|
|
--__--__-- Actually, I believe they can. I have puzzled over this myself, but on my (simpler) setup, it still works. I don't understand the internals of this, but I believe that the 13.2 address is effectively that of a virtual router (the openvpn server?), in this case associated with the tun0 interface. Remember that a gateway address is an address to which a packet is sent, for it to be forwarded to the destination address - ie, it is not a final destination address. On my (much simpler) configuration, I use addresses in the 172.16 range. My server gets 172.16.x.1 and my client gets 172.16.x.10. However, if I want to route to a network behind the server (eg, 192.168.w.z), the route command specifies the gateway as 172.16.x.9 (not 172.16.x.1). If I look at the client's log, I see this from openvpn: /sbin/ifconfig tun0 172.16.x.10 pointopoint 172.16.x.9 mtu 1422 /sbin/route add -net 172.16.x.1 netmask 255.255.255.255 gw 172.16.x.9 and to add the 192.168. route, I can type: route add -net 192.168.w.0 netmask 255.255.255.0 gw 172.16.x.9 Which works. So then I do pinging after connecting up the client (the routing doesn't change after connecting the client - another weird behavior). If the routing tables on the server are set up to use openvpn as a virtual router (which I believe is the case), then the routing table should not need to change after a client is connected. Only internal structures within openvpn would change. The pinging to 13.6 works, and I watch it get sent across the tunnel.
Pinging 13.2 *fails* and I can watch the switch and nothing leaves the across the NIC, it's because the box doesn't know where 13.2 lies, 13.2 doesn't really exist. But if 13.2 isn't associated with any actual client, then it's not a problem that it doesn't respond to pings, is it? So long as packets routed via this address get correctly routed to their destinations, then that's all that matters? Then a ping of 9.* fails as well, That would be a bad thing. I presume that by "9.*" you mean both addresses that map to actual client machines, as well as those that don't? If pings to 9.x addresses of connected clients fail, while pings to 13.6 work, then I would suspect a problem with config or connectivity of the 9.x clients. Pinging 13.5 doesn't go anywhere, because
and the client believes 13.5 is the other end of the tunnel (the server end), but as I've posted before the ifconfig shows the server thinks he's 13.1.
Since the routing isn't right I'm not convinced this is the case. Although, to be fair, I haven't tried having multiple servers hanging off an existing server. I hope my inexpert observations help. Cheers! Nik. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00234.html on line 263 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00234.html on line 263 |