OK< As everyone has noted the route that I created makes no sense. So I just commented out the route directive and everything still works fine. The history if this was, >>> tried an openvpn.up script to add the route, but that was failing. >>> added a route directive to openvpn.conf, thinking that each end of the pt-to-pt tunnel needed to know how to get to the other. >>> Apparently not so. Two remaining issues that I will experiment later: 1) Do I need a route directive on the wireless laptop? 2) Pending the outcome of 1), Do I need route directives between home & office.
HTH Rick. -----Original Message----- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 6:08 PM To: Tibbs, Richard Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Openvpn problems -- again.. Rick Tibbs, Richard wrote: >Erich, >The "float" directive in the bering openvpn.conf allows the WinXP >wireless nic to get a variable IP. Since I am rebooting quite often, >and LEAFs have no memory of the ip to mac address, so it would come up >192.168.1.3 or .4. > > OK, but still you are tunnelling through your own subnet using the addresses >BTW, the Shorewall logs on both home and office fw's show no dropped >UDPs of port 5000, or 50001. > > Do you have connection from your home network (wired) to the office network through the tunnel? IMHO this is the basis of your connectivity. The tunnelled laptop is just the icing on the cake as it is part of your home network. Once you have connectivity to the office you can set up your wireless environment. You still did not provide a clue about your routing on your wireless client. Could you explain the rationale for the route 216.x.y.z through the tunnel? I see no need for this route assuming that it is the external address of your home fw. -------excerpts from your previous post On homefw, the route table becomes # ip route sho 10.1.10.2 dev tun0 proto kernel scope link src 10.1.10.1 ----> dev tun0 gets an address of 10.1.10.1 with a peer of 10.1.10.2 192.168.10.0/24 via 10.1.10.2 dev tun0 ----> packets for 192.168.10.0 (office network) are routed to 10.1.10.2 using tun0 10.1.1.2 dev tun1 proto kernel scope link src 10.1.1.1 ----> dev tun1 gets an address of 10.1.1.1 with a peer of 10.1.1.2 216.12.22.64/26 dev eth0 proto kernel scope link src 216.x.y.z ----> this, I assume is your external address 216.x.y.z via 10.1.1.2 dev tun1 ----> this is the result of your route entry which I fail to understand. This IMHO routes packets destined for 216.x.y.z through tun1 which I believe is the tunnel to access your wireless client. The local endpoint of this tunnel will be 10.1.1.1, the remote end will be 10.1.1.2 but what is the address you are tunneling to? Is it really 216.x.y.z? I doubt it. I believe you want to address the laptop with an address in the 192.168.1.0/24 subnet. The problem is the route below because it covers already the entire subnet. What is needed is a more specific route to the address of your laptop, possibly by placing this in a subnet of 192.168.1.0. 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 ----> this is your inner interface, normal 216.12.22.64/26 dev ipsec0 proto kernel scope link src 216.x.y.z ----> this is built by ipsec, no importance here (hopefully) default via 216.12.22.65 dev eth ----> and last, but not least, the default route used to access the internet and your peer at 137.p.q.r cheers Erich ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
