[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: newbie confused about routing/openvpn

  • Subject: Re: [Openvpn-users] Re: newbie confused about routing/openvpn
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Thu, 04 May 2006 16:52:37 -0500
Julie S. Lin wrote: 
when logged into my openvpn server (192.168.0.202) ip address, i have
no problems pinging another machine on the 192.168.0.0 or
192.168.20.0 network. it looks to me like my vpn server is simply NOT
using VPN to reach other machines?

here's a bit more diagnosis/info to add to what I already previous posted.

openvpnserver% traceroute 192.168.0.13
openvpnserver% traceroute 192.168.20.10

The results (traffic to 192.168.0.13 and 192.168.20.10 going through eth0) is expected. Why should the system try to use the VPN to reach addresses on your LAN? It's strictly traffic to 10.69.* which is expected to route through the VPN.

If you're intended to encrypt traffic within your LAN (rather than allow remote users or sites to interconnect with your LAN), then this is something which IPsec is better suited for.

it does have a route back to the VPN server, albeit on the 192.168.0.0 network and I can ping the openvpn server.

It's not whether you can ping the OpenVPN server that is in question; rather, it's whether you (from a system on 192.168.0.0) can ping the OpenVPN server's clients, and whether ping packets going to those clients are routed via the OpenVPN server.

Further, my understanding is that it's communicating with the machines on 192.168.20.* which are problematic; seeing one of their routing tables would be useful.

192.168.0.13:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt  Iface
192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0  eth0
10.69.0.0       192.168.0.202   255.255.255.0   UG       40 0          0  eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG       40 0          0  eth0

192.168.0.13:~# ping 10.69.0.1
PING 10.69.0.1 (10.69.0.1): 56 data bytes
64 bytes from 10.69.0.1: icmp_seq=0 ttl=64 time=0.1 ms
64 bytes from 10.69.0.1: icmp_seq=1 ttl=64 time=0.1 ms

--- 10.69.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.1 ms

Are you saying that this same machine (192.168.0.13) can't ping VPN clients, or can't be pinged by VPN clients? My understanding was that 192.168.0.* systems worked correctly, and that it was 192.168.20.* systems which didn't; consequently, it's info from the non-working systems which would be most valuable.

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00051.html on line 220

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00051.html on line 220