|
|
Hi
ack, so sorry, i was being unclear.
when i fire up my openvpn client at home, i can only reach my vpn
server....i can not reach or ping 192.168.0.13
i..e BOTH 192.168.0.0 and 192.168.20.0 networks are unreachable though
the VPN from the client side.
however i can ping and ssh into 192.168.0.202 just fine.
i will test tonight to see if i can ping or reach my client at home from
192.168.0.13 as an additional test
i suspect i will not be able to ping the openvpn client.
could my iptables rule be causing the problem? it forwards all traffic
on port 1194 from public
address to my openvpn server at 192.168.0.202. the below rule does
assume openvpn server then routes to the
subnets behind it.
DNAT:info net loc:192.168.0.202 udp 1194 - xxx.xxx.xxx.xxx
Charles Duffy wrote:
Julie S. Lin wrote:
when logged into my openvpn server (192.168.0.202) ip address, i have
no problems pinging another machine on the 192.168.0.0 or
192.168.20.0 network. it looks to me like my vpn server is simply NOT
using VPN to reach other machines?
here's a bit more diagnosis/info to add to what I already previous
posted.
openvpnserver% traceroute 192.168.0.13
openvpnserver% traceroute 192.168.20.10
The results (traffic to 192.168.0.13 and 192.168.20.10 going through
eth0) is expected. Why should the system try to use the VPN to reach
addresses on your LAN? It's strictly traffic to 10.69.* which is
expected to route through the VPN.
If you're intended to encrypt traffic within your LAN (rather than
allow remote users or sites to interconnect with your LAN), then this
is something which IPsec is better suited for.
it does have a route back to the VPN server, albeit on the
192.168.0.0 network and I can ping the openvpn server.
It's not whether you can ping the OpenVPN server that is in question;
rather, it's whether you (from a system on 192.168.0.0) can ping the
OpenVPN server's clients, and whether ping packets going to those
clients are routed via the OpenVPN server.
Further, my understanding is that it's communicating with the machines
on 192.168.20.* which are problematic; seeing one of their routing
tables would be useful.
192.168.0.13:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 40
0 0 eth0
10.69.0.0 192.168.0.202 255.255.255.0 UG 40
0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 40
0 0 eth0
192.168.0.13:~# ping 10.69.0.1
PING 10.69.0.1 (10.69.0.1): 56 data bytes
64 bytes from 10.69.0.1: icmp_seq=0 ttl=64 time=0.1 ms
64 bytes from 10.69.0.1: icmp_seq=1 ttl=64 time=0.1 ms
--- 10.69.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.1 ms
Are you saying that this same machine (192.168.0.13) can't ping VPN
clients, or can't be pinged by VPN clients? My understanding was that
192.168.0.* systems worked correctly, and that it was 192.168.20.*
systems which didn't; consequently, it's info from the non-working
systems which would be most valuable.
-------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job
easier
Geronimo
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00052.html on line 260
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00052.html on line 260
|