Re: [Openvpn-users] No traffic beyond the server from the client ...

["Ross MacGillivray" <ross_macgillivray@xxxxxxxx>]

Basically because of suspected short comings in my SOHO router.  I suspect 
that I did have (b) a return route on the LAN for OpenVPN packets.

My suggested solution, for myself and everyone else, is to make sure the 
router on the LAN has the correct capabilities.
Low end SOHO routers which support a "hard wired" address ranges, 
192.168.x..y, often lack the capabilities to deal with other address ranges.

/Ross
.
----- Original Message ----- 
From: "James Yonan" <jim@xxxxxxxxx>
To: "Ross MacGillivray" <ross_macgillivray@xxxxxxxx>
Cc: <tmlapp@xxxxxxxxx>; <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, April 01, 2005 6:16 PM
Subject: Re: [Openvpn-users] No traffic beyond the server from the client 
...


> On Fri, 1 Apr 2005, Ross MacGillivray wrote:
>
> > I also ran into this problem a little while ago.
> >
> > I was using Windows XP SP2 as the server, and a low end SOHO router as 
> > the Internet gateway on the workgroup where the server resided.   I also 
> > had a second Linux machine on the same work group with the Windows XP SP2 
> > OpenVPN Server.
> > I turned on packet forwarding on the XP box and packets from an OpenVPN 
> > client would still not make it past the OpenVPN server to the Linux 
> > machine.
> >
> > I haven't solved the problem (yet!), but I concluded the problem was the 
> > absence within the SOHO router of any ability to add routes outside the 
> > 192.168.0.x address range.
> >
> > What I guessed was happening was that when a packet reached my OpenVPN 
> > Server, i.e. the XP SP2 machine, the SP2
> > machine would arp for the router, i.e. the default gateway, and forward 
> > the packet to the router.  Because of the limited
> > capabilities of the router, the router would not deal properly with 
> > addresses in the 10.0.0.x range, and would throw the packet
> > "on the floor".
> >
> > The solution, I guessed, was to purchase a SOHO router with the ability 
> > to add Static routes to the router's routing table.
> >
> > I know of at least two brands of SOHO routers, Netgear and Linksys, that 
> > offer this capability.   Linksys also offers QoS
> > capability, so that is what I am currently planning on buying.
> >
> > I would welcome other comments on this issue, since the above "blah blah" 
> > is just an educated guess.  Please no comments
> > like what do you mean "educated".
> >
> > /Ross
> >
> >
> > Date: Fri, 1 Apr 2005 09:12:47 -0500
> > From: Tom Lapp <tmlapp@xxxxxxxxx>
> > Reply-To: Tom Lapp <tmlapp@xxxxxxxxx>
> > To: lists@xxxxxxxxxxxxx
> > Subject: Re: [Openvpn-users] No traffic beyond the server from the client 
> > ...
> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> >
> > On Apr 1, 2005 4:34 AM, Lists Soderlund.org <lists@xxxxxxxxxxxxx> wrote:
> > > Hi,
> > >
> > > I've setup a OpenVPN TUN-interface on a Debian-machine with all the
> > > configuration working. The IP-adress of the tun0-device is 10.0.0.1.
> > >
> > > Ive connected a WinXP-client to the server which gets an ip-adress of
> > > 10.0.0.6 with the default gateway of 10.0.0.5.
> > >
> > > When I ping the 10.0.0.1 from the client I get a reply just fine. When 
> > > I
> > > ping the 10.0.0.6 from the server I also get a reply just fine.
> > >
> > > All routes on the client seems fine, the default (0.0.0.0/0.0.0.0)
> > > points to the correct place on the server-client-link. And traffic
> > > (icmp) is obviously going over the link.
> > >
> > > Now, when i try to surf or ping other hosts over the tunnel nothing
> > > happens. I can see via tcpdump that the traffic actually gets to the
> > > server, but then nothing.
> > >
> > > What could be wrong? I know the detail of this email is HORRIBLE. But
> > > honestly I dont know where to begin on the details, what configs to
> > > attach, what debug to start and what codes to show.
>
> The HOWTO explains how to set this up: http://openvpn.net/howto.html#scope
>
> Make sure you (a) enable IP forwarding on the OpenVPN server (see FAQ) and
> (b) have a return route on the LAN for OpenVPN packets.  These are the
> two most common omissions.
>
> James