Re: [Openvpn-users] Help me to get my vpn to work please.

[Martijn Lievaart <m@xxxxxxx>]

fed wrote:

> On Wed, 02 Mar 2005 12:24:16 +0100, Martijn Lievaart <m@xxxxxxx> wrote:
>  
>
> > What's the IP of the VPN server? If it's 192.168.1.1, yur routing on the
> > lan is correct, other wise you need to add a route to the vpnclient via
> > the vpnserver.
> >    
>
> 192.168.1.1 is the ip of the gateway (vpn server) in the lan ,
> 10.254.100.1 is the vpn-ip of it, the lan is a 192.168.1.0/24; i don't
> understand how to add the route to the vpn client (road warrior) via
> the vpnserver.
>  

That's what the 'route 192.168.1.0 255.255.255.0 10.254.100.1' does.

> > The route on the vpnclient (road warrier) seems correct, but did you
> > check that it is indeed added?
> >    
>
> Seems OK on the route table of the road warrior.
>
>  

Routing seems correct, you'ld better fire up ethereal.

Aaaah, see this?
iptables -A FORWARD -i tun+ -j ACCEPT

This allows connections from road warrior to lan, you need an additional 
rule for reverse connections:

iptables -A FORWARD -o tun+ -j ACCEPT

Also, as last rule on INPUT, OUTPUT and FORWARD (you do have policy set 
to DROP, right) add

iptables -A <chain>  -m limit --limit 10/sec -j LOG

So you see what packets get dropped. The limit match is there to protect 
your logs from flooding.

M4


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users