Erich, The "float" directive in the bering openvpn.conf allows the WinXP wireless nic to get a variable IP. Since I am rebooting quite often, and LEAFs have no memory of the ip to mac address, so it would come up 192.168.1.3 or .4.
BTW, the Shorewall logs on both home and office fw's show no dropped UDPs of port 5000, or 50001. Rick. -----Original Message----- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 12:09 PM To: Tibbs, Richard Subject: Re: [leaf-user] Openvpn problems -- again.. Rick Tibbs, Richard wrote: >Dear list. >I have the following arrangement, running two instances of openvpn on >"home fw" I want to protect my WLAN in back of the home fw and that >works fine. I can see "Peer connection initiated with 192.168.1.3:5000" >in daemon.log on homefw. >However nothing is initiated with officefw, nor can I ping the other end >of the tunnel at officefw. I was hoping to be able to get from "subnet >to subnet" i.e. be able to ping from 192.168.1.3 to a machine like >192.168.10.13, (Later telnet securely) but this is not possible either. > > I would suggest to split up the problem into: 1) homefw to officefw (or rather home network to office network) 2) wlan to anywhere (or part of home network to anywhere) Problem 1 does not seem too complicated, you are connecting 2 distinct subnets, 192.168.1.0/24 and 192.168.10.0/24 Problem 2 looks different. Basically you include 2 more addresses in your local network 10.1.1.2 and 10.1.1.1 which are the logical endpoints of your tunnel through the WLAN. On the other end of the tunnel you send traffic oriented to a single machine. The float directive as I understand it allows any remote host to be the tunnel endpoint as long as it is authenticated. Now the question remains how to address the remote wlan machine through tun1. Below you have the tunnel endpoints 10.1.1.1 and 10.1.1.2 for tun1. I am missing a route to the machine on the other end of the tunnel tun1 unless this machine is 216.x.y.z which I doubt it is. On the windoze machine you will probably have a default route through the tunnel. I don't know if the tunnel description must match on both sides, if so tun1 must probably have a local address of 0.0.0.0/0 on homefw. Now where do you route your packets from the WLAN machine. They should probably go through the tunnel to 192.168.1.254, which incidentially is also your tunnel endpoint address. Basically it depends what default address is assigned to the laptop, which you haven't told us yet. If it is the external interface of homefw, then your comments about the 216.x.y.z. route start making sense to me. HTH Erich ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
