Hi Jordan, If you want to reach the server from IP 1.2.3.4 the server will need to now where toroute this IP ;-)
So in a simple config, the server would only need: route 1.2.3.4 (if its only host 1.2.3.4 this will be sufficient; for a network you will need "route <network> <netmask>"). BUT, since you have a multi-client-configuration, you will also need an "iroute" entry for your client: The server needs to know, which client "owns" this IP/network to be routed over OpenVPN, for your configuration enables (is intended) to have more than one client. The "iroute" needs a "client-config-dir" with this entry or a "client-connect" script setting it. If you really only need one client, you might overcome the need of "iroute" by not using "server" helper, but try this entries: tls-server ifconfig 10.0.0.1 10.0.0.2 ifconfig-pool 10.0.0.4 10.0.0.251 route 10.0.0.0 255.255.255.0 push "route 10.0.0.1" This is "almost" the same than the expanded server 10.0.0.0 255.255.255.0 but will not use "mode server" and therefore should not need "iroute" entries. Hope this helps. Joerg schrieb Jordan Hayes: > I have a simple Linux OpenVPN client with the following interfaces: > > eth0 1.2.3.4 > tun0 10.0.0.5 > > The server side of the tunnel is 10.0.0.1 ... > >>From the client, I can ping the server: > > % ping -c 3 10.0.0.1 > PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. > 64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=52.9 ms > 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=32.0 ms > 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=38.0 ms > > If however, I set the source address to the external interface, I can't: > > % ping -I 1.2.3.4 -c 3 10.0.0.1 > PING 10.0.0.1 (10.0.0.1) from 1.2.3.4 : 56(84) bytes of data. > > --- 10.0.0.1 ping statistics --- > 3 packets transmitted, 0 received, 100% packet loss, time 2000ms > > I believe this is a feature :-) > > I've read about --iroute and --route, but it's still pretty opaque to me > ... > > What would I have to add to my configs to allow this to work as > intended? > > I don't need packets that *arrive* on eth0 to be routed to the tunnel, > just the ones that are locally bound on the client machine (if that > makes a difference). > > Thanks, > > /jordan > > > ps: dead-simple client config > --- > client > dev tun > proto udp > remote <host> <port> > resolv-retry infinite > nobind > persist-key > persist-tun > user nobody > group nobody > ca server-ca.crt > cert server.crt > key server.key > ns-cert-type server > tls-auth server-ta.key 1 > comp-lzo > verb 3 > --- > > server config > --- > port <port> > proto udp > dev tun > ca server-ca.crt > cert server.crt > key server.key > dh dh2048.pem > server 10.0.0.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > keepalive 10 120 > tls-auth server-ta.key 0 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 3 > --- > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
