Topic: openvpn client problem

[dwater]

I am guessing that because the vpn is up and the "server has handed a route to the client (SME) you cannot add the same route again (via the web interface).

Drop the Vpn, Make sure there are no routes other than default and try again.

Unfortunately, I anticipated that and stopped the openvpn service and checked the routes were gone before I even tried to add the local network

Then you will need to delete that route (usually done in the .up script) because SME will bind the route to eth0 (lan side) - whereas you need it to point to the vpn interface.

Yeah, saw that...understand that bit.

I cant give you advice on the finer points. Normally I let both ends do there own bit (peer to peer).

I think I'm gonna have to look through all the scripts to find out what the web page does; or just figure it out from the init files...

Thanks though.

Max.

[duncan]

Good luck  

[dwater]

Good luck  

No luck

I have progressively gone backwards, even to the point of uninstalling all the openvpn rpms, and I still cannot add a local network using the web interface.

Any ideas anyone?

Max.

[dwater]

OK. I think I've fixed it and am back at square one (ie no OpenVPN).

To force the removal of the networks, I had to edit the networks database manually :

Code: [Select]

[mwaterman@truth e-smith]# pwd
/sbin/e-smith
[mwaterman@truth e-smith]# ./db
usage:
    ./db dbfile keys
    ./db dbfile print [key]
    ./db dbfile show [key]
    ./db dbfile get key
    ./db dbfile set key type [prop1 val1] [prop2 val2] ...
    ./db dbfile setdefault key type [prop1 val1] [prop2 val2] ...
    ./db dbfile delete key
    ./db dbfile printtype [key]
    ./db dbfile gettype key
    ./db dbfile settype key type
    ./db dbfile printprop key [prop1] [prop2] [prop3] ...
    ./db dbfile getprop key prop
    ./db dbfile setprop key prop1 val1 [prop2 val2] [prop3 val3] ...
    ./db dbfile delprop key prop1 [prop2] [prop3] ...
[mwaterman@truth e-smith]# ./db networks print
10.7.1.0=network-deleted|Mask|255.255.255.0|Router|192.168.189.13
10.7.7.0=network-deleted|Mask|255.255.255.0|Router|192.168.189.13
192.168.189.0=network|Mask|255.255.255.0|SystemLocalNetwork|yes
[mwaterman@truth e-smith]# ./db networks print 10.7.1.0
10.7.1.0=network-deleted|Mask|255.255.255.0|Router|192.168.189.13
[mwaterman@truth e-smith]# ./db networks delete 10.7.1.0
[mwaterman@truth e-smith]# ./db networks delete 10.7.7.0


(I'm curious why there is no external network listed-perhaps this is only local networks)

Anyway, while I was poking around, I tried to execute the /etc/e-smith/events/network-delete scripts. The S55proxy-conf one complained about a file /etc/e-smith/templates/etc/squid/squid.conf/core. It is/was a core file from squid. I moved it somewhere else (in case it might be useful to someone [doubtful]). I'll bet that was causing the problem.

Anyway, I think I'll stick with the current setup for a while - that attempt was just too hit-and-miss for a live system

Thanks anyway

Max.

[Franco]

dwater,
You certainly made my life easier, you process of deleting the networks by hand works perfectly. I was having a problem of connecting via VPN and not being able to access the server resources (routing issues, couldn't add previously deleted routes).

Thanks,

[dwater]

dwater,
You certainly made my life easier, you process of deleting the networks by hand works perfectly. I was having a problem of connecting via VPN and not being able to access the server resources (routing issues, couldn't add previously deleted routes).

Thanks,

Glad to know that even I can be of help

Max.

[nald]

I am guessing you are doing a SME<->SME setup.

You need to add local networks for both the tunnel addresses and the remote lan address. Just use your local IP address as the router. You will need to delete the routes it adds as per the how to.

Hi Duncan,

Excuse me... I tried to read this particular subject and i think it could help me on my VPN problem.

I do have a Windows 2000 Pro and it is behind SME 6.0.1 (server&gateway).

Im just confuse how come i can't connect VPN remotely to another SME box.  This is the error will appear in my screen.
'Error 619: The specified port is not connected'

My current configuration of my Windows 2000 is:

ip address: 192.168.xx.xx
subnet mask: 255.255.255.0
gateway: 192.168.xx.xx (from my SME box)

If i change my configuration into a public ip address which would not anymore pass to my SME box then i could connect VPN remotely to another SME server.

ip address: 203.167.xx.xx
subnet mask: 255.255.255.224
gateway: 203.167.xx.xx (directly from our ISP)

I heard some people form the forums to install OPENVPN. Here is the link...
http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_30.htm

If OPENVPN is the solution then I just want to ask on how OPENVPN works.  You are right...I am doing SME <-> SME setup but do i need to install OPENVPN both SME box?

Thanks...
Nald

[Tib]

dwater

When you tried to connect the two networks ... did you make sure the internal networks were on diff IP ranges??

eg 192.168.0.1 sme client and 192.168.1.1 sme server.

If both internal networks have the same internal IP range you will have problems I'm sure.

Just a thought

Tib

[nald]

Yes, it has different ip range.

Is there anyone can help me in regards to OPENVPN?

Thanks...

Nald

[Tib]

nald

Go to http://sme.swerts-knudsen.dk/index.html and look at the "Howto install OpenVPN Server and Client" link there and follow the instructions ... thats what I did and all works fine ... i even setup a linux box to log into my works sme server.

Regards,

Tib