News alice
04-12-08, 07:33 PM
Hi all,
my openvpn net worked well for long time, but yesterday, after stopping
and rebooting the server with the option "client-to-client" off and on,
the win2k clients ( and not the xp and linux clients) stopped to answer
to my ping requests.
Please note that they look for the server, and all the connection
procedure works perfect.
so I see ALL of my clients connected to my server, but the win2k doesn't
talk with the server.
I checked the log file in my server, and there is no differences between
a linux client and a win2k client.
I reached one of those, and everything seemed regular. i checked in the
command line the command "route print"
and the I've seen all my rules for my vpn.....
then I tryed to reboot the service and everything are now perfect, I
can reach this machine from my linux server now.
The problem is that almost all of this clients are far from me, and I
cannot reach them.
Is there a way to tell the server to "reset" all of my clients? all
clients are using ccd files.
This is a very worryng situation for me, because many of these clients
are many kilometers far from me....
my server conf:
;local a.b.c.d
;daemon
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh1024.pem
;server 10.8.0.0 255.255.255.0
server 172.25.50.0 255.255.254.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
ccd-exclusive
;client-to-client
keepalive 60 300
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn/rokepo.log
verb 4
#####################################################
and here's a sample of my clients conf:
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote "my-server ip" 1194
;remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
# Set log file verbosity.
verb 3
##############################
thanks for any help or suggestions you can give me
Guido Caliandro
my openvpn net worked well for long time, but yesterday, after stopping
and rebooting the server with the option "client-to-client" off and on,
the win2k clients ( and not the xp and linux clients) stopped to answer
to my ping requests.
Please note that they look for the server, and all the connection
procedure works perfect.
so I see ALL of my clients connected to my server, but the win2k doesn't
talk with the server.
I checked the log file in my server, and there is no differences between
a linux client and a win2k client.
I reached one of those, and everything seemed regular. i checked in the
command line the command "route print"
and the I've seen all my rules for my vpn.....
then I tryed to reboot the service and everything are now perfect, I
can reach this machine from my linux server now.
The problem is that almost all of this clients are far from me, and I
cannot reach them.
Is there a way to tell the server to "reset" all of my clients? all
clients are using ccd files.
This is a very worryng situation for me, because many of these clients
are many kilometers far from me....
my server conf:
;local a.b.c.d
;daemon
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh1024.pem
;server 10.8.0.0 255.255.255.0
server 172.25.50.0 255.255.254.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
ccd-exclusive
;client-to-client
keepalive 60 300
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn/rokepo.log
verb 4
#####################################################
and here's a sample of my clients conf:
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote "my-server ip" 1194
;remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
# Set log file verbosity.
verb 3
##############################
thanks for any help or suggestions you can give me
Guido Caliandro