[leaf-user] Openvpn problems -- again..

Thu, 16 Dec 2004 17:50:14 -0800 

Dear list. 
I have the following arrangement, running two instances of openvpn on
"home fw"  I want to protect my WLAN in back of the home fw and that
works fine.  I can see "Peer connection initiated with 192.168.1.3:5000"
in daemon.log on homefw.   
However nothing is initiated with officefw, nor can I ping the other end
of the tunnel at officefw.  I was hoping to be able to get from "subnet
to subnet" i.e. be able to ping from 192.168.1.3 to a machine like
192.168.10.13, (Later telnet securely) but this is not possible either.


home subnet                                     office subnet
192.168.1.0/24                                 192.168.10.0/24
  winxp -- WLAN -- homefw -- Internet -------------- officefw
     <--- tun 1 -----> <------------------ tun0 ---------->
10.1.1.2      10.1.1.1  10.1.10.1                     10.1.10.2
       route 216.x.y.z  route 192.168.10.0/24        route
192.168.1.0/24

Why does nothing work for tun0?
TIA
Rick

On homefw, the route table becomes
# ip route sho
10.1.10.2 dev tun0  proto kernel  scope link  src 10.1.10.1 
216.x.y.z via 10.1.1.2 dev tun1 
10.1.1.2 dev tun1  proto kernel  scope link  src 10.1.1.1 
216.12.22.64/26 dev eth0  proto kernel  scope link  src 216.x.y.z 
216.12.22.64/26 dev ipsec0  proto kernel  scope link  src 216.x.y.z 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
192.168.10.0/24 via 10.1.10.2 dev tun0 
default via 216.12.22.65 dev eth0

and the tunnel conf on homefw (tun0) is
dev tun
disable-occ
port 50001
local 216.x.y.z    < ... public IP anonymized...>
# Our remote peer (office subnet)
remote 137.p.q.r   < ... public IP anonymized...>
ifconfig 10.1.10.1 10.1.10.2
route 192.168.10.0 255.255.255.0
# Our pre-shared static key
secret static.key

The officefw conf is similar, except these things reversed
port 50001
local 137.p.q.r
remote  216.x.y.z
ifconfig 10.1.10.2 10.1.10.1
route 192.168.1.0 255.255.255.0


The config for the WLAN tunnel (tun1) is
dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
disable-occ
local 192.168.1.254
float
ifconfig 10.1.1.1 10.1.1.2
# only this route directive will work, all else fails.
route 216.x.y.z
# Our pre-shared static key
secret static.key



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to