RE: [leaf-user] Help with Openvpn setup update

Andrew Gray (Gil) Sat, 25 Feb 2006 06:37:17 -0800

Update to my problem

I find that the order of the entries in the routing table is different in each
firewall and I suspect this may have some bearing on the problem.  Here is a
quick diagram of my setup


        *************
        *  Server   *   192.168.2.35 Server Site 1
        *************
                |
                |
        *************
        *               *       192.168.2.1
        * Firewall 1*
        *               *       192.168.1.3             10.8.0.6
        *************
                |
                |
        *************
        *               *       192.168.1.1
        * Modem 1   *
        *               *       210.15.201.198
        *************
                |
                |
        Internet 
                |
                |
        *************
        *               *       203.96.34.34
        * Modem 2   *
        *               *       192.168.1.1
        *************
                |
                |
        *************
        *               *       192.168.1.4             10.8.0.1
        * Firewall 2*
        *               *       192.168.3.1
        *************
                |
                |
        *************
        *  Server   *   192.168.3.35 Server Site 2
        *************

After some fiddling and more research into the configuration I can now ping from
either firewall to the opposite end of the tunnel on the 10.8.0.0 network.   I
can ping from firewall 2 to the 192.168.2.0 network (server and internal
interface) but not from the server at this site.

>From firewall 1 I can ping firewall 2 tun0 interface but nothing else at the
other site.   This makes me think my problem is a routing problem rather than an
openvpn problem and the order of the routing entries is different on each
firewall.  Routing entries are as follows:

Firewall 1

FIREWALLESP# ip r
10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1 
192.168.1.0/30 dev eth0  proto kernel  scope link  src 192.168.1.3 
192.168.3.0/24 via 10.8.0.2 dev tun0 
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.1 
10.8.0.0/24 via 10.8.0.2 dev tun0 
default via 192.168.1.1 dev eth0 


FIREWALL 2

FIREWALLPIA# ip r
10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6 
192.168.3.0/24 dev eth1  proto kernel  scope link  src 192.168.3.1 
192.168.2.0/24 via 10.8.0.5 dev tun0 
10.8.0.0/24 via 10.8.0.5 dev tun0 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.4 
default via 192.168.1.1 dev eth0 


Can anyone tell me if I am on the right track or not?   Any help would be
greatly appreciated.



Andrew Gray
MCSE
Willowcrest Solutions Pty Ltd
 
Phone:        (07) 4128 7401
Mobile:      0418 734 078
 



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Help with Openvpn setup update

Reply via email to