Hi David

 I do push the route to the OpenVPN clients and I do have the route
back on the servers in the main office. To be sure I ran a sniffer on
a server in the main office to see if any traffic reaches the server
from the VPN client and the sniffer showed nothing reached the server.
It's not a firewalling issue in either the main or branch offices as
the same type of traffic (ping in this case) worked fine from a desktop
in the branch office.



TIA
Paolo


David Newman wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/3/07 3:28 PM, Paolo Supino wrote:
Hi David

It's true that all IP addresses are in the 10.x.x.x private address
space that isn't supposed to be routed on the Internet, but in all the
connections over the Internet the only visible addresses are the
public ones (otherwise the VPNs wouldn't be working): Main and branch
office public IP addresses and what ever the road warriors receive when
connecting their laptops, either at home or at a client's site.
The branch's firewall NATs the branch office 10.x.x.x address space
on its external interface, but I don't see how that would cause routing
problems between the 2 VPNs.

Per Stuart's suggestion, check your VPN clients' routing tables with
"netstat -f inet -nr | more" and determine whether they have a path to
your main office. Same thing for servers at the main office trying to
reach the VPN clients.

traceroute might be helpful (or might not; lots of places filter ICMP).

dn
iD8DBQFG3IxEyPxGVjntI4IRAj6MAKD5KMLoU74rea9P8HyApe8hS5nHmgCeLbco
+W9hUUKEAvhqCZM9ktKErd4=
=h5aK
-----END PGP SIGNATURE-----

Reply via email to