[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Routing Hell


  • Subject: [Openvpn-users] Routing Hell
  • From: Kevin <kblists@xxxxxxxxxxx>
  • Date: Wed, 21 Sep 2005 22:11:23 +0000 (UTC)

I've been working on getting OpenVPN working one and off all summer
for the school district I work for.  We need to link small off campus
sites (to expensive or short term leases to run fiber) back to our
main lan via cable modem links so we can route them through our
content filter.

So the goal here is to route all traffic of the offsite lan through
our main gatway.

Throughout learning openvpn, and trying to get it set up, routing has
been the most difficult.  I had everything working at one point using
static routing which won't work when we add multiple offsites.

It seems, since using the redirect-gateway feature, I can't get off
the vpn server in one direction.  I can ping beyond the internet
connected interface, but not the lan interface to the main gateway.

Second, at some point openvpn stopped reconnecting after the client
was stopped. Now, if I stop the client, the server needs to be
restarted before it will connect.

These are my routes.

Route prior to running openvpn.  default is 172.20.200.2 (router)
- lan interface is on 172.20.200.19.  Internet interface is on
192.168.50.5, gw 192.168.5.1.  Since the def gw is set, I've got
a static route to the remove vpn server subnet xx.31.245.

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.5.0     *               255.255.255.0   U     0      0        0 eth0
172.20.200.0    *               255.255.255.0   U     0      0        0 eth1
xx.31.245.0     192.168.5.1     255.255.255.0   UG    0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         172.20.200.2    0.0.0.0         UG    0      0        0 eth1

After openvpn executed.  Server has chosen 10.8.0.2 and we see a
route to 172.20.60.0 (remote vpn subnet).

10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
192.168.5.0     *               255.255.255.0   U     0      0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
172.20.200.0    *               255.255.255.0   U     0      0        0 eth1
172.20.60.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
xx.31.245.0     192.168.5.1     255.255.255.0   UG    0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         172.20.200.2    0.0.0.0         UG    0      0        0 eth1

Pertinant config from server.conf

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.20.60.0 255.255.255.0"
push "route 172.20.200.0 255.255.255.0"
push "route 172.20.2.0 255.255.255.0" - my final gw is on 2 subnet
route 172.20.60.0 255.255.255.0
push "redirect-gateway"
client-to-client

Client prior to executing openvpn.  xx.yy.106.0 is the server ip.  I
have my test client behind a firewall at home for testing, which is 
192.168.50.1.  At hte offsite the client will run its own firewall.

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
172.20.60.0     *               255.255.255.0   U     0      0        0 eth1
xx.yy.106.0    192.168.50.1    255.255.255.0   UG    0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1


Client after executing openvpn

10.8.0.5        *               255.255.255.255 UH    0      0        0 tun0
192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
172.20.2.0      10.8.0.5        255.255.255.0   UG    0      0        0 tun0
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun0
172.20.200.0    10.8.0.5        255.255.255.0   UG    0      0        0 tun0
172.20.60.0     *               255.255.255.0   U     0      0        0 eth1
xx.yy.106.0    192.168.50.1    255.255.255.0   UG    0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         10.8.0.5        0.0.0.0         UG    0      0        0 tun0

Help please!  I've got about a week to get this working or we'll have
to shell out for expensive (and useless) client based content
filtering - and I'll have more trouble pushing OSS!

Kevin


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users