RE: [leaf-user] Openvpn problems -- again..

Tibbs, Richard Thu, 16 Dec 2004 16:38:04 -0800

OK, I deleted the route directive on the wireless laptop and everything
works fine.  I can ping each end of the tunnel from the other, etc. 
Apparently the route directive is completely unnecessary in my situation
on either end.
Thanks for everyone's patience with this.
Hope it helps some other openvpn newbie.
Rick.


The configs are shown  below and the route table on the laptop is now:


Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 0e 35 15 24 f3 ...... Intel(R) PRO/Wireless 2200BG Network
Connection
- Deterministic Network Enhancer Miniport
0x4 ...00 ff 3e b0 bd 7d ...... TAP-Win32 Adapter V8 - Deterministic
Network Enh
ancer Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.3
2
         10.1.1.0  255.255.255.252         10.1.1.2        10.1.1.2
30
         10.1.1.2  255.255.255.255        127.0.0.1       127.0.0.1
30
   10.255.255.255  255.255.255.255         10.1.1.2        10.1.1.2
30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3
2
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1
2
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3
2
        224.0.0.0        240.0.0.0         10.1.1.2        10.1.1.2
30
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3
2
  255.255.255.255  255.255.255.255         10.1.1.2        10.1.1.2
1
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3
1
Default Gateway:     192.168.1.254
========================================================================
===
Persistent Routes:
  None
====================== Winxp config (openvpn 2.0beta 15)
==================
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ifconfig 10.1.1.2 10.1.1.1
secret secret.txt
ping-restart 60
 ping-timer-rem
 persist-tun
ping 10
verb 9
mute 10

====================== Bering openvpn 1.6 config ================

dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
disable-occ
local 192.168.1.254
float
ifconfig 10.1.1.1 10.1.1.2

# Our pre-shared static key
secret static.key
verb 5
mute 10         

================================================================


-----Original Message-----
From: Erich Titl [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 16, 2004 11:16 AM
To: Tibbs, Richard; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Openvpn problems -- again..

Rick

Tibbs, Richard wrote:

>the pt-to-pt tunnel needed to know how to get to the other.
>  
>
Not the endpoints, your local end point is a device which is linked to 
an address and knows the other end of the tunnel. The local and remote 
directives apparently take care of the routing issues.

>>>>Apparently not so. 
>>>>        
>>>>
>Two remaining issues that I will experiment later:
>1) Do I need a route directive on the wireless laptop?
>  
>
Look at the routing table on the laptop once you have the tunnel up.

>2) Pending the outcome of 1), Do I need route directives between home &
>office.
>  
>
IMHO that is the easy part of the set up. The tunnel between your home 
network and the office network takes care of the routing for the office.
Your home and wireless network are one and the same seen from the
office.

Your set up appears complicated to me because you want to tunnel through

your home network to address something inside your home network. I 
believe it could be done by bridging a tap device and eth1 and divide 
the home network in  2 subnets. I would go the easy way, define 2 
subnets, one for wired and one for wireless. Add one more nic to the 
home fw and connect your wireless bridge directly to that nic.

Example:

wired subnet:
eth1 192.168.1.0/26
wireless subnet
eth2 192.168.1.64/26

Both live in the 192.168.1.0/24 subnet, thus are one and the same for 
your office gateway. On your home gateway you have now dedicated subnets

for wired and wireless, which adds additional security to your set up 
because now broadcasts on the wire are not sent to the wireless 
environment. You will need to set up routing between the different 
shorewall zones but that should be easy.

cheers
Erich
 




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Openvpn problems -- again..

Reply via email to