Just wanted to convey Thanks again Doug. Your instructions on ccd just did the trick.
-Bruce > From: [email protected] > To: [email protected]; [email protected] > Date: Tue, 21 Sep 2010 19:06:28 -0400 > Subject: RE: [on-asterisk] OpenVPN Gurus! How to forward all traffic from > eth1 to tun0? > > > Thanks Doubh. I think you are right on point. I thought all the routing > should be done on the Server B side but I might be wrong now that you put it > this way. However, I can't figure this out and am banging my head against the > wall. I also tried brctl but because tun0 is layer 3 it won't bridge with > eth1 and that is really not something I'd like to do anyways because of the > DHCP in place. > > > > So here is what I have for netstat -rn after all connections are made: > > > > > > Server A - Ovpn_Server: > [r...@servera:~]$ netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > 172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0 > 192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0 > 0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0 > > > Server B - Ovpn_Client: > [r...@serverb:~]# netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 172.16.0.1 172.16.0.13 255.255.255.255 UGH 0 0 0 tun0 > 172.16.0.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > 172.16.0.0 172.16.0.13 255.255.255.0 UG 0 0 0 tun0 > 10.10.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 > 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 > 0.0.0.0 10.10.9.1 0.0.0.0 UG 0 0 0 eth0 > > > > > I have everything included all the settings posted into pastebin, if you can > please have a look and let me know what I am missing: > > http://pastebin.com/GHQry456 > > > > Thanks a lot, > > Bruce > > > Date: Tue, 21 Sep 2010 17:44:44 -0400 > > From: [email protected] > > To: [email protected] > > Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from > > eth1 to tun0? > > > > Bruce, > > Do you have ip_forward enabled on both machines? Look in > > /etc/sysctl.conf and see if net.ipv4.ip_forward is set to one (only read > > at boot time, so you'll need to set it with the sysctl command if you > > don't want to reboot). > > > > On both servers do a netstat -rn > > > > On server A are there routes for the networks associated with B, and on > > B are there routes for the networks associated with A? There should be, > > for this to work. > > > > If you're following the usual cookbook server/client with X.509 keys, > > look at the part in the server.conf file talking about creating a ccd > > directory, and connection specific file with an "iroute" statement in it. > > > > If Server B is not the default gateway for the subnet, you'll need to > > add a static route to the default gateway that specifies the internal > > interface of Server B as the gateway to the addresses associated with > > Server A (depending on the circumstances, you might need to do that on > > the Server A end too). > > > > Hope that helps. > > > > Regards, > > Doug. > > > > > > On 21/09/2010 4:36 PM, Bruce N wrote: > > > > > > Thanks for that. Yes, I am pushing and it makes it available only to > > > Server B and not to it's DHCPd clients which exist on Eth1. > > > I think the push only helps Server A and Server B to ping each other and > > > not the other networks they may have contact with. > > > > > > I have a pastebin of the whole route here:http://pastebin.com/98JhraeJ > > > > > > Basically anyone on the dhcpd 10.0.0.0/24 can't ping the 172.16.0.1 which > > > is the OpenVPN server. But, both OpenVPN server and client server can > > > ping each other. > > > > > > -Bruce > > > > > > > > > > > > Date: Tue, 21 Sep 2010 15:25:24 -0400 > > > From: [email protected] > > > To: [email protected] > > > Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from > > > eth1 to tun0? > > > > > > > > > Bruce, > > > > > > On your client (Server B) are you pushing the route in your config ? > > > > > > route 172.15.0.0 255.255.255.0 > > > push "route 172.15.0.0 255.255.255.0" > > > > > > Mike > > > > > > On 09/21/2010 1:57 PM, Bruce N wrote: > > > Hi Everyone, > > > > > > > > > I know this is way off-topic of the list but it does involve getting > > > Asterisk service up and running :-) > > > > > > > > > > > > In nutshell: > > > > > > I need to SIP/UDP traffic of eth1 (dhcpd server) traffic to tun0 (openvpn > > > tunnel) without sending the dhcpd requests to tun0. > > > > > > > > > > > > In detail: > > > > > > I have two servers: > > > > > > > > > > > > Server A running Asterisk and OpenVPN Server. > > > > > > Server B running DHCPd and has two NIC cards. Eth0 is the WAN to ISP. > > > Eth1 is the NIC that feeds the Switch with DHCPd IPs to endpoint SIP > > > phones. > > > > > > > > > > > > Server A and Server B are miles and miles away from each and are > > > connected to the internet either via Eht0 or Vnet. > > > > > > > > > > > > OpenVPN on Server A is set to IP range 172.15.0.0/24 so Server A and B > > > can ping each other in that range with 172.15.0.1 assigned to Server A. > > > > > > > > > > > > Server B is connected to Server A as an OpenVPN client. I can ping Server > > > A from Server B when doing: ping 172.15.0.1 > > > > > > > > > > > > However, any endpoints (SIP phones) that have obtained IP from Server B > > > DHCPd can not ping 172.15.0.1. Network 172.15.0.1 is simple unreachable > > > to them. My thought was that upon succesful establish of the openvpn > > > connection the routes will populate properly but it seems that any > > > requests to 172.15.0.1 hit eth0 which is of course wrong. I tried adding > > > routes and I got SIODDART > > > > > > > > > > > > Here is what I need to accomplish: > > > > > > > > > > > > Run a DHCPd service on Server B (which has two NIC cards) and feed IPs to > > > SIP phones and endpoint > > > > > > Create a tunnel between > > > > > > Note: I can't do: push "redirect-gateway def1" because it will make > > > Server B unreachable and Enpoint A points to Server A for DHCP packets > > > which is wrong. > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > >
