[SGVLUG] OpenVPN not seeing anything

Steve Sawkins ssawkins at gmail.com
Wed Jul 15 14:22:32 PDT 2009 

I've never used OpenVPN, but if you have a mandatory tunnel going, ALL
of your traffic will be going through it, and if you need to have new
DNS Servers as a result of being on a new network, your tunnel server
would potentially need to serve them up.

At least, that's how I remember it.

A split tunnel would allow you to have traffic both inside and outside
the tunnel. That works decently if you need general internet access
but still need to go through the tunnel for some specific service.

If NOTHING is going through the tunnel, I'd check the
firewall/filtering settings on the tunnel server or your local
firewall settings on your Mac. The fact that the SSH sessions are
going through tells me that they've been given special dispansation by
something in the filter chain.

Have you tried to initiate an SSH session through the tunnel? Maybe
you're set up to only allow outgoing port 22 on certain interfaces...

If you turn up the logging on everyone involved(client and server) it
might be obvious what's going on. You might see like a "packet dropped
due to failing this criteria" type-of message.

-Steve S.


Message: 1
Date: Tue, 14 Jul 2009 15:36:40 -0700 (PDT)
From: skevin521 at yahoo.com
Subject: [SGVLUG] OpenVPN not seeing anything
To: Orange County Linux Users Group <oclug at penguin.oclug.org>
Cc: sfvlug at sfvlug.org, sgvlug at sgvlug.net
Message-ID: <679728.2699.qm at web50905.mail.re2.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1


First off, I want to thank everyone about the GMail comments.? GMail
was indeed greylisting me, and it is still taking about 10 hours for
mail to get through.? Oh well...

I'm now facing down a new breed of problem - OpenVPN.? I've gotten it
set up and installed on a CentOS box on a public IP, but when I
connect (I'm using Tunnel Blick for the Mac as my client) I suddenly
lose all connectivity to the world around me.? It's not just hostnames
not resolving... I can't even hit any numerical IPs, except my local
gateway.

Oddly enough, any SSH sessions I had open just prior to connecting
still remain open.? Here's my server.conf:

port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/virdev01.crt
key keys/virdev01.key
dh keys/dh1024.pem
server 172.16.229.0 255.255.255.0
client-config-dir ccd
#########
######### Put your Public DNS Servers here
#########
push "dhcp-option DNS 216.187.125.130"
push "dhcp-option DNS 216.187.125.131"
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Any help would be totally totally appreciated.


Solomon

More information about the SGVLUG mailing list