PETER EASTHOPE wrote: > root@dalton:/etc/openvpn# cat /etc/openvpn/myvpn.conf > # dalton:/etc/openvpn/myvpn.conf Dalton is the static IP server configuration. > mode server > secret /root/key 1 As Mike found and pointed out those are incompatible. For server mode you need to set up and use certificates. I have the following: # SSL/TLS parms. # See the server config file for more description. It's best to use a # separate .crt/.key file pair for each client. A single ca file can # be used for all clients. ca server-ca.crt cert server.crt key server.key dh dh1024.pem # If a tls-auth key is used on the server then every client must also # have the key. tls-auth ta.key 0 > ifconfig 10.4.0.2 10.4.0.1 Personally I have in my file the combined "server" option. # Configure server mode. Equivalent to: # ifconfig 192.168.1.1 192.168.1.2 # ifconfig-pool 192.168.1.4 192.168.1.251 # route 192.168.1.0 255.255.255.0 # push "route 192.168.1.1" server 192.168.1.0 255.255.255.0 You might consider that simplification. Or you might try setting up a shared static key as per this document: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html > # Machines in the local home zone reached _via_ the tunnel. > # Curie > route 172.23.4.2 > # Heaviside > route 172.23.5.2 > # Shaw mail servers _via_ the tunnel. > # route shawmail.gv.shawcable.net > route 64.59.128.135 > route 24.71.223.43 > # Shaw ftp server _via_ the tunnel. > # route ftp.shaw.ca > route 64.59.128.134 You have so many 'route' commands in your file. I have none. I think you should consider trying to get a simpler configuration going initially and then adding such complications. I think you need to "push" those routes so that they will appear on your clients. For example: # This router routes to the following subnets. Push these routes to # the clients so that they can route to these subnets too. push "route 192.168.1.0 255.255.255.0" But since you have routes to public IP space there perhaps you would want to route all of your traffic over the vpn (once you have it working) and then you wouldn't need specific routes for everything. I did not see any of the following that I think you would want to have in there: # Set up the client configuration directory so that each client can be # assigned a static IP address. client-config-dir ccd And then in ccd/client: ifconfig-push 192.168.2.2 192.168.2.1 Instead of "client" and "server" in the above I use the hostname of the machines. Instead of 192.168.1 and 192.168.2 I use random assignments so that I have less chance of collision with a local wifi address somewhere. Bob
Attachment:
signature.asc
Description: Digital signature