On Tue, Dec 8, 2015 at 12:40 PM, Jan Just Keijser <janj...@nikhef.nl> wrote:
> Hi,
>
>
> On 08/12/15 11:00, Vnpenguin wrote:
>
> On Tue, Dec 8, 2015 at 10:08 AM, Jan Just Keijser <janj...@nikhef.nl>
> wrote:
>
>> Hi,
>>
>> On 06/12/15 20:43, debbie...@gmail.com wrote:
>>
>>> You _can_ push the Server LAN Route 192.168.254.0/24
>>> from the Server to the Client.
>>>
>>> Next .. One step at a time:
>>> You must enable IP_Forwarding on both the VPN CLient and VPN Server
>>> You can then use tcpdump to follow packets across the network ..
>>> See if you can figure out the next step ;-)
>>>
>>> "push" does not apply to the setup that vnpenguin is using (unless you
>> add an explicit "pull" to the client config).
>>
>> what debbie10t is saying is this:
>>
>> You have to work your way out, starting from the VPN client and server
>> and onto the LAN on both sides
>> - first, check that you can reach the VPN client's LAN IP from a machine
>> on the server-side LAN
>> - if that works, check that routing/ip forwarding is enabled, and that
>> your firewall rules allow forwarding
>> - then, try to connect to another machine on the client-side LAN from the
>> OpenVPN server itself
>> - finally, try it from a machine on the server-side LAN
>>
>>
>>
> Hi all,
> Thank you for your replies.
>
> Here's my current config: http://pastebin.com/i92SA4dh
>
> Here's my network schema: http://s12.postimg.org/lvl9llv19/Open_VPN_1.png
>
> With these config, I CAN :
> 1) From 192.168.254.4 ping to anyhost of client LAN.
> 2) From 192.168.1.31 ping to anyhost of server LAN.
>
> My OpenVPN boxes are not default Gateway of two LAN.
> I don't know howto ping server LAN from 192.168.1.32 (another host of
> client LAN) for example.
> I need new routing table for 192.168.1.32, or I need iptables rules ?
> Any help will be very appreciated!
>
>
> I suspect you're running Linux or perhaps a *BSD derivative.
> Your configs look OK (although you can remove the 'push "...."') on the
> server - it does nothing in your setup.
>
>
Yeah, my OpenVPN servers work under CentOS 6.
> Some questions/things to try:
>
> Is IP forwarding enabled on both ends?
> cat /proc/sys/net/ipv4/ip_forward
>
>
Yes, that's enabled already for both side.
> Do the LANs on both ends have return routes for the VPN IP range? It is
> probably easiest to add this on the LAN GWs in both cases. As a test, you
> can add it on a single client using like
> ip route -net 192.168.1.0/24 gw 192.168.254.4
>
> (and similar for the server-side PCs)
>
>
I tried this command on the box 192.168.1.32, but there's error. Maybe the
"good" command is:
ip route add 192.168.254.0/24 via 192.168.1.31
it works without error. Now, on host 192.168.1.32 I have :
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.254.0 192.168.1.31 255.255.255.0 UG 0 0 0 eth0
But I can't ping host of server LAN:
# ping 192.168.254.8
PING 192.168.254.8 (192.168.254.8) 56(84) bytes of data.
(nothing...)
"traceroute" gives me:
# traceroute -n 192.168.254.8
traceroute to 192.168.254.8 (192.168.254.8), 30 hops max, 60 byte packets
1 192.168.1.31 0.194 ms 0.177 ms 0.166 ms
2 10.100.4.1 40.558 ms 40.601 ms 40.593 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 *^C
Any idea?
Thanks
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
