[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Routing problem with openvpn and host client


  • Subject: Re: [Openvpn-users] Routing problem with openvpn and host client
  • From: Franco Spinelli <frspin@xxxxxxxxxx>
  • Date: Sat, 06 Mar 2004 20:09:13 +0100

Il sab, 2004-03-06 alle 19:00, Renato Salles ha scritto:
> Franco,
> 
> Remember the route decision in the "client" peer: which interface will i
> use to reach the network 192.168.0.0 (actually it's using eth0 instead
> tun0)
> 

In client route I have an explicit route to 192.168.0.7 (destination
machine) by 10.1.0.2 on interface tun0. 10.1.0.2 is end-tunnel IP of
client side

Ping packets go from 10.1.0.2 to 192.168.0.7 by tunnel as:

on client:

PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data.
 
Capturing on tun0
  0.000000     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request
  1.019051     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request
  2.019062     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request

And on the other end of tunnel (on server) I get:

Capturing on tun0
  0.000000     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request
  1.014848     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request
  2.015098     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request

and source address is client side of tunnel

So, I suppose, problem is on server side. On server arrive a icmp
request for 192.168.0.7 which is a machine on local LAN - Same request
is present on eth0 interface (interface of LAN)

Capturing on eth0
 58.373584     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request
 59.385930     10.1.0.2 -> 192.168.0.7  ICMP Echo (ping) request

with a source address IP of client side of tunnel. In this position I
expect a source IP like "private IP" of client, not tunnel IP

Packets then go to 192.168.0.7 also with a source address of 10.1.0.2,
original openvpn address of client side. On this machine there is no
route for 10.1.0.2 (obvously) and icmp response can reach client side.

So complete path is.

client ----->tun0 on client->tun0 on server---->LAN------>target machine
192.168.0.4  10.1.0.2        10.1.0.1        192.168.0.3  192.168.0.7
but source address is always 10.1.0.2

Where I am wrong ?? I have to masquerade also 10.1.0.0 network ?

Franco Spinelli



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users