|
|
On Thu, 20 Jan 2005 14:24:28 +0100, Jochen Witte <jwitte@xxxxxxxxxxxxx> wrote: > Am Thu, 20 Jan 2005 08:20:32 -0500 schrieb Leonard Isham: > > > On Thu, 20 Jan 2005 13:28:32 +0100, Jochen Witte <jwitte@xxxxxxxxxxxxx> wrote: > >> Hello, > >> > >> I am a newbie and have problems with routing: > >> > >> I have a rather simple setup: > >> - 2 static, public ip servers (<pip1>, <pip2>) > >> - 2 private subnets (10.128.0.0/24, 192.168.0.0/24) > >> - OpenVPN network: 10.129.0.1<->10.129.0.2 > >> > >> Here is the picture: > >> > >> Subnet A GW1 GW2 SubnetB > >> 10.128.0.0/24<--->10.128.0.1 192.168.0.254<--->192.168.0.0/24 > >> | | > >> 10.129.0.1 10.129.0.2 > >> (<pip1>)<-------->(<pip2>) > >> VPN > >> > >> So far my plan. OpenVPN works fine in these cases: > >> > >> 1. GW1 <-> GW2 > >> 2. GW1 <-> SubnetB > >> 3. SubnetA <-> GW2 > >> > >> It works NOT in this case: > >> > >> 1. SubnetA <-> SubnetB > >> > >> Obviously this is a routing problem (no firewalling, since all packets are > >> logged for debuggung). > >> > >> GW1 routes: > >> 10.129.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > >> <pipnet1> 0.0.0.0 255.255.255.248 U 0 0 0 eth1 > >> 10.128.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > >> 192.168.0.0 10.129.0.2 255.255.255.0 UG 0 0 0 tun0 > >> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 > >> 0.0.0.0 <default-gw> 0.0.0.0 UG 0 0 0 eth1 > >> > >> GW2 routes: > >> <default-gw> 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > >> 10.129.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > >> 10.128.0.0 10.129.0.1 255.255.255.0 UG 0 0 0 tun0 > >> 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 > >> 0.0.0.0 <default-gw> 0.0.0.0 UG 0 0 0 ppp0 > >> > >> What have I missed. Seems to be a rather simple case... > >> > > > > This is a common problem among people new to routing, if my > > assumptions are correct. > > > > 1. The OpenVPM servers are not the default gateway. > > 2. The default gateway does not have a route to the OpenVPN server for > > the subnet attached to the other OpenVPN server. > > 3. The Computers on each subnet do not have a route to the local > > OpenVPN server for the subnet attached to the other OpenVPN server. > > > > If this is true then do either 2 or 3. > > Nop, both are default gw. I am not soo new to routing :-) OK, since my assumptions where incorrect let's move up to WAN/VPN troubleshooting. Now this may sound complicated, but I use it all the time to troubleshoot connectivity problems between companies over VPN connections. I have used this to narrow down the troublesome section of the communication. I suggest running snoop, tcpdump/windump or tethereal to capture the packets at the source, Source OpenVPN internal interface, TUN/TAP interface, destination Source OpenVPN (internal interface, TUN/TAP interface), and destination. Source OpenVPN (internal interface, TUN/TAP interface) and destination. I then use Ethereal and sometimes tcptrace and xplot/jplot to find where the errors are. I have successfully used this methodology to track down everything from duplex mismatches (dropped packets) to incorrectly configured load balancing. (out of sequence tcp packets causing havoc). -- Leonard Isham, CISSP Ostendo non ostento. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |