Search Results

Search found 1236 results on 50 pages for 'nat papovich'.

Page 31/50 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

  • Juniper SSG-5 subinterface vlan routing to the internet

    - by catfish
    I'm unable to get a brand new Juniper SSG-5 with latest 6.3.0r05 firmware routing to the internet from a subinterface I created on bgroup0 setup as vlan2 (bgroup0.1 on "wifi" zone). When connected on the default vlan it gets on the internet just fine. When I switch to vlan2 I'm unable to get to the internet. I am able to get the correct ip address (10.150.0.0/24) from dhcp, able to get to the juniper management page, etc but nothing past the firewall, can't ping 4.2.2.2 or the internet gateway. Even setting up logging on the wifi-to-untrust policy and it does shows the attempts (it's it's timeouts). 172.31.16.0/24 is the untrusted lan, it's already nat'ed but works fine for testing. Can ping this ip from the default vlan but not from vlan2 192.168.1.0/24 is the trusted main lan 10.150.0.0/24 is the wifi isolated lan on vlan2 The idea is to setup an AP with lan and guest access (AP supports multiple ssid's on different vlans). I know I can setup the juniper to use different ports for the wifi lan and use their procurve switch to do the vlan separation, but I never used vlan'ing on a Juniper firewall and I would like to try it out this way. Here is the complete config file: unset key protection enable set clock timezone -5 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set alg appleichat enable unset alg appleichat re-assembly enable set alg sctp enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "xxxxxxxxxxxxxxxx" set admin auth web timeout 10 set admin auth dial-in timeout 3 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone id 100 "Wifi" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block unset zone "V1-Trust" tcp-rst unset zone "V1-Untrust" tcp-rst set zone "DMZ" tcp-rst unset zone "V1-DMZ" tcp-rst unset zone "VLAN" tcp-rst unset zone "Wifi" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet0/0" zone "Untrust" set interface "ethernet0/1" zone "Untrust" set interface "bgroup0" zone "Trust" set interface "bgroup0.1" tag 2 zone "Wifi" set interface "bgroup1" zone "DMZ" set interface bgroup0 port ethernet0/2 set interface bgroup0 port ethernet0/3 set interface bgroup0 port ethernet0/4 set interface bgroup0 port ethernet0/5 set interface bgroup0 port ethernet0/6 unset interface vlan1 ip set interface ethernet0/0 ip 172.31.16.243/24 set interface ethernet0/0 route set interface bgroup0 ip 192.168.1.1/24 set interface bgroup0 nat set interface bgroup0.1 ip 10.150.0.1/24 set interface bgroup0.1 nat set interface bgroup0.1 mtu 1500 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet0/0 ip manageable set interface bgroup0 ip manageable set interface bgroup0.1 ip manageable set interface ethernet0/0 manage ping set interface ethernet0/1 manage ping set interface bgroup0.1 manage ping set interface bgroup0.1 manage telnet set interface bgroup0.1 manage web unset interface bgroup1 manage ping set interface bgroup0 dhcp server service set interface bgroup0.1 dhcp server service set interface bgroup0 dhcp server auto set interface bgroup0.1 dhcp server enable set interface bgroup0 dhcp server option gateway 192.168.1.1 set interface bgroup0 dhcp server option netmask 255.255.255.0 set interface bgroup0 dhcp server option dns1 8.8.8.8 set interface bgroup0.1 dhcp server option lease 1440 set interface bgroup0.1 dhcp server option gateway 10.150.0.1 set interface bgroup0.1 dhcp server option netmask 255.255.255.0 set interface bgroup0.1 dhcp server option dns1 8.8.8.8 set interface bgroup0 dhcp server ip 192.168.1.33 to 192.168.1.126 set interface bgroup0.1 dhcp server ip 10.150.0.50 to 10.150.0.100 unset interface bgroup0 dhcp server config next-server-ip unset interface bgroup0.1 dhcp server config next-server-ip set interface "serial0/0" modem settings "USR" init "AT&F" set interface "serial0/0" modem settings "USR" active set interface "serial0/0" modem speed 115200 set interface "serial0/0" modem retry 3 set interface "serial0/0" modem interval 10 set interface "serial0/0" modem idle-time 10 set flow tcp-mss unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check set flow reverse-route clear-text prefer set flow reverse-route tunnel always set pki authority default scep mode "auto" set pki x509 default cert-path partial set crypto-policy exit set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set url protocol websense exit set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit set policy id 1 exit set policy id 2 from "Wifi" to "Untrust" "Any" "Any" "ANY" permit log set policy id 2 exit set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 unset license-key auto-update set telnet client enable set snmp port listen 161 set snmp port trap 162 set snmpv3 local-engine id "0162122009006149" set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 0.0.0.0/0 interface ethernet0/0 gateway 172.31.16.1 exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit

    Read the article

  • tcptrack shows SYN_SENT connections, does that mean the SYN package reached the server?

    - by xpu
    our server suffered a serious connection timeout problem, so we track tcp connection with tcptrack we found out that, if the client started to connect to the server, tcptrack shows the connection, but in SYN_SENT status, and netstat -nat shows nothing. (tcptrack & netstat all runs on the server) does this mean the syn request reached the server? and no syn/ack was sent back? why the tcptrack could report this connection but netstat could not? what could be the problem that a general apache could not establish a connection with the client? i did a bench test using ab in the same intranet, to the specified NIC, it handled 10000 concurrent connection and 400000 requests ok ps: this doesn't happen every time, but did happened a lot pps: is there any good tools to trace where the tcp connection was lost?

    Read the article

  • Ubuntu 11.04 VM shows a black screen in VMware Player

    - by Roel Veldhuizen
    I have a Ubuntu Server 11.04 64 bit VM running on VMware Player 3.1.4 that only shows a black screen. No matter what I try, the screen remains black. The VM has worked the first time. When I reset the machine, it shows the VMware loader and a flickering _ for about a second. Then the screen turns black again. VM settings: Memory: 512MB Processors: 1 HD: 20GB CD: auto detect Floppy: auto detect Network adapter: NAT USB controller: present soundcard: auto detect printer: present display: auto detect I just created a fresh VM and the same happens, so it seems that the problem is consistent.

    Read the article

  • Stable reverse port forwarding in SSH and stale sessions

    - by Vi
    Using VPS to forward ports behind NAT: for((;;)) { ssh -R 2222:127.0.0.1:22 [email protected]; sleep 10; } When connection is broken somehow and it is reconnecting. Warning: remote port forwarding failed for listen port 2222 Linux vi-server.no-ip.org 2.6.18-92.1.13.el5.028stab059.3 #1 SMP Wed Oct 15 13:33:44 MSD 2008 i686 I type: vi@vi-server:~$ killall sshd Connection to vi-server.org closed by remote host. Connection to vi-server.org closed. Linux vi-server.no-ip.org 2.6.18-92.1.13.el5.028stab059.3 #1 SMP Wed Oct 15 13:33:44 MSD 2008 i686 vi@vi-server:~$ Now it's OK. How it's simpler to make this automatic?

    Read the article

  • LVS TCP connection timeouts - lingering connections

    - by Jon Topper
    I'm using keepalived to load-balance connections between a number of TCP servers. I don't expect it matters, but the service in this case is rabbitmq. I'm using NAT type balancing with weighted round-robin. A client connects to the server thus: [client]-----------[lvs]------------[real server] a b If a client connects to the LVS and remains idle, sending nothing on the socket, this eventually times out, according to timeouts set using ipvsadm --set. At this point, the connection marked 'a' above correctly disappears from the output of netstat -anp on the client, and from the output of ipvsadm -L -n -c on the lvs box. Connection 'b', however, remains ESTABLISHED according to netstat -anp on the real server box. Why is this? Can I force lvs to properly reset the connection to the real server?

    Read the article

  • Cisco ASA 5510 ASDM: Setting up multiple public static ip addresses on a single interface and route

    - by ssjaken
    HI, i have a cisco ASA 5510 using ASDM version 6.3 We have a webserver that is been written very specifically and i was given super direct "DO NOT DEVIATE" directions. This server has to get traffic from 3 different PUBLIC ip's that we own. (our isp gave use a block of 12 static addresses) on 4 different ports. there are the directions i was given externalIP1:22 - 172.17.5.50:22 - SSH externalIP1:443 - 172.17.5.50:23040 - SIT externalIP2:443 - 172.17.5.50:33040 - STAGE externalIP3:443 - 172.17.5.50:43040 - PROD My first question is, using ASDM (my contract employer demands i use ASDM over CLI) how do i get three public addresses to work on one interface. We are authenticating on PPPoE. I know create a virtual interface with the static address but when i do i cannot ping the address from another offsite machine. secondly, where would i put the traffic redirect in. would i go ahead and create ACL's or just make NAT routes. Thanks.

    Read the article

  • Access virtualhosts over LAN (Also in xpmode (Virtual PC))

    - by Pheter
    Hi, I am running Wamp on my computer (the host). I have set up several virtualhosts in apache and they are working fine when I access them from the same computer (host). I have installed Windows XPMode on my computer (which is running windows 7). XPMode (which uses Virtual PC) is set up to use a NAT network. The network in XPMode is working fine, and I can access the host PC via the IP address 192.168.1.5, just as I would if I was using any physical computer on the same network. I can view all the web pages at 192.168.1.5 and it's subdirectories. However, I cannot access any of the subdomains that are configured in the virtualhosts of the host computer. How can I access the subdomains? I don't think that the fact that I am using XPMode and am using a virtualized OS has anything to do with it, but I thought that it was worth mentioning.

    Read the article

  • opening socket to google hangs on SYN_SENT

    - by puchu
    I have 2 computers now: downloader (asus at4nm10t-i) with debian and desktop (asus sabertooth 990fx) with gentoo in the same network under NAT even with the same ethernet card: RTL8111E. driver r8169 is compiled as module on both computers. Sometimes in evenings desktop cannot connect to google and all its services like now: curl -v http://www.google.by on downloader it received server's answer immediately. on desktop it hanged and when I ran in other terminal: netstat -ntp | grep curl >>tcp 0 1 192.168.0.7:54126 173.194.35.191:80 SYN_SENT 4876/curl after 1-2 minutes it received server's answer. I was tried to change ip of network, mac address of desktop but nothing changed. When I was trying to connect to another services except google: curl -v http://www.yahoo.com both computers received answers immediately! Only when I rebooted desktop it begins to work with google services correctly I cant understand what is this bug related to. In which bugtracker should I post this: r8169 or linux kernel or google? PS. Desktop was checked with memtest: 5 passes - no errors

    Read the article

  • Airport Extreme roaming setup

    - by Daniel Johansson
    We've got three Apple AirPort extremes and want to setup them as a roaming wlan network on my company. My question is what's the correct setup for this? All three AP:s is supposed to create the same wireless network "MyWlan" and we want roaming supoprt between them so that client can move from floor to floor without having to switch wlan or reconnect. We don't want to use any kind of DHCP or NAT on the AirPorts, only bridge mode. Do we connect the AirPorts to the lan/ethernet using the WAN port or one of the LAN ports? What's the correct settings in the config utility? Have one of the AirPorts create a network and setup the other two to extend the created network from AirPort 1 or have them all create the same network and set the same wlan password?

    Read the article

  • Lost Internet access in Windows XP Mode virtual pc under Windows 7

    - by kousen
    In my office, I created and configured a virtual pc in Windows XP Mode. Everything was working fine. Now I'm on the road, and my Internet access (in the host operation system) is either via a hotel wifi or through my Verizon air card. Either way, I've lost Internet access in the virtual pc. I went into the Virtual PC settings, and set the Networking value to Shared Networking (NAT). Actually, I've tried every combination I can find, but I can't get from the virtual pc to the web. I'm hoping to use the virtual box at a client site, so I really need that access. Is there anything I can do to get it back? Thanks for any help.

    Read the article

  • Setting up Lan within a Lan

    - by nageeb
    How unreasonable would it be to setup a small LAN within an existing LAN? I'm setting up a series of video surveillance servers and a number of IP cameras in a client's location and cannot have my equipment on the same network as their local machines. My network is essentially self-contained and the only device that anyone needs to access is a web-app on one of the machines. Basically I'm thinking of installing a SOHO router which would uplink to their LAN, and then set up some NAT rules on both their router and my router, to allow outside access to the webserver. Is there anything fundamental that i'm missing which would prevent this from working?

    Read the article

  • Problem with shared ssh keys

    - by warren
    Following the process I've used in other environments (http://www.trilug.org/pipermail/trilug/Week-of-Mon-20080602/054712.html), I've tried setting-up shared keys between my Mac and my CentOS 4 webserver. I've seen the same problem with my older Ubuntu 7.10 workstation trying to connect via keys to the same webserver. I have tried both dsa and rsa keytypes (sshkeygen -t <type>). The sshd_config file on my webserver seems to be allowing key-based logins: RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys And my .ssh/authorized_keys has my dsa and rsa keys added. Where should I be looking for what to change next to make key-based logins "Just Work™"? Is it related to the line #UseDNS yes and sshd is trying to do a reverse-lookup on my IP, but cannot because it's NAT'd?

    Read the article

  • Setup IPsec VPN using ASA5505 behind Juniper SSG5

    - by i_ch3ry
    I have been assigned to establish a Internet IPsecVPN connection between two sites using Cisco ASA5505 A site currently has following setup.(Same setup is expected in another site) Internet-----ADSL Router-----Juniper SSG5-----Intranet (Im not sure what is configured on SSG5 and if router is in bridge mode or if NAT is configured) I was thinking if I should install ASA5505 along with Juniper SSG5? Internet-----ADSL Router-----Juniper SSG5-----Cisco ASA5505(for vpn only)------Intranet or Internet-----ADSL Router-----Cisco ASA5505(for vpn only)-----Juniper SSG5------Intranet My question is if it is possible? What should be the normal way to achieve this goal? Thanks

    Read the article

  • VirtualBox guest network lost after host disconnects

    - by webjunk
    I am running VirtualBox both on a Snow Leopard OSX host machine and on a Windows Vista host machine. Whenever my host machines lose internet connection the guest machines seem to lose internet connectivity permanently even after the host connection to the Internet is reestablished. Resetting guest networking on the guest os, disconnecting cable via host virtualbox settings, and even restarting the guest OS do not help at all. The guest no longer can access the Internet. The only solution is restarting VirtualBox itself while the host is connected to the Internet. This really gets to be a pain when the host goes into sleep mode or I disconnect my laptop at work and then reconnect at home. Guests are setup with NAT networking. It affects guest machines with both Ubuntu and Windows XP OS'es. Is this expected behavior? Does anyone know of a fix? Or am I setup incorrectly?

    Read the article

  • Cisco 877 as a VPN server?

    - by Massimo
    I have a Cisco 877 router which connects my network to the Internet using an ADSL line, a single public IP address and NAT; the IOS version is 15. Everything is working ok, but I'd like to configure this router to be a VPN server, to be able to connect to the network from the outside. I've tried looking for documentation, but everything I can find is related to having the 877 act as a VPN client, or to site-to-site VPNs; I can't find anything about letting single remote computers access the internal network, which is something I can do quite easily using Windows' RRAS or ISA Server. Can the Cisco 877 act as a VPN server for remote client computers? (Looks like it should, but just to be sure...) Which type of VPNs does it support? Do they require some special software on the client machines, or can they be used by standard out-of-the-box Windows computers? And, finally: how to set up this?

    Read the article

  • Virtual Box Pen Test Lab Set Up

    - by hairyjewbear
    So i'm trying to set up a pen test lab in virtual box on my windows 7 host. I have 3 guest OS's installed: 1.) BackTrack5 2.) Centos 5 Server/Snort (My Snortbox) 3.) Win XP (Unpatched) I have 3 Ethernet adapters created IP'S 192.168.191.1 192.168.127.1 192.168.56.1 My goal is to use BackTrack5 to nmap the Win XP guest and have the snort box sniff the network. I'm new to networking and virtualization and I need help setting up my virtual network to get this to work. What should I do? All help appreciated Centos: Adapter1: NAT Adapter2: Host-only Adapter3: Internal Network Backtrack: Adapter1: Internal Network XP: Adapter1: Internal Network Also take for granted I'm on a University Network with a ridiculous firewall so I need to stay all within the host

    Read the article

  • Isolating VMware virtual machines from the network

    - by jetboy
    I have: VMware Workstation 7 running on a Windows 7 box (with a single NIC), with multiple virtual machines running a range of OSs. The host box is connected to a WRT54G router running Tomato firmware. The router is acting as a wireless bridge to another WRT54G that's wired to my broadband modem. I can access the VMs externally via VNC using VMware's Remote Display. Over time I've had these running: a. Using NAT networking (single IP) with port forwarding on the router and a custom port in VMware for each VM. b. Using bridged networking with static IPs assigned to each VM via MAC address, and port forwarding on the router to each IP running with standard ports. Either way, the host box, and other physical machines on the network are accessible from the VMs. Is there a way to isolate the VMs from the rest of the network, but still maintain internet access and remote VNC to the VMs?

    Read the article

  • Virtualbox two networks slow

    - by Petr Marek
    I am running an Ubuntu server guest on Win 7 guest, and am running a webrick server (RoR dev). If I have just a host-only network, everything works fine and the browser response is instant. However, if I add a second network (NAT), so that the server can connect to the internet (for various updates etc.), the host-to-guest access gets really slow. I can't use the bridge connection. I am using the port 3000 (RoR Webrick server) and connecting to the guest via internet browser on this port (eg http://192.168.56.102:3000). Any idea, what could be causing this? If I ping the IP from host console, I get < 0ms. Here are the settings (relevant info is in english; Povoleno vše is Everything is allowed):

    Read the article

  • I am trying to zip files individually, but the file type is unknown

    - by Jason Mander
    I am trying to zip some files with an unknown file type individually. I am using the following code in a batch script to do that: @ECHO OFF FOR %%A IN (bestbuy*nat*component.cpi*) DO "C:\Program Files\7-Zip\7z.exe" a -mx9 -m0=lzma2:d256m "%%~nA.7z" "%%A" The code will compress files individually ONLY if the file has an extension. Unfortunately the files that I have don't have any extension. In the code I am trying to zip files by doing a pattern match, the files are getting compressed into ONE file (which I do not want, I want each file compressed individually). Why does this code create separate zip files when the files have an extension (for example if I add .txt to the end of the files) and when there is no extension the code creates one zipped file. Can anyone please help me with the code to compress files with unknown file type so that each file gets compressed individually Your help would be greatly appreciated. Jason

    Read the article

  • CheckPoint VPN-1 SecureClient inability to navigate behind a Linksys WAG300N

    - by AndreaTrasatti
    I have a Linksys WAG300N, I'm accessing my LAN with Wifi and everything works fine on my Windows 7 Enterprise laptop. When I try to connect to my company's VPN the connection succeeds, but I cannot access any internet site either within my work network or public site like Yahoo or Google. In my Linksys control panel I already verified all types of VPNs are enable to passthrough. Normal IPSec and Windows VPN worked in the past without any problems. CheckPoint seems to have a solution, but I do not have the ability to change the IP in my client and of course using another NAT device in between is not a solution for me. Edit: adding link to the Checkpoint solution, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk26189

    Read the article

  • Accessing apache in ubuntu 10 virtualbox guest from ubuntu 10 host

    - by Francis L
    I did the following: installed VirtualBox 3.1.6 OSE in ubuntu 10 desktop. installed ubuntu 10 server on a virtual machine in VirtualBox. select "LAMP server" and "OpenSSH server" options during the ubuntu server installation. leave network "adapter 1" of virtual machine as "NAT". use "VBoxManage" described in manual to setup port forwarding on the host (Protocol: TCP, GuestPort: 80, HostPort: 8080). verify "ExtraDataItem" have been added to "ubuntuServer1.xml" (my virtual machine name) correctly. run command "pgrep apache" in ubuntu server in virtual machine to ensure apache is running. Everything went well. But, when I try to access the apache from the browser on the host with "http://localhost:8080/", it just continue fetching with no response. Now, I'm struck! Please help! Many many thanks in advance!

    Read the article

  • Wired and Wireless USB Network Adapter

    - by Evan M.
    Does anyone know if there are any USB network adapters out there that have both wired and wireless networking capability? Far-fetched, I know, but thought I'd ask. Background: Some of our users have locked down laptops that we also include unlocked virtual machines running on VMware Player. Sometimes the users have a need for network connectivity with their VMs where NAT and bridged networking from the host won't work. To supplement this, we want to supply them with adapters that they can use VMware USB pass through capabilities to provide appropriate connectivity. They will need both wired and wireless capability. Rather than carrying around 2 adapters, was hoping we could get a combination unit so that we can reduce it to 1. Thanks

    Read the article

  • Watchguard firebox: public IP addresses behind firewall with as much usable IP addresses as possible

    - by martinezpt
    Our ISP assigned us 16 public IP addresses that we want to assign to hosts behind a Watchguard firebox x750e. The IP addresses are: x.x.x.176/28 of which x.x.x.177 is the gateway. The hosts will be running software that needs to be directly assigned the public IP address so 1:1 NAT is not an option. I found this document that gives examples on how to assign public IP addresses to hosts behind the firewall, using an optional interface: http://www.watchguard.com/help/configuration-examples/public_IP_behind_XTM_configuration_example_(en-US).pdf However, I can't implement scenario 1 as it won't allow me to use the same subnet on both interfaces. As for scenario 2, splitting the address range into 2 subnets will decrease the usable hosts on the optional interface to 5 (8 - network - broadcast - optional interface ip). I'm convinced that there must be a better way to address this problem and maximize the number of usable IP addresses but I'm not very familiar with this specific firewall. Are there any suggestions on how to keep the hosts behind the firewall with public IP addresses while maximizing the usable IP addresses? thanks

    Read the article

  • VM can’t connect to outside in bridged mode

    - by Kamal
    Hi Guys, I am not able to ping any machine(not even the host) from Guest VM in bridged mode. But I got an IP which is on the same subnet as host. I can ping my guest VM from the host and can use ssh to connect to the guest. I am using Vmware workstation 6.5. Guest VM is a centos VM and host is windows xp. Every thing works fine in NAT mode. Any clues as to what could be happening. I tried disabling all the firewalls I have. My virtual network editor shows that my ethernet adapter(the one my host uses) is used for bridging. It is connected. I don't understand how I can get an IP address from DHCP server. I can't ping any of the DNS servers in generated /etc/resolv.conf which are the same as that of my host

    Read the article

  • OpenVPN on ec2 bridged mode connects but no Ping, DNS or forwarding

    - by michael
    I am trying to use OpenVPN to access the internet over a secure connection. I have openVPN configured and running on Amazon EC2 in bridge mode with client certs. I can successfully connect from the client, but I cannot get access to the internet or ping anything from the client I checked the following and everything seems to shows a successful connection between the vpn client/server and UDP traffic on 1194 [server] sudo tcpdump -i eth0 udp port 1194 (shows UDP traffic after establishing connection) [server] sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination [server] sudo iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- ip-W-X-Y-0.us-west-1.compute.internal/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination [server] openvpn.log Wed Oct 19 03:11:26 2011 localhost/a.b.c.d:61905 [localhost] Inactivity timeout (--ping-restart), restarting Wed Oct 19 03:11:26 2011 localhost/a.b.c.d:61905 SIGUSR1[soft,ping-restart] received, client-instance restarting Wed Oct 19 03:41:31 2011 MULTI: multi_create_instance called Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Re-using SSL/TLS context Wed Oct 19 03:41:31 2011 a.b.c.d:57889 LZO compression initialized Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Local Options hash (VER=V4): '360696c5' Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Expected Remote Options hash (VER=V4): '13a273ba' Wed Oct 19 03:41:31 2011 a.b.c.d:57889 TLS: Initial packet from [AF_INET]a.b.c.d:57889, sid=dd886604 ab6ebb38 Wed Oct 19 03:41:35 2011 a.b.c.d:57889 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=EXAMPLE/CN=EXAMPLE_CA/[email protected] Wed Oct 19 03:41:35 2011 a.b.c.d:57889 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=EXAMPLE/CN=localhost/[email protected] Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Oct 19 03:41:37 2011 a.b.c.d:57889 [localhost] Peer Connection Initiated with [AF_INET]a.b.c.d:57889 Wed Oct 19 03:41:39 2011 localhost/a.b.c.d:57889 PUSH: Received control message: 'PUSH_REQUEST' Wed Oct 19 03:41:39 2011 localhost/a.b.c.d:57889 SENT CONTROL [localhost]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway W.X.Y.Z,ping 10,ping-restart 120,ifconfig W.X.Y.Z 255.255.255.0' (status=1) Wed Oct 19 03:41:40 2011 localhost/a.b.c.d:57889 MULTI: Learn: (IPV6) -> localhost/a.b.c.d:57889 [client] tracert google.com Tracing route to google.com [74.125.71.104] over a maximum of 30 hops: 1 347 ms 349 ms 348 ms PC [w.X.Y.Z] 2 * * * Request timed out. I can also successfully ping the server IP address from the client, and ping google.com from an SSH shell on the server. What am I doing wrong? Here is my config (Note: W.X.Y.Z == amazon EC2 private ipaddress) bridge config on br0 ifconfig eth0 0.0.0.0 promisc up brctl addbr br0 brctl addif br0 eth0 ifconfig br0 W.X.Y.X netmask 255.255.255.0 broadcast W.X.Y.255 up route add default gw W.X.Y.1 br0 /etc/openvpn/server.conf (from https://help.ubuntu.com/10.04/serverguide/C/openvpn.html) local W.X.Y.Z dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ;server W.X.Y.0 255.255.255.0 server-bridge W.X.Y.Z 255.255.255.0 W.X.Y.105 W.X.Y.200 ;push "route W.X.Y.0 255.255.255.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" tls-auth ta.key 0 # This file is secret user nobody group nogroup log-append openvpn.log iptables config sudo iptables -A INPUT -i tap0 -j ACCEPT sudo iptables -A INPUT -i br0 -j ACCEPT sudo iptables -A FORWARD -i br0 -j ACCEPT sudo iptables -t nat -A POSTROUTING -s W.X.Y.0/24 -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Routing Tables added route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface W.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 W.X.Y.1 0.0.0.0 UG 0 0 0 br0 C:>route print =========================================================================== Interface List 32...00 ff ac d6 f7 04 ......TAP-Win32 Adapter V9 15...00 14 d1 e9 57 49 ......Microsoft Virtual WiFi Miniport Adapter #2 14...00 14 d1 e9 57 49 ......Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Net work Adapter 10...00 1f d0 50 1b ca ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.2.1 10.1.2.201 25 10.1.2.0 255.255.255.0 On-link 10.1.2.201 281 10.1.2.201 255.255.255.255 On-link 10.1.2.201 281 10.1.2.255 255.255.255.255 On-link 10.1.2.201 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.1.2.201 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.1.2.201 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.1.2.1 Default =========================================================================== C:>tracert google.com Tracing route to google.com [74.125.71.147] over a maximum of 30 hops: 1 344 ms 345 ms 343 ms PC [W.X.Y.221] 2 * * * Request timed out.

    Read the article

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >