Am 01.02.2013 um 05:18 schrieb Brian Barr: > I'm having some difficulty making openvpn work and am looking for some > pointers as to what I may be doing wrong. > > Now that there is an official Openvpn client for IOS devices I am revisiting > this and would really like to make it work. > > Setup: > > Gateway router using nat (snapgear/linux based) connected to local lan. > Astlinux box on lan behind gateway router as a single nic appliance. > Astlinux handles pbx duties fine. > Gateway router set to forward iax packets and openvpn packets to Astlinux > box. > > Goal is to allow external laptop/IOS device to access all resources on lan > using nat'd astlinux box as a gateway. > > I configured the openvpn server in the webinterface and exported the client > config to laptop. > > addressing: > Gateway Router LAN addess: 192.168.5.1 > LAN 192.168.5.0/24 > OpenVpnNet 10.0.8.0/24 > Astlinux box 192.168.5.13 > > "route 192.168.5.0/24" is in "push" section of openvpn config. > > Laptop (os x) using viscosity client connects just fine to astlinux box from > the outside. > Viscosity reports assigned address is 10.0.8.14 > > I also put a static route in the linux gateway router (10.0.8.0/24 -> > 192.168.5.13) > > I can access the astlinux web interface on the astlinux box just fine from > the connected laptop at 10.0.8.1 and 192.168.5.13 -- but I can't get > anywhere else on the internal lan. > > It appears the astlinux box is not forwarding packets to the lan or something > else is amiss. What am I missing? Do I need to enable the firewall on the > astlinux box and enable the openvpn plugin?
Yes, you need to enable the firewall, the plugin is since 1.0.6 enabled automatically. Be sure to also enable the ports to access AstLinux 22, 443 (80) before! I have a customer with a similar setup: I don't remember if that what needed, but I added a (non-used) internal LAN on eth1 and allowed OVPN server tunnel to 1st. LAN interface. > Laptop routing table: > BB-MacBookPRO:~ brianbarr$ netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 192.168.10.1 UGSc 41 0 en1 > 10.8.0.1/32 10.8.0.13 UGSc 0 0 tun0 > 10.8.0.13 10.8.0.14 UH 5 0 tun0 > 127 127.0.0.1 UCS 0 0 lo0 > 127.0.0.1 127.0.0.1 UH 6 4163 lo0 > 169.254 link#5 UCS 0 0 en1 > 192.168.5 10.8.0.13 UGSc 3 0 tun0 > 192.168.10 link#5 UCS 6 0 en1 > 192.168.10.1 0:d0:cf:2:91:a4 UHLWIi 40 255 en1 > 1173 > 192.168.10.108 7c:c5:37:13:8b:bb UHLWIi 0 0 en1 > 1144 > 192.168.10.110 link#5 UHLWIi 0 1 en1 > 192.168.10.118 link#5 UHLWIi 0 2 en1 > 192.168.10.127 20:c9:d0:98:55:60 UHLWIi 0 0 en1 > 321 > 192.168.10.129 74:e1:b6:9c:dc:47 UHLWIi 0 0 en1 > 743 > 192.168.10.171 127.0.0.1 UHS 0 0 lo0 > > > Astlinux routing table: > pbx-chi ~ # netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 > 0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 eth0 > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_jan > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. Michael http://www.mksolutions.info
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
