|
|
On Tue, 2004-03-02 at 13:46, Openvpn wrote: > could someone help me on this? > > I tried to connect to two lans with the following structure: ( the box that > running OpenVPN only has one NIC) > > LAN A > ============================================================== > linux01 ---------| > winXP01 ---------| > LAN B > ============================================================== > linux02 ---------| > (192.168.1.2) | > | > winXP02 ---------|----------- LinkSys Router ------ Internet > (192.168.1.3) | (192.168.1.254) (dhcp) > | > openvpn's cofiguration on WinXP02 (192.168.1.3): > remote a.b.c.d > dev tap0 > ifconfig 172.16.0.10 255.255.255.252 > secret c:/temp/openvpn.key > verb 3 > tun-mtu 1500 > tun-mtu-extra 32 > route-delay 2 > mssfix > ping 15 > ping-exit 60 > ip-win32 netsh > > > > WinXP02 connect to linux01 without any problem. WinXP02 can ping can connect > ( like SSH ) to linux01. however, WinXP02 can't ping or connect to WinXP01. > I have to add this route on WinXP01 > route add 172.16.0.10 mask 255.255.255.255 10.10.10.3 > in order to get ping to response. > Yup, that sounds right... > This looks really strange to me. I will assume a route like this instead > route add 192.168.1.0 mask 255.255.255.0 10.10.10.3 WinXP02, with the VPN, now has two interfaces. Its routing table tells it to use the tap interface, which is 172.16.0.10. That's where the packet appears to come from, when it goes out on LAN A. So your packet goes through linux01, hops over to winXP01. WinXP01 sends its acknowledgment packet to 172.16.0.10--but without the additional route, it doesn't know where to send it. So it sends it to the default gateway, your Linksys router at 10.10.10.254. The router recognizes it as an unroutable destination, and drops it. You have two choices to get this to work: 1. Add the route to every server you want to access through the VPN (hint: if you're going to have multiple VPN users, put them all in the same subnet and use a subnet mask so you only need to set up one route for all remote VPN users), either manually or with an additional DHCP setting (something you'll probably need a real DHCP server for) 2. Add the route to the default gateway, your Linksys router. If it has this capability. If so, this will make all of your LAN computers available through the VPN tunnel. If not, you're stuck adding the routes to all the individual computers, and figuring out how to make the routes persist... Cheers, -- John Locke Open Source solutions for small business problems http://freelock.com ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |