1 |
Hi Allan, |
2 |
|
3 |
Allan Spagnol Comar schrieb: |
4 |
|
5 |
>Hi all, I having some strange problem on my VPN :( |
6 |
> |
7 |
>I had configured openvpn as tunnel server-client; had a tun interface ..... |
8 |
> |
9 |
>I started the open vpn using 10.8.0.0 network and has my private net |
10 |
>at 192.168.0.0 and the open vpn is running at 192.168.0.230 |
11 |
> |
12 |
>I started one client; the client sync receive an IP 10.8.0.5 and the |
13 |
>route to 192.168.0.0 network; |
14 |
> |
15 |
>Until now everything looks ok, but here is the strange sinc, I can |
16 |
>ping 10.8.0.1 and I can ping 192.168.0.230 but when I try to ping |
17 |
>192.168.0.1 it got connection time out .... |
18 |
> |
19 |
>I set up the iptables forward at the 192.168.0.230 machine .... what |
20 |
>more I have missed ? |
21 |
>anyone had a clue ? |
22 |
> |
23 |
>Thanks, Allan |
24 |
> |
25 |
> |
26 |
> |
27 |
If want to access the network of the server from the client, |
28 |
you need the following things. |
29 |
|
30 |
(I am going from the top down, so that someone else might be able to |
31 |
follow this, and get something out of it.) |
32 |
|
33 |
When openvpn creates the tunnel, you have a point to point connection, |
34 |
between the server and the client. |
35 |
In your example, you use the 10.8.0.0 network for the server to client, |
36 |
point to point connection. |
37 |
Since you say that you can ping the server on the 10.8.0.0 network, the |
38 |
tunnel is most likely working. |
39 |
You say that the server is in the 192.168.0.0 network, and has the |
40 |
192.168.0.230 address. |
41 |
You also say that a route to the 192.168.0.0 is added on the client machine, |
42 |
and that you can ping the server on the 192.168.0.0 network using the |
43 |
192.168.0.230 address. |
44 |
So the routing on the client is also fine. |
45 |
|
46 |
Assuming that you want the client(s) to be seen in the private network |
47 |
(192.168.0.0) as being in the 10.8.0.0 network, |
48 |
you need to add a routing back to the client for the machines in the |
49 |
private network.. |
50 |
If your private network has a default gateway, |
51 |
it is usually the easist to add a route at the default gateway, |
52 |
saying that the 10.8.0.0 network can be reached over the gateway host |
53 |
192.168.0.230 . |
54 |
|
55 |
The other important thing is to make sure that your open server has |
56 |
packet forwarding on. |
57 |
i.e. net.ipv4.ip_forward = 1 in /etc/sysctl.conf |
58 |
|
59 |
The best way to test you routing when you think it should be working, |
60 |
is to do a trace route from a machine in the private network to the |
61 |
client when the VPN is up. |
62 |
|
63 |
MfG, |
64 |
Scott |
65 |
|
66 |
|
67 |
-- |
68 |
gentoo-user@g.o mailing list |