Re: [Openvpn-users] Strange problem connecting two subnets trougha vpn tunnel

[Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>]

Den mandag 6.mar kl. 15:27 skrev Vincent:

> Jon Bendtsen a écrit :
>
> > thats possible. Did you check using tcpdump or another sniffer if the
> > firewall sends back a reject message? Or does it simply just drop the
> > packets?
>
> One more precision, the vpn-gateways are not the default gateways  
> in each subnets.
> There are routes to redirect from default gateways to vpn-gateways.
>
> When I try to ssh from a computer on site A to site B
>
> on default gateway on site B I found that line in logs :
>
> kernel: NEW not SYN? IN=eth0 OUT=eth0 SRC=192.168.0.252  
> DST=192.168.1.8 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP  
> SPT=22 DPT=1733 WINDOW=5792 RES=0x00 ACK SYN URGP=0

Ah yes, i think the problem is that because you do not sent the very  
first
syn packet through this machine, it never establishes the connection.
What you need to do is allowing all traffic from inside LAN to VPN  
machines.

And that is not really a OpenVPN question, but an iptables one.



JonB



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users