|
I also ran into this problem a little while
ago.
I was using Windows XP SP2 as the server, and a low
end SOHO router as the Internet gateway on the workgroup where the server
resided. I also had a second Linux
machine on the same work group with the Windows XP SP2 OpenVPN
Server.
I turned on packet forwarding on the XP box and
packets from an OpenVPN client would still not make it past the
OpenVPN server to the Linux machine.
I haven't solved the problem (yet!),
but I concluded the problem was the absence within the SOHO router of any
ability to add routes outside the 192.168.0.x
address range.
What I guessed was happening was that when a packet
reached my OpenVPN Server, i.e. the XP SP2 machine, the SP2
machine would arp for the router, i.e. the
default gateway, and forward the packet to the router. Because of the
limited
capabilities of the router, the router would not
deal properly with addresses in the 10.0.0.x range, and would throw the
packet
"on the floor".
The solution, I guessed, was to purchase a SOHO
router with the ability to add Static routes to the router's routing
table.
I know of at least two brands of SOHO routers,
Netgear and Linksys, that offer this capability. Linksys also offers
QoS
capability, so that is what I am currently planning
on buying.
I would welcome other comments on this issue, since
the above "blah blah" is just an educated guess. Please no
comments
like what do you mean "educated".
/Ross
Date: Fri, 1 Apr 2005 09:12:47 -0500 From: Tom Lapp < tmlapp@xxxxxxxxx> Reply-To: Tom Lapp
< tmlapp@xxxxxxxxx> To: lists@xxxxxxxxxxxxxSubject: Re:
[Openvpn-users] No traffic beyond the server from the client ... Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxxOn
Apr 1, 2005 4:34 AM, Lists Soderlund.org < lists@xxxxxxxxxxxxx> wrote: >
Hi, > > I've setup a OpenVPN TUN-interface on a Debian-machine with
all the > configuration working. The IP-adress of the tun0-device is
10.0.0.1. > > Ive connected a WinXP-client to the server which gets
an ip-adress of > 10.0.0.6 with the default gateway of 10.0.0.5. >
> When I ping the 10.0.0.1 from the client I get a reply just fine. When
I > ping the 10.0.0.6 from the server I also get a reply just
fine. > > All routes on the client seems fine, the default
(0.0.0.0/0.0.0.0) > points to the correct place on the server-client-link.
And traffic > (icmp) is obviously going over the link. > >
Now, when i try to surf or ping other hosts over the tunnel nothing >
happens. I can see via tcpdump that the traffic actually gets to the >
server, but then nothing. > > What could be wrong? I know the
detail of this email is HORRIBLE. But > honestly I dont know where to
begin on the details, what configs to > attach, what debug to start and
what codes to show. > > Regards, > >
Niclas |