Den mandag 6.mar kl. 15:27 skrev Vincent:
Jon Bendtsen a écrit :
thats possible. Did you check using tcpdump or another sniffer if the
firewall sends back a reject message? Or does it simply just drop the
packets?
One more precision, the vpn-gateways are not the default gateways
in each subnets.
There are routes to redirect from default gateways to vpn-gateways.
When I try to ssh from a computer on site A to site B
on default gateway on site B I found that line in logs :
kernel: NEW not SYN? IN=eth0 OUT=eth0 SRC=192.168.0.252
DST=192.168.1.8 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP
SPT=22 DPT=1733 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Ah yes, i think the problem is that because you do not sent the very
first
syn packet through this machine, it never establishes the connection.
What you need to do is allowing all traffic from inside LAN to VPN
machines.
And that is not really a OpenVPN question, but an iptables one.
JonB
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|