BUG? OpenVPN static vs OpenVPN dynamic – routing issue

Home Page Forums Network Management ZeroShell BUG? OpenVPN static vs OpenVPN dynamic – routing issue

This topic contains 0 replies, has 0 voices, and was last updated by  miketheknife 8 years, 10 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #42584

    miketheknife
    Member

    Hello Community,

    I have two networks with zeroshell 1.0.beta13 on each end (i tried with 1.0.beta12 with the same results) , and want to have a VPN between those. A straight forward LAN-TO-LAN VPN:

    SITE1:
    ETH1 (LAN): 192.168.1.1 / 255.255.255.0
    ETH2 (WAN): static address / static default gateway (static ADSL)
    VPN00: 10.11.10.1 / 255.255.255.252
    Static Route: 192.168.2.0 -> 10.11.10.2
    Testlaptop (LAN): 192.168.1.10

    SITE2:
    ETH1 (LAN): 192.168.2.1 / 255.255.255.0
    ETH2 (WAN): static address / static default gateway (static ADSL)
    VPN00: 10.11.10.2 / 255.255.255.252
    Static Route: 192.168.1.0 -> 10.11.10.1
    Testlaptop (LAN): 192.168.2.10

    I start my zeroshell, vpn comes up and everything works! pinging (from my testlaptop on both ends) the end of the VPN tunnels, pinging the other sides LAN interface, pinging the other sides testlaptop all works like it should.

    === so far so good ===

    now i try the following, instead of a static IP on the WAN side, i use a dynamic address (dhcp enable on WAN interface) from my cablemodem. I adjust the remote address in the vpn config to the dynamic hostname (and yes i have set up the Dynamic DNS and ckecked the addresses before testing). All the other settings stay the same.

    SITE1:
    ETH1 (LAN): 192.168.1.1 / 255.255.255.0
    ETH2 (WAN): dynamic address (dhcp from CABLEMODEM)
    VPN00: 10.11.10.1 / 255.255.255.252
    Static Route: 192.168.2.0 -> 10.11.10.2
    Testlaptop (LAN): 192.168.1.10

    SITE2:
    ETH1 (LAN): 192.168.2.1 / 255.255.255.0
    ETH2 (WAN): dynamic address (dhcp from CABLEMODEM)
    VPN00: 10.11.10.2 / 255.255.255.252
    Static Route: 192.168.1.0 -> 10.11.10.1
    Testlaptop (LAN): 192.168.2.10

    I start zeroshell, vpn comes up but when i ping (from my testlaptop on both ends) the other end of the VPN tunnel, i get NO response, the other sides LAN interface, i get NO response and the other sides testlaptop NO response. When i use the zeroshells diagnosic tool to ping hosts, i can ping successfully everything, the other ends tunnel, the other ends LAN interface and the Testlaptop on the other side.

    after hours of trial and error and that includes the following:

    -add startup commands to the tunnel
    –up-delay
    –route commands

    -enabling RIP

    I have found out workaround to my current situation. After restarting the zeroshell, and the VPN comes up, but no pinging, i have to go to Setup -> Network and disable ETH2 (WAN) “UP” and enable it again, and voila! everything works. I have to do that on both sides, SITE1 and SITE2. after more testing, i tried a dynamic WAN address on one side and a static WAN address on the other side, it turns out that the problem occures on the side with the dynamic WAN address. disable/enable WAN interface on the side with the dynamic WAN address and all is fine and up until the next reboot.

    Sidenote: according to the OpenVPN documentation its possible to have dynamic addresses on both ends:

    http://openvpn.net/index.php/open-source/faq/77-server/299-can-openvpn-handle-the-situation-where-both-ends-of-the-connection-are-dynamic.html

    Does someone have ideas, how to fight this issue?

    Regards Mike

    #50924

    ppalias
    Member

    Openvpn has a rich syslog output. Could you tell us if you find anything useful there?

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.