主題: brazilfw 2.31.10 配上 OpenVPN 問題 [已解決]

[fireflybug]

各位大大好，我在VM機器內測試brazilfw 2.31.10 配上 OpenVPN使用下面教學，但是我發現我從XP連線第一次OK，手動斷線後要再連線就會連不上，要重新開機才可以，訊息上也沒顯示錯誤，不知道大大有遇到相同問題嗎?

XP
Client (example for RoadWarrior)模式

http://b2d.phc.edu.tw/modules/tadbook2/view.php?book_sn=5&bdsn=384


另外建立 OpenVPN，若同時建立 LAN TO LAN 與 XP CLIENT，OpenVPN 的虛擬網卡會有三個虛擬IP 10.8.0.1   10.8.0.2   10.8.0.3，但是我發現會無法建立 10.8.0.3的連線，看訊息是因為 subnet為 255.255.255.252 只能使用 .1與 .2，不知到要在那邊更改虛擬網卡的 subnet 設定?

連線錯誤訊息：
Tue Feb 02 11:11:36 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Feb 02 11:11:36 2010 LZO compression initialized
Tue Feb 02 11:11:36 2010 There is a problem in your selection of --ifconfig endpoints [local=10.8.0.3, remote=10.8.0.1].  The local and remote VPN endpoints cannot use the first or last address within a given 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.
Tue Feb 02 11:11:36 2010 Exiting

[fireflybug]

查了一下訊息，看起來一定要是255.255.255.252的組合，而且要符合下面的列表組合：
剛測試了一下，應該是如果brazilfw 內 OPENVPN，已經設定第一組 LAN to LAN，用掉了 10.8.0.1 與 10.8.0.2這組，如果我要再用一組 roadwarrior 讓CLIENT連線，則  SERVER VPN 與 CLIENT VPN 要用別組IP，我這邊是用 10.8.0.5與10.8.0.6這兩組，果然可以連線了!!

C:\>openvpn --show-valid-subnets
On Windows, point-to-point IP support (i.e. --dev tun)
is emulated by the TAP-Win32 driver.  The major limitation
imposed by this approach is that the --ifconfig local and
remote endpoints must be part of the same 255.255.255.252
subnet.  The following list shows examples of endpoint
pairs which satisfy this requirement.  Only the final
component of the IP address pairs is at issue.

As an example, the following option would be correct:
    --ifconfig 10.7.0.5 10.7.0.6 (on host A)
    --ifconfig 10.7.0.6 10.7.0.5 (on host B)
because [5,6] is part of the below list.

[  1,  2] [  5,  6] [  9, 10] [ 13, 14] [ 17, 18]
[ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38]
[ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58]
[ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78]
[ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98]
[101,102] [105,106] [109,110] [113,114] [117,118]
[121,122] [125,126] [129,130] [133,134] [137,138]
[141,142] [145,146] [149,150] [153,154] [157,158]
[161,162] [165,166] [169,170] [173,174] [177,178]
[181,182] [185,186] [189,190] [193,194] [197,198]
[201,202] [205,206] [209,210] [213,214] [217,218]
[221,222] [225,226] [229,230] [233,234] [237,238]
[241,242] [245,246] [249,250] [253,254]