32
> > Another subnet host running a custom service: 192.168.1.44
> > Local IP assigned to remote VPN client: 192.168.1.200
> >
> >
> > (on the server itself)
> > % rdesktop 192.168.1.200
> > ...works perfectly
> >
> > (on my workstation)
> > % ping 192.168.1.200
> >   .. successful ping stats ..
> > % rdesktop 192.168.1.200
> > ERROR: connect: No route to host
> >
> > (on remote client)
> > C:\> telnet 192.168.1.125 25
> > ... successful conversation with SMTP running on server ...
> > C:\> telnet 192.168.1.44 9090
> > Connecting To 192.168.1.44...Could not open connection to the host, on
> > port 9090: Connect failed
> >
> >
> > The confounding factor is I CAN apparently successfully establish an SSH
> > session from remote client to any ssh-serving host on the local network,
> > and isn't SSH a TCP connection?  I'm not sure what's going wrong here.
> >
> > I can also NET VIEW a small handful of the machines on the local net
> > from the client, but far fewer than from any random local machine,
> > getting System Error 5 from most hosts.
> >
> > Clearly I'm running into holes in my understanding of how these
> > networking things all work together.  It's probably some small
> > firewalling or configuration issue I'm missing..  I'll be happy to
> > supply configs and log output upon request.
> >
> >
> > Tremendous thanks in advance for the kind assistance!
> >
> > Cheers,
> > ~Brian
> >
> > -- ---------------- Brian A. Henning strutmasters.com 336.597.2397x238
> > ---------------- _______________________________________________
> > Openvpn-users mailing list Openvpn-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > --
> > ----------------
> > Brian A. Henning
> > strutmasters.com
> > 336.597.2397x238
> > ----------------
> > --
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
> --
> ================================================
> |    Jason Welsh   jason at monsterjam.org        |
> | http://monsterjam.org    DSS PGP: 0x5E30CC98 |
> |    gpg key: http://monsterjam.org/gpg/       |
> ================================================
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list