[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Site2Site - routing-problem (linux)

  • Subject: Re: [Openvpn-users] Site2Site - routing-problem (linux)
  • From: Martin Müller - Rudolf Hausstein OHG <m.mueller@xxxxxxxxxxxx>
  • Date: Thu, 01 Jun 2006 08:14:12 +0200
Phil Burrow schrieb: 
Martin Müller - Rudolf Hausstein OHG wrote:

> Client: route -n
> Kernel IP Routentabelle
> Ziel Router Genmask Flags Metric Ref Use Iface
> 192.168.123.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
> 192.168.100.0 192.168.123.5 255.255.255.0 UG 0 0 0 tun0
> 192.168.123.0 192.168.123.5 255.255.255.0 UG 0 0 0 tun0
> 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0

Hi Martin,

From this routing table, your local subnet is 10.0.0.0/255.0.0.0 instead of 10.8.0.0/255.255.255.0 like you put in your OpenVPN configs. That's the reason push "route 10.8.0.0 255.255.255.0" breaks your client LAN, because OpenVPN would create a route that directs traffic for 10.8.0.0/255.255.255.0 to your OpenVPN server since there is no route for that subnet on your client.

EITHER change this line:

> 10.0.0.0       0.0.0.0        255.0.0.0       U     0      0     0 eth0

to

> 10.8.0.0       0.0.0.0        255.255.255.0       U     0      0 0 eth0

OR

I have tried to change this, but with no success. Cant figure out the right syntax.


Try changing your client LAN subnet to 10.0.0.0/255.0.0.0 in your OpenVPN config files (server.conf and ccd/test). i.e:

server.conf:

  route 10.0.0.0 255.0.0.0
  push "route 192.168.100.0 255.255.255.0"
  push "route 10.0.0.0 255.0.0.0"

ccd/test:

iroute 10.0.0.0 255.0.0.0

So I changed my second LAN to your suggestion. But it wasnt working (like 10.8.0.0). Cant reach the Server-LAN from the Client-Lan.

So what I think is, that the problem belongs to the networkmask.
I changed my Client-LAN to 192.168.200.0

#/etc/openvpn/server.conf
route 192.168.200.0 255.255.255.0
push "route 192.168.100.0 255.255.255.0"

Here again, I put away the line
'push "route 192.168.200.0 255.255.255.0" '
because when I use this, the Clients of 192.168.200.0/24 cant reach 192.168.200.99.

#/etc/openvpn/ccd/test
iroute 192.168.200.0 255.255.255.0


route on the client with tun0 down:
Ziel Router Genmask Flags Metric Ref Use Iface
83.64.124.96 0.0.0.0 255.255.255.240 U 0 0 0 eth1
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 83.64.124.97 0.0.0.0 UG 0 0 0 eth1


route in the client with tun0 up:
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.123.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
83.64.124.96 0.0.0.0 255.255.255.240 U 0 0 0 eth1
192.168.100.0 192.168.123.5 255.255.255.0 UG 0 0 0 tun0
192.168.200.0 192.168.123.5 255.255.255.0 UG 0 0 0 tun0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.123.0 192.168.123.5 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 83.64.124.97 0.0.0.0 UG 0 0 0 eth1




Apart from that it looks fine., all traffic for 192.168.100.0 and for 192.168.123.0 goes via gateway 192.168.123.5 (tun0) which is what you want.

Can you ping 192.168.123.1 from your client? 

Yes.


Thank you for your support.




Best regards,

Martin


-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-06/msg00000.html on line 260

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-06/msg00000.html on line 260