mattschedler

Forum Replies Created

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • in reply to: Host-to-site route add problem? #51244
    mattschedler
    Participant

    Glad to be of help. I don’t suppose you tried openVpn without being administrator? There’s an upgrade to ZeroShell too… wonder if there’s anything in there that affects this.

    Well… one way or the other I have it working and it survives a ZeroShell reboot.

    Thanks dnsadmin for the additional info.

    in reply to: Host-to-site route add problem? #51242
    mattschedler
    Participant

    Unfortunately, using the older version turned out to be not such a good option. It requires the client user to have Administrative rights (a couple of options can get around it but none of them I liked very much). So that, at least for me, is out.

    Good news is, after some googling and tinkering, I think I have found a fix. I found on a debian list, something that sounds like the same issue (bug #600166) and at least a temporary resolution. Using this as a guide, I made a change to a script on a test ZS box which changes one of the “push” options slightly.

    On line 61 of “/root/kerbynet.cgi/scripts/vpn_start”:
    ” PUSHNETS0=”route remote_host 255.255.255.255 net_gateway 1″

    Replace “remote_host” with “OPENVPN_REMOTE_PEER

    Routes are now added and removed correctly with all three tested client programs and the default gateway is left alone (and not deleted on disconnect). After multiple connects and disconnects I am satisfied that it is working like it should. I assume that this change will not survive a reboot but I haven’t checked.

    in reply to: Host-to-site route add problem? #51241
    mattschedler
    Participant

    Looks like I may have an answer. Basically I tried 3 different versions of the windoze client. One from openvpn.se (linked from the howto on ZS page) and two clients (“Access server” and “Community”) from openvpn.net. Did this:

    Installed version from openvpn.se and all worked as it should and routes set up fine. Disconnect worked fine as well (didn’t strip out my default gw). Uninstalled and removed tap device.

    Installed community version from openvpn. net… got crazy route additions and disconnect stripped out my default gateway. (route addresses were much more similar to dnsadmin, btw). Uninstalled and removed tap device.

    Installed “Access Server” version from openvpn.net… got crazy routes (slightly different then previously) and gw was stripped. Uninstalled and removed device.

    Installed openvpn.se community version again… ran perfectly as before. Routes normal and gateway was not stripped.

    Also, both openvpn.net versions did not set up the correct routes either so no connectivity to remote network. I noticed that both showed tap driver versions to be 9.x (9.11 and 9.13 I think) while the version that worked had version 8.01 (?).

    I think it’s safe to conclude that there is an issue with the version of the client network device driver. Removing whatever version of openvpn.net you have and getting the version from openvpn.se seems to be the ticket.

    Link: http://openvpn.se/download.html

    in reply to: Host-to-site route add problem? #51240
    mattschedler
    Participant

    One other similarity I see is that we both seem to be using the 10.0.0.0 network addresses range on one end or the other… can’t see why that would be an issue but I’ll point it out anyway just in case.

    I did try one other thing, I tried adding only a couple of IP addresses to the “traffic to tunnel” and got the same results. Thought that was strange.

    Last thing I’ll mention, looking at dnsadmin’s routing table it looks like something else that’s similar might be happening… can’t tell sure because the test environment where I noticed this part was flawed. Anyway, when I configure a network to tunnel, after a connect and then a disconnect, the client’s default gateway is stripped away. I have yet to verify this in a proper environment (looks like my weekend will be busy with tinkering).

    I have to say though, other then this hickup, this is a fabulous project. I currently have 4 branches plus our main location, all in a 5 state area connected together using ZS Lan-to-Lan. Each office’s telephone system is VOIP connected and all 5 can call any extension in any office. The only thing not working as well or better then the old systems is the QoS… It’s just whooping my butt in one office where the bandwidth is way too low. I was using linux and tc. I just can’t quite seem to get it as good using ZS. Another day perhaps.

    in reply to: Host-to-site route add problem? #51238
    mattschedler
    Participant

    I have an unused laptop with XP and my own with Kubuntu 10.04 that I will try out this weekend… I’ll see what happens with the different setups and clients. The only thing I want to accomplish is to have normal internet traffic on the client not go thru the openvpn tunnel.

    in reply to: Host-to-site route add problem? #51236
    mattschedler
    Participant

    I’m using the default from one of the howto’s there… Less the comments it looks like this:

    remote vpn.myserver.net 1194
    proto tcp
    auth-user-pass
    ca CA.pem
    ;cert client.pem
    ;key client.pem
    comp-lzo
    verb 3
    mute 20
    resolv-retry infinite
    nobind
    client
    dev tap
    persist-key
    persist-tun

    Wonder if the client could be involved too… I’m using the Windows OpenVPN client Access Server client instead of the community one (it seemed to have a more “simplified” interface).

    in reply to: Host-to-site route add problem? #51234
    mattschedler
    Participant

    I am getting almost identical results. I have been unable to find any info about this anywhere else. I add 10.0.0.0/24 and I get 41 routes added in my windows XP client nearly identical to dnsadmin. Anyone find anything?

Viewing 7 posts - 1 through 7 (of 7 total)