| 1 |
Hi Allan, |
| 2 |
|
| 3 |
Allan Spagnol Comar schrieb: |
| 4 |
|
| 5 |
>Hi all, I having some strange problem on my VPN :( |
| 6 |
> |
| 7 |
>I had configured openvpn as tunnel server-client; had a tun interface ..... |
| 8 |
> |
| 9 |
>I started the open vpn using 10.8.0.0 network and has my private net |
| 10 |
>at 192.168.0.0 and the open vpn is running at 192.168.0.230 |
| 11 |
> |
| 12 |
>I started one client; the client sync receive an IP 10.8.0.5 and the |
| 13 |
>route to 192.168.0.0 network; |
| 14 |
> |
| 15 |
>Until now everything looks ok, but here is the strange sinc, I can |
| 16 |
>ping 10.8.0.1 and I can ping 192.168.0.230 but when I try to ping |
| 17 |
>192.168.0.1 it got connection time out .... |
| 18 |
> |
| 19 |
>I set up the iptables forward at the 192.168.0.230 machine .... what |
| 20 |
>more I have missed ? |
| 21 |
>anyone had a clue ? |
| 22 |
> |
| 23 |
>Thanks, Allan |
| 24 |
> |
| 25 |
> |
| 26 |
> |
| 27 |
If want to access the network of the server from the client, |
| 28 |
you need the following things. |
| 29 |
|
| 30 |
(I am going from the top down, so that someone else might be able to |
| 31 |
follow this, and get something out of it.) |
| 32 |
|
| 33 |
When openvpn creates the tunnel, you have a point to point connection, |
| 34 |
between the server and the client. |
| 35 |
In your example, you use the 10.8.0.0 network for the server to client, |
| 36 |
point to point connection. |
| 37 |
Since you say that you can ping the server on the 10.8.0.0 network, the |
| 38 |
tunnel is most likely working. |
| 39 |
You say that the server is in the 192.168.0.0 network, and has the |
| 40 |
192.168.0.230 address. |
| 41 |
You also say that a route to the 192.168.0.0 is added on the client machine, |
| 42 |
and that you can ping the server on the 192.168.0.0 network using the |
| 43 |
192.168.0.230 address. |
| 44 |
So the routing on the client is also fine. |
| 45 |
|
| 46 |
Assuming that you want the client(s) to be seen in the private network |
| 47 |
(192.168.0.0) as being in the 10.8.0.0 network, |
| 48 |
you need to add a routing back to the client for the machines in the |
| 49 |
private network.. |
| 50 |
If your private network has a default gateway, |
| 51 |
it is usually the easist to add a route at the default gateway, |
| 52 |
saying that the 10.8.0.0 network can be reached over the gateway host |
| 53 |
192.168.0.230 . |
| 54 |
|
| 55 |
The other important thing is to make sure that your open server has |
| 56 |
packet forwarding on. |
| 57 |
i.e. net.ipv4.ip_forward = 1 in /etc/sysctl.conf |
| 58 |
|
| 59 |
The best way to test you routing when you think it should be working, |
| 60 |
is to do a trace route from a machine in the private network to the |
| 61 |
client when the VPN is up. |
| 62 |
|
| 63 |
MfG, |
| 64 |
Scott |
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
-- |
| 69 |
gentoo-user@g.o mailing list |
Archives