Re: need Openvpn routing help
On 6/16/08, Charlie Farinella <[EMAIL PROTECTED]> wrote: > I had set the iroute directive earlier and was able to ping through to > the secondary interface from the server, but not from the other > clients. Pushing the route has now allowed the other clients to see > the interface as well. Thank you. :-) > My last remaining obstacle is allowing the packets to be forwarded > through OpenBSD's packet filter. I will do some reading and hopefully > will have this up and running soon. > Thanks to everyone, you guys are "it". :-) Awesome. *Semi OT comment* This is one area where I've always felt that OpenSource applications generally suffer. More often then not, most commercial operating systems present most of these sort of things with some sort of graphical configuration interface to the configuration files. Granted there are pushes to 'polish' most modern Linux distros, I'd be really nice for some sort of centralized graphical configuration which is at least semi intuative. I came to the above information as I actually have routes set up in a simular manner, but configured them via pfSense's front end, which actually has intuative configuration screens for this sort of thing. I know, I know. distros have in the past provided some means of graphically configuring things. But they all seem to have been stopgaps to provide something, and not one unified interface. Webmin did a pretty good job at this thinking about it, but they never seemed to 'kick it to the next level'. Just thinking out loud I suppose... -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Monday 16 June 2008, Thomas Charron wrote: > On Mon, Jun 16, 2008 at 4:41 PM, Thomas Charron <[EMAIL PROTECTED]> wrote: > > On Mon, Jun 16, 2008 at 4:25 PM, Charlie Farinella > >> 10.8.8.6 is pingable > >> from this machine and traceroute shows it as one hop, I can ssh in, > >> etc. I get similar error messages (SIOCADDRT: Network is unreachable) > >> if I try to set it up on a Linux client. I don't understand how I have > >> to set the gateway, or perhaps I'm misunderstanding what the gateway > >> should be. > > Hrm. Do you have the --client-to-client option anyplace? Can you > > connect in a way BESIDES ping to the other machines, like, ssh, or > > telnet to port 22? > > This is an excerpt from the man pages regarding the > --client-to-client. Remember, OpenVPN doesn't just dump packets, it > manages them. These two options are important for what your wish to > do: > > = From man openvpn:: > The --iroute directive also has an important interaction with > --push "route ...". --iroute essentially defines a subnet which is > owned by a particular client (we will call this client A). If you > would like other clients to be able to reach A's subnet, you can use > --push "route ..." together with --client-to-client to effect this. I had set the iroute directive earlier and was able to ping through to the secondary interface from the server, but not from the other clients. Pushing the route has now allowed the other clients to see the interface as well. Thank you. :-) My last remaining obstacle is allowing the packets to be forwarded through OpenBSD's packet filter. I will do some reading and hopefully will have this up and running soon. Thanks to everyone, you guys are "it". :-) --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Mon, Jun 16, 2008 at 4:41 PM, Thomas Charron <[EMAIL PROTECTED]> wrote: > On Mon, Jun 16, 2008 at 4:25 PM, Charlie Farinella >> 10.8.8.6 is pingable >> from this machine and traceroute shows it as one hop, I can ssh in, >> etc. I get similar error messages (SIOCADDRT: Network is unreachable) >> if I try to set it up on a Linux client. I don't understand how I have >> to set the gateway, or perhaps I'm misunderstanding what the gateway >> should be. > Hrm. Do you have the --client-to-client option anyplace? Can you > connect in a way BESIDES ping to the other machines, like, ssh, or > telnet to port 22? This is an excerpt from the man pages regarding the --client-to-client. Remember, OpenVPN doesn't just dump packets, it manages them. These two options are important for what your wish to do: = From man openvpn:: --iroute network [netmask] Generate an internal route to a specific client. The netmask parameter, if omitted, defaults to 255.255.255.255. This directive can be used to route a fixed subnet from the server to a particular client, regardless of where the client is connecting from. Remember that you must also add the route to the system routing table as well (such as by using the --route directive). The reason why two routes are needed is that the --route directive routes the packet from the kernel to OpenVPN. Once in OpenVPN, the --iroute directive routes to the specific client. This option must be specified either in a client instance config file using --client-config-dir or dynamically generated using a --client-connect script. The --iroute directive also has an important interaction with --push "route ...". --iroute essentially defines a subnet which is owned by a particular client (we will call this client A). If you would like other clients to be able to reach A's subnet, you can use --push "route ..." together with --client-to-client to effect this. In order for all clients to see A's subnet, OpenVPN must push this route to all clients EXCEPT for A, since the subnet is already owned by A. OpenVPN accomplishes this by not not pushing a route to a client if it matches one of the client's iroutes. --client-to-client Because the OpenVPN server mode handles multiple clients through a single tun or tap interface, it is effectively a router. The --client-to-client flag tells OpenVPN to internally route client-to-client traffic rather than pushing all client-originating traffic to the TUN/TAP interface. When this option is used, each client will "see" the other clients which are currently connected. Otherwise, each client will only see the server. Don't use this option if you want to firewall tunnel traffic using custom, per-client rules. end excerpt In your openvpn.conf file, you'd need something that specifies client-to-client, as well as pushed route commands. The CLIENT connection scripts then need iroute entries so openvpn is aware that it is to route traffic for those external interfaces as well, THRU the OpenVPN tunnel. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Mon, Jun 16, 2008 at 4:25 PM, Charlie Farinella <[EMAIL PROTECTED]> wrote: > Ok thank you, here we go, I hope I can explain it well enough for people > to understand. Awesome, now THERE'S some raw data. > I need to create a route from an XP client to 10.10.0.42 on the OpenBSD > client. Attempting to set "route add 10.10.0.0 mask 255.255.255.0 > 10.8.8.6 if 3" results in failure, " either the interface index is > wrong ( interface index 3 is the TAP-Win adapter ) or the gateway does > not lie on the same network as the interface". Shouldn't need to if 3 argument, it's optional. > 10.8.8.6 is pingable > from this machine and traceroute shows it as one hop, I can ssh in, > etc. I get similar error messages (SIOCADDRT: Network is unreachable) > if I try to set it up on a Linux client. I don't understand how I have > to set the gateway, or perhaps I'm misunderstanding what the gateway > should be. > Hrm. Do you have the --client-to-client option anyplace? Can you connect in a way BESIDES ping to the other machines, like, ssh, or telnet to port 22? -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Friday 13 June 2008, Ben Scott wrote: > Suggested course of action: > > Use the "route" command to review the routing tables on the two > computers. Just issue the command "route" with no arguments, and it > should print the routing table. Or maybe "route -n" to prevent the > system from wasting time trying to look up names for things. If > you're not sure how to interpret the output, post the output (for each > computer, identifying which is which), and we can check your work. Ok thank you, here we go, I hope I can explain it well enough for people to understand. Server -- CentOS 5.1 10.8.8.1 Client1 -- WinXP 10.8.8.10 Client2 -- OpenBSD 10.8.8.6 Client1 and Client2 are on different subnets, 192.168.24.0 and 192.168.25.0. I need to create a route from an XP client to 10.10.0.42 on the OpenBSD client. Attempting to set "route add 10.10.0.0 mask 255.255.255.0 10.8.8.6 if 3" results in failure, " either the interface index is wrong ( interface index 3 is the TAP-Win adapter ) or the gateway does not lie on the same network as the interface". 10.8.8.6 is pingable from this machine and traceroute shows it as one hop, I can ssh in, etc. I get similar error messages (SIOCADDRT: Network is unreachable) if I try to set it up on a Linux client. I don't understand how I have to set the gateway, or perhaps I'm misunderstanding what the gateway should be. OpenVPN server: == Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.8.2* 255.255.255.255 UH0 00 tun0 63.131.36.0 *255.255.255.224 U 0 00 eth0 10.8.8.0 10.8.8.2 255.255.255.0 UG0 00 tun0 default 63.131.36.1 0.0.0.0 UG0 00 eth0 == Client1 running XP: == Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.24.254 192.168.24.214 20 10.8.8.0255.255.255.0 10.8.8.9 10.8.8.10 1 10.8.8.8 255.255.255.25210.8.8.10 10.8.8.10 30 10.8.8.10 255.255.255.255127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.25510.8.8.10 10.8.8.10 30 127.0.0.0255.0.0.0127.0.0.1 