Hi Dave,
On 08/04/2014 05:23 AM, davidg12...@fast-email.com wrote:
> For this case
>
> Internet
> |
> |
> | ext: A.B.C.D
> Router/Firewall + OpenVPN Server
> | tun: 10.99.99.1
> | int: 10.0.0.1
> |
> |
> | ext: X.Y.Z.W
> Router/Firewall + OpenVPN Client
> | tun: 10.99.99.2
> | int: 192.168.0.1
> | int: 10.10.10.1
> |
> |--------------------------
> | |
> MyDesktop OtherPCs
> 192.168.0.2 (192.168.0.3+/24)
> 10.10.10.2
>
> from MyDesktop, ping over the vpn TO my Openvpn Server's internal IP
>
> ping -c1 -I 10.10.10.2 10.0.0.1
>
> works OK.
>
> But ping over the vpn TO the external 'net
>
> ping -c1 -I 10.10.10.2 google-public-dns-a.google.com
>
> times out
>
> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
>
> That extras step of going 'out' the Server to the 'net is not getting a reply
> back.
>
> What (i)route in which OpenVPN config (server, server/ccd/client, client)
> would take care of that?
>
I assume you have added this line to your OpenVPN client config, right?
route 8.8.8.8 255.255.255.255
The problem is likely a missing source NAT (MASQUERADING) config on the
OpenVPN server.
For further troubleshooting the output of "route -n" from the
routers/OpenVPN machines and "iptables -t nat -L -n -v" from the OpenVPN
server would be needed.
Cheers,
Mathias.
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
