[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Strange problem connecting two subnets trough a vpn tunnel

  • Subject: Re: [Openvpn-users] Strange problem connecting two subnets trough a vpn tunnel
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Mon, 6 Mar 2006 13:44:56 +0100

Den mandag 6.mar kl. 13:03 skrev Vincent:

Hi,
     This represents what I am trying to do :

---------------------------- --------------------------- VPN --------------------------- ---------------------------
| 192.168.1.0/24 | ----- | 192.168.1.3 | ---------------- | 192.168.0.253 |--- | 192.168.0.0/24 |
---------------------------- | 172.16.58.1 | tunnel | 172.16.58.6 | ----------------------------
site A --------------------------- --------------------------- site B
computer A computer B

The tunnel is working, I *can* ping any computer on either site from any computer on the other site. But (there is a but) I can't
establish any direct connection trough the vpn (for example :ssh,rsync). 

ping is just as direct as ssh, rsync, ...


But if I ssh computer B from computer A then I ssh a computer on site B, then I can directly ssh a computer on the site A.
So I am thinking of a firewall problem but I can't figure out what is it .... 

thats possible. Did you check using tcpdump or another sniffer if the
firewall sends back a reject message? Or does it simply just drop the
packets?

Here are the rules I apply on computer A and B:

iptables -A INPUT -i tun0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT 

Do you generally allow icmp, aka ping to go through? That cold explain
why ping works and ssh does not.



JonB

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00068.html on line 214

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00068.html on line 214