127.0.0.1 1 192.168.24.0255.255.255.0 192.168.24.214 192.168.24.214 20 192.168.24.214 255.255.255.255127.0.0.1 127.0.0.1 20 192.168.24.255 255.255.255.255 192.168.24.214 192.168.24.214 20 224.0.0.0240.0.0.010.8.8.10 10.8.8.10 30 224.0.0.0240.0.0.0 192.168.24.214 192.168.24.214 20 255.255.255.255 255.255.255.25510.8.8.10 10.8.8.10 1 255.255.255.255 255.255.255.255 192.168.24.214 192.168.24.214 1 Default Gateway:192.168.24.254 == Client2 running OpenBSD: == Routing tables Internet: Destination Gateway FlagsRefs UseMtu Interface default 192.168.25.254 UGS 0 2307 - fxp0 10.8.8/24 10.8.8.5 UGS 0 405 - tun0 10.8.8.5 10.8.8.6 UH 02 - tun0 10.10.0/24 link#1 UC 00 - xl0 10.10.0.42 00:08:da:61:5c:68 UHLc03 - xl0 loopbacklocalhost.corp.app UGRS00 33224 lo0 localhost.corp.app localhost.corp.app UH 00 33224 lo0 192.168.25/24 link#2 UC 00 - fxp0 192.168.25.25 link#2 UHLc0 411 - fxp0 192.168.25.25400:0e:2e:b1:1e:da UHLc 00 - fxp0 BASE-ADDRESS.MCAST localhost.corp.app URS 00 33224 lo0 == thanks, --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, Jun 13, 2008 at 7:21 PM, Michael ODonnell <[EMAIL PROTECTED]> wrote: > I believe the route command is used to identify/control > which interface to use to reach a particular host/network > [and which one(s) to handoff to in the default case(s)] for > connections originating on the machine in question. I believe > that's distinct from forwarding, which determines whether/how > inbound traffic destined for other hosts/networks is handled, > and is managed by manipulating /proc/sys/net/ipv4/ip_forward > and friends via the sysctl command. Clarification: The kernel routing table determines the next-hop of all packets the system transmits[1], regardless of whether they are originating locally or being forwarded. The net.ipv4.ip_forward kernel option simply turns forwarding on or off. When forwarding is off, if the kernel receives a packet for another host, the packet is dropped[2]. When forwarding is on, the kernel will use the routing table to decide where such a packet should go for the next hop. That next-hop could be a node reachable via a network interface on the system (such as a host on a locally connected Ethernet, or the other end of a PPP link). In that case, the routing table will simply tell the kernel to transmit the packet to that node via the appropriate interface. Alternatively, the next-hop could be a gateway -- i.e., not the final destination, but an intermediate node. In that case, the kernel also uses the routing table to decide how to reach the gateway. In simpler terms, a routing table entry -- a route -- simply tells the kernel, "to reach this destination, use this interface" or "to reach this destination, use this gateway". A default route is simply a route which matches any destination. There is absolutely no difference between a default route and any other route. There is nothing special about a default route. A default route is simply the least-specific possible route. Since more specific routes are always preferred, any other route will be preferred over a default route. Did I mention that a default route works like any other route? (Sorry to belabor this, but this is a common source of confusion.) Footnotes - [1] Technically speaking, things like iptables (NAT, mangle, etc.), policy routing, and multiple routing tables can also influence routing. Presumably, if you're using them, you know about that. [2] Or maybe an ICMP message gets sent; I forget. Either way, the packet is not forwarded. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, Jun 13, 2008 at 7:21 PM, Bill McGonigle <[EMAIL PROTECTED]> wrote: > ... OpenVPN option like: > > push "route 192.168.1.0 255.255.255.0"; FYI, all that ends up doing is have the openvpn daemon execute the "route" command for you when the tunnel comes up. That's usually a good thing, of course, since it makes the system self-configuring, and also avoids attempting configuration when the VPN isn't there. But as far as the kernel router is concerned, it is identical to issuing the "route" command manually. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Jun 13, 2008, at 13:03, Charlie Farinella wrote: > I have tried various permutations of the > above with no luck and feel like I am missing an important part of > this > puzzle. I have to admit to hitting a parser exception on your network layout, but it sounds like maybe on the machine with two NIC's you should be offering an OpenVPN option like: push "route 192.168.1.0 255.255.255.0"; On my gateway, I have, simplified: 10.1.1.0/24 LAN 10.1.2.0/24 WIRELESS 10.1.3.0/24 VPN with a default route through 10.1.1.1. So, to get traffic from the VPN clients to the WIRELESS clients, I need: push "route 10.1.2.0 255.255.255.0"; to send to the OpenVPN clients. Because the default route exists I don't need to specify that one explicitly, OpenVPN handles that. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
