[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Routing forever


  • Subject: Re: [Openvpn-users] Re: Routing forever
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Thu, 20 Jan 2005 08:45:32 -0500

On Thu, 20 Jan 2005 14:24:28 +0100, Jochen Witte <jwitte@xxxxxxxxxxxxx> wrote:
> Am Thu, 20 Jan 2005 08:20:32 -0500 schrieb Leonard Isham:
> 
> > On Thu, 20 Jan 2005 13:28:32 +0100, Jochen Witte <jwitte@xxxxxxxxxxxxx> wrote:
> >> Hello,
> >>
> >> I am a newbie and have problems with routing:
> >>
> >> I have a rather simple setup:
> >> - 2 static, public ip servers (<pip1>, <pip2>)
> >> - 2 private subnets (10.128.0.0/24, 192.168.0.0/24)
> >> - OpenVPN network: 10.129.0.1<->10.129.0.2
> >>
> >> Here is the picture:
> >>
> >> Subnet A                 GW1            GW2           SubnetB
> >> 10.128.0.0/24<--->10.128.0.1        192.168.0.254<--->192.168.0.0/24
> >>                        |                 |
> >>                   10.129.0.1        10.129.0.2
> >>                    (<pip1>)<-------->(<pip2>)
> >>                               VPN
> >>
> >> So far my plan. OpenVPN works fine in these cases:
> >>
> >> 1. GW1 <-> GW2
> >> 2. GW1 <-> SubnetB
> >> 3. SubnetA <-> GW2
> >>
> >> It works NOT in this case:
> >>
> >> 1. SubnetA <-> SubnetB
> >>
> >> Obviously this is a routing problem (no firewalling, since all packets are
> >> logged for debuggung).
> >>
> >> GW1 routes:
> >> 10.129.0.2  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
> >> <pipnet1>   0.0.0.0         255.255.255.248 U     0      0        0 eth1
> >> 10.128.0.0  0.0.0.0         255.255.255.0   U     0      0        0 eth0
> >> 192.168.0.0 10.129.0.2      255.255.255.0   UG    0      0        0 tun0
> >> 169.254.0.0 0.0.0.0         255.255.0.0     U     0      0        0 eth1
> >> 0.0.0.0     <default-gw>    0.0.0.0         UG    0      0        0 eth1
> >>
> >> GW2 routes:
> >> <default-gw>    0.0.0.0    255.255.255.255 UH    0      0        0 ppp0
> >> 10.129.0.1      0.0.0.0    255.255.255.255 UH    0      0        0 tun0
> >> 10.128.0.0      10.129.0.1 255.255.255.0   UG    0      0        0 tun0
> >> 192.168.0.0     0.0.0.0    255.255.0.0     U     0      0        0 eth0
> >> 0.0.0.0         <default-gw>  0.0.0.0      UG    0      0        0 ppp0
> >>
> >> What have I missed. Seems to be a rather simple case...
> >>
> >
> > This is a common problem among people new to routing, if my
> > assumptions are correct.
> >
> > 1. The OpenVPM servers are not the default gateway.
> > 2. The default gateway does not have a route to the OpenVPN server for
> > the subnet attached to the other OpenVPN server.
> > 3. The Computers on each subnet do not have a route to the local
> > OpenVPN server for the subnet attached to the other OpenVPN server.
> >
> > If this is true then do either 2 or 3.
> 
> Nop, both are default gw. I am not soo new to routing :-)

OK,  since my assumptions where incorrect let's move up to WAN/VPN
troubleshooting.

Now this may sound complicated, but I use it all the time to
troubleshoot connectivity problems between companies over VPN
connections.  I have used this to narrow down the troublesome section
of the communication.

I suggest running snoop, tcpdump/windump or tethereal to capture the
packets at the source, Source OpenVPN internal interface, TUN/TAP
interface, destination Source OpenVPN (internal interface, TUN/TAP
interface), and destination. Source OpenVPN (internal interface,
TUN/TAP interface) and destination.  I then use Ethereal and sometimes
 tcptrace and xplot/jplot to find where the errors are.

I have successfully used this methodology to track down everything
from duplex mismatches (dropped packets) to incorrectly configured
load balancing. (out of sequence tcp packets causing havoc).

-- 
Leonard Isham, CISSP
Ostendo non ostento.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users