[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] (no subject)

  • Subject: Re: [Openvpn-users] (no subject)
  • From: Nathan Barham <nathan@xxxxxxxxxxxxxx>
  • Date: Tue, 13 Sep 2005 09:59:27 -0700
Christophorus Laube wrote:
> Sorry, I do not understand completely
> I set up the OpenVPN on a firewall in order to get into the network behind. 
> When I do a "route" on that firewall this is displayed:
> 
> 10.8.0.2		*		255.255.255.255	UH	0      0        0 tun0
> 10.8.0.0		10.8.0.2	255.255.255.0		UG	0      0        0 tun0
> 192.168.0.0	*		255.255.255.0		U	0      0        0 eth0
> 62.169.3.0	*		255.255.255.0		U	0      0        0 eth1
> link-local		*		255.255.0.0		U	0      0        0 eth0
> loopback		*		255.0.0.0			U	0      0        0 lo
> default		iprice-gw.seman 0.0.0.0		UG	0      0        0 eth1
> 
> But the gateway to the 10.80.0.x network should be the 10.8.0.1, shouldn't it?
> The two 10.8.0.x routes come from openvpn, clearly. But they are set 
> automatically. Is there a possibility to set them another way and how should 
> this look like?


This route table looks OK to me.  I think your problem lies elsewhere.

If the machine you are pinging is indeed receiving the pings then the
problem is likely either:

A. as Erich suggested, that you don't have a return route (i.e. neither
the pinged machine nor its default gateway have a route to the 10.8.0.0
network), and the replies are getting lost.

or

B. that your firewall is blocking the replies.

Is your VPN server the default gateway of the pinged machine?  If not
then the problem is probably A and you need to add a route on the LAN's
default gateway to redirect 10.8.0.0 traffic to your VPN server (or add
a route directly on the pinged machine).  If your VPN server *is* the
defualt gateway, then the problem is likely B, and you might try
liberally adding some -j LOG rules to your firewall script and tail -f
the log while you ping to see if anything is bouncing.

You might also re-read this section of the HOWTO:
http://openvpn.net/howto.html#scope

and go to the FAQ at http://openvpn.net/faq.html and read the section
titled "I've successfully set up OpenVPN and can ping between both
OpenVPN peers, however I cannot reach any of the other machines on the
remote subnet. What's the problem?"

Hope that helps.

Nathan

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00146.html on line 228

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00146.html on line 228