> You're the second person to phrase it that way, "does the machine > know that it's supposed to route traffic". Showing my ignorance > I will ask how do I make sure it "knows" to do this. I thought > running the route command did that, but apparently there's more. I believe the route command is used to identify/control which interface to use to reach a particular host/network [and which one(s) to handoff to in the default case(s)] for connections originating on the machine in question. I believe that's distinct from forwarding, which determines whether/how inbound traffic destined for other hosts/networks is handled, and is managed by manipulating /proc/sys/net/ipv4/ip_forward and friends via the sysctl command. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, June 13, 2008 4:23 pm, Charlie Farinella said: > You're the second person to phrase it that way, "does the machine know > that it's supposed to route traffic". Showing my ignorance I will ask > how do I make sure it "knows" to do this. I thought running the route > command did that, but apparently there's more. > I believe somebody already answered that earlier in this thread: sysctl net.ipv4.ip_forward=1 Another way to do the same thing (in a root shell): echo 1 > /proc/sys/net/ipv4/conf/all/forwarding To do this when not in a root shell: echo 1 | sudo tee /proc/sys/net/ipv4/conf/all/forwarding -- John Abreau / Executive Director, Boston Linux & Unix IM: [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, Jun 13, 2008 at 4:23 PM, Charlie Farinella <[EMAIL PROTECTED]> wrote: > You're the second person to phrase it that way, "does the machine know > that it's supposed to route traffic". Showing my ignorance I will ask > how do I make sure it "knows" to do this. I thought running the route > command did that, but apparently there's more. Well, the "route" command *is* how you tell a computer about routes, for the most part. There's just some question about what the various computers involved "know" about your networks. It does sound like this question isn't really OpenVPN-specific -- it's just an IP routing question, not an OpenVPN IP routing question. Things would work the same if the 10.10.0.0/24 network was a physically wired network instead of a virtual private network. (Well, maybe. There may be some OpenVPN-specific issue that hasn't been identified yet. But it doesn't sound like it to me at this point.) Either way, it's okay -- we can help with IP routing questions, too. :) Suggested course of action: Use the "route" command to review the routing tables on the two computers. Just issue the command "route" with no arguments, and it should print the routing table. Or maybe "route -n" to prevent the system from wasting time trying to look up names for things. If you're not sure how to interpret the output, post the output (for each computer, identifying which is which), and we can check your work. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Friday 13 June 2008, Neil Joseph Schelly wrote: > This doesn't sound like an OpenVPN thing at all. Does MachineB know that it's > supposed to route traffic between it's 10.8.0/24 network and it's 10.10.0/24 > network? If it knows that much, then OpenVPN doesn't have to be involved at > all and you just add the route as you specified. > -N You're the second person to phrase it that way, "does the machine know that it's supposed to route traffic". Showing my ignorance I will ask how do I make sure it "knows" to do this. I thought running the route command did that, but apparently there's more. thanks, --charlie > On Friday 13 June 2008 13:03, Charlie Farinella wrote: > > I have 2 Openvpn clients. > > MachineA (10.8.0.6) > > MachineB (10.8.0.10) > > > > MachineA has 2 physical ethernet cards: > > 192.168.x.1 > > 10.10.0.10 > > > > I need to add a route from MachineB (10.8.0.10) to the second ethernet > > interface on MachineA (10.10.0.10). My clients can see and connect to > > each other. > > > > I have set "route add -net 10.10.0.10 -netmask 255.255.255.0 10.8.0.6", > > but cannot ping the address and running traceroute doesn't show it using > > 10.8.0.6 as the gateway. I have tried various permutations of the > > above with no luck and feel like I am missing an important part of this > > puzzle. > > > > If someone is good with Openvpn, I could use some help. > > > > thanks, > > > > --charlie > > -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, Jun 13, 2008 at 1:24 PM, Ben Scott <[EMAIL PROTECTED]> wrote: > route add net 10.10.0.0 netmask 255.255.255.0 gw 10.8.0.6 Also: Make sure IP forwarding is enabled on both VPN gateways. You can check with sysctl net.ipv4.ip_forward and turn it on with sysctl net.ipv4.ip_forward=1 If you're using an iptables firewall, you may also need to add rules to allow the packets in the FORWARD chain. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, Jun 13, 2008 at 1:03 PM, Charlie Farinella <[EMAIL PROTECTED]> wrote: > I have set "route add -net 10.10.0.10 -netmask 255.255.255.0 10.8.0.6" Try this: route add net 10.10.0.0 netmask 255.255.255.0 gw 10.8.0.6 That's what I would use. I'm not sure if the syntax differences between what I would use and what you are using are significant or not. If mine works, I would guess they are. :) Try also just "route" to see what the system thinks the interface will be. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
This doesn't sound like an OpenVPN thing at all. Does MachineB know that it's supposed to route traffic between it's 10.8.0/24 network and it's 10.10.0/24 network? If it knows that much, then OpenVPN doesn't have to be involved at all and you just add the route as you specified. -N On Friday 13 June 2008 13:03, Charlie Farinella wrote: > I have 2 Openvpn clients. > MachineA (10.8.0.6) > MachineB (10.8.0.10) > > MachineA has 2 physical ethernet cards: > 192.168.x.1 > 10.10.0.10 > > I need to add a route from MachineB (10.8.0.10) to the second ethernet > interface on MachineA (10.10.0.10). My clients can see and connect to > each other. > > I have set "route add -net 10.10.0.10 -netmask 255.255.255.0 10.8.0.6", > but cannot ping the address and running traceroute doesn't show it using > 10.8.0.6 as the gateway. I have tried various permutations of the > above with no luck and feel like I am missing an important part of this > puzzle. > > If someone is good with Openvpn, I could use some help. > > thanks, > > --charlie ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Friday 13 June 2008, Thomas Charron wrote: > On Fri, Jun 13, 2008 at 1:03 PM, Charlie Farinella > <[EMAIL PROTECTED]> wrote: > > I have 2 Openvpn clients. > > MachineA (10.8.0.6) > > MachineB (10.8.0.10) > > > > MachineA has 2 physical ethernet cards: > >192.168.x.1 > >10.10.0.10 > > > > I need to add a route from MachineB (10.8.0.10) to the second ethernet > > interface on MachineA (10.10.0.10). My clients can see and connect to > > each other. > > > > I have set "route add -net 10.10.0.10 -netmask 255.255.255.0 10.8.0.6", > > but cannot ping the address and running traceroute doesn't show it using > > 10.8.0.6 as the gateway. I have tried various permutations of the > > above with no luck and feel like I am missing an important part of this > > puzzle. > > 10.10.0.10 is the IP address, NOT the network address. Based on > your netmask, shouldn't you be using 10.10.0.0 as the address in the > route? Typo. I am in fact using 10.10.0.0 in the route. --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: need Openvpn routing help
On Fri, Jun 13, 2008 at 1:03 PM, Charlie Farinella <[EMAIL PROTECTED]> wrote: > I have 2 Openvpn clients. > MachineA (10.8.0.6) > MachineB (10.8.0.10) > > MachineA has 2 physical ethernet cards: >192.168.x.1 >10.10.0.10 > > I need to add a route from MachineB (10.8.0.10) to the second ethernet > interface on MachineA (10.10.0.10). My clients can see and connect to > each other. > > I have set "route add -net 10.10.0.10 -netmask 255.255.255.0 10.8.0.6", > but cannot ping the address and running traceroute doesn't show it using > 10.8.0.6 as the gateway. I have tried various permutations of the > above with no luck and feel like I am missing an important part of this > puzzle. 10.10.0.10 is the IP address, NOT the network address. Based on your netmask, shouldn't you be using 10.10.0.0 as the address in the route? -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
need Openvpn routing help
I have 2 Openvpn clients. MachineA (10.8.0.6) MachineB (10.8.0.10) MachineA has 2 physical ethernet cards: 192.168.x.1 10.10.0.10 I need to add a route from MachineB (10.8.0.10) to the second ethernet interface on MachineA (10.10.0.10). My clients can see and connect to each other. I have set "route add -net 10.10.0.10 -netmask 255.255.255.0 10.8.0.6", but cannot ping the address and running traceroute doesn't show it using 10.8.0.6 as the gateway. I have tried various permutations of the above with no luck and feel like I am missing an important part of this puzzle. If someone is good with Openvpn, I could use some help. thanks, --charlie -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] voice: 603.924.6079 fax: 603.924.8668 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/