Hi Allan,
Allan Spagnol Comar schrieb:
Hi all, I having some strange problem on my VPN :(
I had configured openvpn as tunnel server-client; had a tun interface .....
I started the open vpn using 10.8.0.0 network and has my private net
at 192.168.0.0 and the open vpn is running at 192.168.0.230
I started one client; the client sync receive an IP 10.8.0.5 and the
route to 192.168.0.0 network;
Until now everything looks ok, but here is the strange sinc, I can
ping 10.8.0.1 and I can ping 192.168.0.230 but when I try to ping
192.168.0.1 it got connection time out ....
I set up the iptables forward at the 192.168.0.230 machine .... what
more I have missed ?
anyone had a clue ?
Thanks, Allan
If want to access the network of the server from the client,
you need the following things.
(I am going from the top down, so that someone else might be able to
follow this, and get something out of it.)
When openvpn creates the tunnel, you have a point to point connection,
between the server and the client.
In your example, you use the 10.8.0.0 network for the server to client,
point to point connection.
Since you say that you can ping the server on the 10.8.0.0 network, the
tunnel is most likely working.
You say that the server is in the 192.168.0.0 network, and has the
192.168.0.230 address.
You also say that a route to the 192.168.0.0 is added on the client machine,
and that you can ping the server on the 192.168.0.0 network using the
192.168.0.230 address.
So the routing on the client is also fine.
Assuming that you want the client(s) to be seen in the private network
(192.168.0.0) as being in the 10.8.0.0 network,
you need to add a routing back to the client for the machines in the
private network..
If your private network has a default gateway,
it is usually the easist to add a route at the default gateway,
saying that the 10.8.0.0 network can be reached over the gateway host
192.168.0.230 .
The other important thing is to make sure that your open server has
packet forwarding on.
i.e. net.ipv4.ip_forward = 1 in /etc/sysctl.conf
The best way to test you routing when you think it should be working,
is to do a trace route from a machine in the private network to the
client when the VPN is up.
MfG,
Scott
--
gentoo-user@gentoo.org mailing list
