The situation has changed a little bit ;) Now I am using a routed setup (bridged setup was an old remnant). My server is: CentOS release 6.2 (Final) 2.6.32-220.el6.x86_64 openvpn-2.2.1-1.x86_64 My server config file is: local 1.2.3.4 port 123 proto tcp-server dev tun0 tls-server remote-cert-tls client tls-auth /etc/openvpn/keys/ta.key 0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key # This file should be kept secret dh /etc/openvpn/keys/dh1024.pem ;crl-verify /etc/openvpn/keys/crl.pem server 172.16.1.0 255.255.255.0 ;ifconfig-pool-persist /etc/openvpn/ipp.txt push "route 192.168.0.0 255.255.255.0 172.16.1.1" push "route 172.17.0.0 255.255.0.0 172.16.1.1" push "dhcp-option DNS 192.168.0.2" push "dhcp-option DNS 192.168.0.1" client-to-client duplicate-cn keepalive 10 60 cipher AES-256-CBC # AES comp-lzo max-clients 20 user openvpn group openvpn persist-key persist-tun status /var/log/openvpn-status.log log /var/log/openvpn.log verb 4 My client file is: Ubuntu 12.04.1 LTS 3.2.0-29-generic x86_64 openvpn-2.2.1-8ubuntu1 My client config file is: remote 1.2.3.4 port 123 dev tun0 proto tcp-client resolv-retry 120 ;persist-key ;persist-tun remote-cert-tls server tls-remote server.example.com tls-client ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client.crt key /etc/openvpn/keys/client.key tls-auth /etc/openvpn/keys/ta.key 1 cipher AES-256-CBC verb 4 log /var/log/openvpn.log status /var/log/openvpn-status.log comp-lzo When I start the openvpn server I get the output in server.log.gz. Also I get one new interface 20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 172.16.1.1 peer 172.16.1.2/32 scope global tun0 In iptables I have (default policies DROP, only for OUTPUT ACCEPT): -A INPUT -s 172.16.1.0/255.255.255.0 -i tun0 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -d 172.16.1.0/255.255.255.0 -o tun0 -j ACCEPT -A FORWARD -s 172.16.1.0/255.255.255.0 -i tun0 -j ACCEPT When I start openvpn on client in the logfile (client.log.gz) I have "Initialization Sequence Completed" but in ip a s: 14: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 100 link/none The DOWN state is the problem as I think, also there is no IP configuration assigned. At the same moment on server I have output in server2.log.gz. There are lines Peer Connection Initiated with 1.2.3.4:44638 and Wed Aug 22 13:37:53 2012 us=331639 client/1.2.3.4:44638 MULTI: Learn: 172.16.1.6 -> client/1.2.3.4:44638 Wed Aug 22 13:37:53 2012 us=331648 client/1.2.3.4:44638 MULTI: primary virtual IP for client/1.2.3.4:44638: 172.16.1.6 But also a line Wed Aug 22 13:38:07 2012 us=418282 client/1.2.3.4:44638 Connection reset, restarting [0] I have no firewall on my client host. Any suggestions? Best regards, Rafał. 2012/8/21 Leon Fauster <leonfauster@xxxxxxxxxxxxxx> > Am 21.08.2012 um 16:27 schrieb Rafał Radecki: > > When I start the tunnel I am not able to ping 1.2.3.4 IP on server, the > TAP > > interface is also in DOWN state. I have no firewall configured. My client > > log file is attached. > > Should I have an IP addres on my TAP interface? > > > > What are your goals? > > A bridged setup (dev tap) or a routed network (dev tun)? > > LF > > > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos >
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos