3 | | {{{ |
4 | | #!html |
5 | | <div> |
6 | | <li>Make sure that the firewall is not filtering the TUN/TAP interface.</li> |
7 | | <li>Make sure you have <a href="/index.php/open-source/faq.html#ip-forward">IP forwarding</a> enabled on the server.</li> |
8 | | <li>If you are using routing (not ethernet bridging), make sure the clients (or LAN gateway) have a route back to the server for the packets coming in over the tunnel. This can be done by: |
9 | | <ul> |
10 | | <li>adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine,</li> |
11 | | <li>adding a route to every client, or</li> |
12 | | <li>NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net.</li> |
13 | | </ul> |
14 | | </li> |
15 | | <li>If you are still stumped, use <strong>tcpdump</strong>, <strong>wireshark</strong>, or <strong>WinDump</strong> to determine where packets are being dropped.</li> |
16 | | </div> |
17 | | }}} |
| 3 | * Make sure that the firewall is not filtering the TUN/TAP interface. |
| 4 | * Make sure you have [http://openvpn.net/index.php/open-source/faq/community-software-server/265-how-do-i-enable-ip-forwarding.html IP forwarding] enabled on the server. |
| 5 | * If you are using routing (not [wiki:BridgingAndRouting ethernet bridging]), make sure the clients (or LAN gateway) have a route back to the server for the packets coming in over the tunnel. This can be done by: |
| 6 | * adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine, |
| 7 | * adding a route to every client, or |
| 8 | * NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net. |
| 9 | |
| 10 | * If you are still stumped, use '''tcpdump''', '''wireshark''', or '''WinDump''' to determine where packets are being dropped. |