|
|
I've been working on getting OpenVPN working one and off all summer for the school district I work for. We need to link small off campus sites (to expensive or short term leases to run fiber) back to our main lan via cable modem links so we can route them through our content filter. So the goal here is to route all traffic of the offsite lan through our main gatway. Throughout learning openvpn, and trying to get it set up, routing has been the most difficult. I had everything working at one point using static routing which won't work when we add multiple offsites. It seems, since using the redirect-gateway feature, I can't get off the vpn server in one direction. I can ping beyond the internet connected interface, but not the lan interface to the main gateway. Second, at some point openvpn stopped reconnecting after the client was stopped. Now, if I stop the client, the server needs to be restarted before it will connect. These are my routes. Route prior to running openvpn. default is 172.20.200.2 (router) - lan interface is on 172.20.200.19. Internet interface is on 192.168.50.5, gw 192.168.5.1. Since the def gw is set, I've got a static route to the remove vpn server subnet xx.31.245. Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.5.0 * 255.255.255.0 U 0 0 0 eth0 172.20.200.0 * 255.255.255.0 U 0 0 0 eth1 xx.31.245.0 192.168.5.1 255.255.255.0 UG 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 172.20.200.2 0.0.0.0 UG 0 0 0 eth1 After openvpn executed. Server has chosen 10.8.0.2 and we see a route to 172.20.60.0 (remote vpn subnet). 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 192.168.5.0 * 255.255.255.0 U 0 0 0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 172.20.200.0 * 255.255.255.0 U 0 0 0 eth1 172.20.60.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 xx.31.245.0 192.168.5.1 255.255.255.0 UG 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 172.20.200.2 0.0.0.0 UG 0 0 0 eth1 Pertinant config from server.conf server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 172.20.60.0 255.255.255.0" push "route 172.20.200.0 255.255.255.0" push "route 172.20.2.0 255.255.255.0" - my final gw is on 2 subnet route 172.20.60.0 255.255.255.0 push "redirect-gateway" client-to-client Client prior to executing openvpn. xx.yy.106.0 is the server ip. I have my test client behind a firewall at home for testing, which is 192.168.50.1. At hte offsite the client will run its own firewall. Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.50.0 * 255.255.255.0 U 0 0 0 eth0 172.20.60.0 * 255.255.255.0 U 0 0 0 eth1 xx.yy.106.0 192.168.50.1 255.255.255.0 UG 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 Client after executing openvpn 10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0 192.168.50.0 * 255.255.255.0 U 0 0 0 eth0 172.20.2.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 172.20.200.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 172.20.60.0 * 255.255.255.0 U 0 0 0 eth1 xx.yy.106.0 192.168.50.1 255.255.255.0 UG 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 10.8.0.5 0.0.0.0 UG 0 0 0 tun0 Help please! I've got about a week to get this working or we'll have to shell out for expensive (and useless) client based content filtering - and I'll have more trouble pushing OSS! Kevin ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |