[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Routing problem, default gw (Continued)


  • Subject: [Openvpn-users] Routing problem, default gw (Continued)
  • From: Davide Capodaglio <davidecapod@xxxxxxxxx>
  • Date: Tue, 28 Mar 2006 18:01:41 +0200

Davide Capodaglio ha scritto:
Hi all,

I am trying to setup a VPN to enable road-warrior connections to the internal LAN; I am using routing mode.
My internal net has 192.168.1.0/24 netmask, and 192.168.1.1 (Cisco PIX firewall) as default gateway for all internal PCs (all WinXP).
OpenVPN server is running on 192.168.1.76 (Win2003, public web/ftp server), using 10.8.0.0/24 netmask for the virtual network.
The point-to-point VPN is running correctly, but I have problems accessing other PCs in the internal LAN: I can access them only if I manually execute


   route add 10.8.0.0 mask 255.255.255.0 192.168.1.76

on every internal PC.
But the FAQ says that I can do that by:
# adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine, OR
# adding a route to every client


But the first method doesn't work.
I added on the Cisco PIX the static route
   10.8.0.0 255.255.255.0  ->  192.168.1.76   (internal iface)

but this seems to enable only the route between 192.168.1.1 <-> 10.8.0.0 (i.e. I can ping 192.168.1.1 from the VPN client), as it does in "normal" PCs.

I would expect that a "ping 10.8.0.6" from an internal PC (e.g. 192.168.1.34) would follow this route:

192.168.1.34 (src host) ->  192.168.1.1 (default gw)  ->
192.126.1.76 (vpn gateway)  ->  10.8.0.6 (vpn endpoint)

without manually adding the route to 192.168.1.76 to every internal PC.
I suspect there's something wrong on my PIX firewall setup...


Sorry if I started another thread. These are the config files:

----------------- SERVER ------------------------

proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option WINS 192.168.1.3"
duplicate-cn
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

------------------ CLIENT ----------------------

client
dev tun
proto tcp
remote www.omegacenter.it 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
ns-cert-type server
comp-lzo



Thanks
Davide



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users