# [SOLVED] openvpn - understanding ports

## Joseph_sys

I'm trying to configure openvpn and I got stuck on port configuration; I need to understand how it works when it comes to ports.

Generating keys is an easy part, I've follow this howto:

https://forums.gentoo.org/viewtopic-t-538662-highlight-openvpn+howto.html

But I'm trying to test it and can not ping it, I've missed something.

I'm testing it on my internal network, I've put another gateway in an internal network; can I test it internally between two private networks)

1.)

Client IP: LAN IP 10.0.0.109  (gateway 10.0.0.1)

OpenVPN client.conf 

```
client

dev tun

proto udp

remote 192.168.139.1 9000

resolv-retry infinite

nobind

tun-mtu 1500

tun-mtu-extra 32

mssfix 1200

persist-key

persist-tun

ca "/etc/openvpn/client/ca.crt"

cert "/etc/openvpn/client/syscon9.crt"

key "/etc/openvpn/client/syscon9.key"

tls-auth "/etc/openvpn/client/vpn_my.key" 1

comp-lzo

log        /var/log/openvpn.log

log-append /var/log/openvpn.log

verb 3
```

Server LAN IP 192.168.1.5 (gateway 10.0.0.1) 

WAN IP 10.0.0.151 (so I have another router on the internal network to create another network for testing)

 server.conf

```
port 9000

proto udp

dev tun

mode server

ca /usr/share/openvpn/easy-rsa/keys/ca.crt

cert /usr/share/openvpn/easy-rsa/keys/server.crt

key /usr/share/openvpn/easy-rsa/keys/server.key

dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem

server 192.168.139.0 255.255.255.0 

client-to-client

ifconfig-pool-persist ipp.txt

client-config-dir ccd

keepalive 10 120

tls-auth vpn_my.key 0

tun-mtu 1500

tun-mtu-extra 32

mssfix 1200

duplicate-cn

comp-lzo

max-clients 100

persist-key

persist-tun

status openvpn-status.log

log        /var/log/openvpn.log

log-append /var/log/openvpn.log

verb 3
```

the above created "tun0" interface on the server with IP: 192.168.139.1

both client and server start OK but I can not ping it anything.

On the server gateway I have forwarded port 9000 to local IP 192.168.1.5 port 9000 UDP

(the firewall is disable between them)

I think I'm a bit confused as to those IP numbering, are they correct?Last edited by Joseph_sys on Wed Feb 24, 2010 11:23 pm; edited 2 times in total

----------

## francofallica

I don't exactly understand what your setup looks like. But you say that: 

 *Quote:*   

> 
> 
> both client and server start OK but I can not ping it anything. 
> 
> 

 

So the tunnel does start properly? then it should be alright.  

If you can not ping you might need to add a route entry (that was my problem once). 

if this does not help please post console output when starting openvpn and ifconfig -a & arp -a

hope that helps

franco

----------

## Joseph_sys

The last section of that gentoo howto: *Quote:*   

> /etc/openvpn/ccd/<username>
> 
> # and in it put for example :
> 
> Code:
> ...

 I did not create this file on client side I don't understand what am I suppose to put in there?

Output of "ifconfig -a & arp -a" from openvpn server 

```
ifconfig -a & arp -a > arp.txt

[1] 14652

eth0      Link encap:Ethernet  HWaddr 00:1f:d0:a2:df:9d  

          inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::21f:d0ff:fea2:df9d/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1317779 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1279346 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:187317312 (178.6 MiB)  TX bytes:94353495 (89.9 MiB)

          Interrupt:25 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:397 errors:0 dropped:0 overruns:0 frame:0

          TX packets:397 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:36501 (35.6 KiB)  TX bytes:36501 (35.6 KiB)

sit0      Link encap:IPv6-in-IPv4  

          NOARP  MTU:1480  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:192.168.139.1  P-t-P:192.168.139.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vboxnet0  Link encap:Ethernet  HWaddr 0a:00:27:00:00:00  

          BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

[1]+  Done                    ifconfig -a
```

I can ping 10.0.0.151 (that an external IP of the server box that opnevpn runs with tun: 192.168.139.1

but how does the "tun0" communicate/push traffic between "eth0" on that box and "tun0"

so that might be the reason I can not ping 192.168.139.1 as I don't understand this part.

----------

## Joseph_sys

I've found best instruction here, it is a "must read" for beginners:

http://www.linuxconfig.org/VPN_-_Virtual_Private_Network_and_OpenVPN

My client.config should have external real IP address eth0 of the network I'm connecting to, and router should be configured to forward in my example port 9000 to eth1 on the other network (in my case: 192.168.1.5):

```
...

remote 10.0.0.151 9000

...
```

----------

