Re: [Openvpn-users] Re: newbie confused about routing/openvpn

[Charles Duffy <cduffy@xxxxxxxxxxx>]

Julie S. Lin wrote:
> when i fire up my openvpn client at home, i can only reach my vpn 
> server....i can not reach or ping 192.168.0.13
> i..e BOTH 192.168.0.0 and 192.168.20.0 networks are unreachable though 
> the VPN from the client side.
> however i can ping and ssh into 192.168.0.202 just fine.

And 192.168.0.202 is the LAN IP of your VPN server? Ahh; this is making 
more sense. I was indeed a little muddy earlier.

Is IP forwarding turned on on the VPN server? Is the FORWARD chain set 
to ALLOW traffic?

See:
http://openvpn.net/faq.html#ip-forward
http://openvpn.net/faq.html#firewall

If neither of those is helpful, try using ethereal or tcpdump to see if 
traffic sent over the tap interface by your client at home to a 
different machine at the office comes out the ethernet interface of the 
VPN server. If it does, do you get return traffic? If you don't get 
return traffic, validate that there's a return route in place.

> could my iptables rule be causing the problem? it forwards all traffic 
> on port 1194 from public
> address to my openvpn server at 192.168.0.202.  the below rule does 
> assume openvpn server then routes to the
> subnets behind it.
>
> DNAT:info net   loc:192.168.0.202 udp   1194 - xxx.xxx.xxx.xxx

That rule looks fine. Is the default policy ALLOW?

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users