[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] bridging were client local ip is on the same subnet as server


  • Subject: [Openvpn-users] bridging were client local ip is on the same subnet as server
  • From: Mike Williams <mike.williams@xxxxxxxxxx>
  • Date: Mon, 17 Jul 2006 17:29:14 +0100

Hi,

Appologies if this has been covered somewhere else before, I have looked, 
honest! :)

I've got OpenVPN setup and working correctly, as a bridge. We need it to be a 
bridge so that clients connecting are able to access the other offices, on 
different subnets, over the permenant ipsec VPNs which limit the traffic 
going over them to the subnets connected each end.

OpenVPNs local IP is 192.168.0.26, behind a firewall at 192.168.0.10 which 
forwards UDP port 1194 to it. The firewall has a real public IP the other 
side.
My tests using a laptop dialed up to a normal ISP worked fine. The client was 
able to access everything exactly as if it were connected to the LAN.
I've had two people connect from home too. One with a 3G datacard, the other 
behind an ADSL router on the 192.168.1.0/24 subnet (we don't use 
192.168.1.0/24 at all). I'm using redirect-gateway, so all their traffic 
travelled via the office.
Perfect! I thought.
Until, someone else tried it from home, on their laptop, behind their ICS 
gateway (ick!). ICS gives you no option but to use 192.168.0.0/24 taking 
192.168.0.1 for itself.
This lead to his routing getting throughly messed up. I, on the office 
192.168.0.0/24, could ping him, but he couldn't ping me. He could however 
still get to his own internal network, the internet, and the other offices.
He was left with 2 default routes, both to the gateway 192.168.0.26 (openvpn), 
but one out the TAP interface and one out his physical interface. 2 routes to 
192.168.0.0/24 too, one TAP, one physical.

Obviously seriously messed up.
And this is where I'm stuck, I guess I need to give him a route to 192.168.0.1 
out the physical interface, a route to the office out the physical interface 
via 192.168.0.1, and a default route out the TAP interface via OpenVPN.

It's a pain in the ass situation, but something I'm sure someone must have 
come across.
Ideas anyone?

Thanks.

-- 
Mike Williams
System Administration Manager - Comodo
Office Tel Europe: +44 (0) 161 8747070
Fax Europe: +44 (0) 161 8771767

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users