[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] routing between 2 openvpn instances

  • Subject: Re: [Openvpn-users] routing between 2 openvpn instances
  • From: Sunny <sloncho@xxxxxxxxx>
  • Date: Thu, 3 Aug 2006 14:19:24 -0500
Klaus, thanks for the answer. Here are some more details:

On 8/3/06, Klaus Thielking-Riechert <klaus.thielking-riechert@xxxxxxxxxx> wrote:
> Usually it should do the way you have done.
>
> Now, you should back if your production firewall has the appropiate
> routes in order to reach the clients of you office firewall.

office fw route table: (tun0 is the connection toi prod, tun1 is for
clients, 192.x.x.x networks are in the office, 10.88.x.x are on prod,
10.136.136.x is office-prod vpn, 10.136.135.x office vpn clients):

sunny@fwqa:~> /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.136.135.2    *               255.255.255.255 UH    0      0        0 tun1
10.136.136.5    *               255.255.255.255 UH    0      0        0 tun0
10.136.136.1    10.136.136.5    255.255.255.255 UGH   0      0        0 tun0
10.136.135.0    10.136.135.2    255.255.255.0   UG    0      0        0 tun1
192.168.2.0     *               255.255.255.0   U     0      0        0 eth2
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
10.88.88.0      10.136.136.5    255.255.255.0   UG    0      0        0 tun0
10.88.8.0       10.136.136.5    255.255.255.0   UG    0      0        0 tun0
10.176.0.0      10.136.136.5    255.255.0.0     UG    0      0

And the same for prod:
10.136.136.2    *               255.255.255.255 UH    0      0        0 tun0
10.136.135.0    10.136.136.2    255.255.255.0   UG    0      0        0 tun0
192.168.2.0     10.136.136.2    255.255.255.0   UG    0      0        0 tun0
192.168.1.0     10.136.136.2    255.255.255.0   UG    0      0        0 tun0
10.88.88.0      *               255.255.255.0   U     0      0        0 eth1
10.88.8.0       *               255.255.255.0   U     0      0        0 eth2
10.136.136.0    10.136.136.2    255.255.255.0   UG    0      0        0 tun0

So, looks like all is OK. Do you see something missing?

>
> Second, I would use a tool like tcpdump in order to trace the packets
> along the path between the endpoints - this will definitely point you to
> the blackhole.

I'll try to see what comes accross.

>
> Don't use NAT in this setup -- it makes troubleshooting harder for you
> ;-)
>

That's how I made it to work in the first place to make it work at
all. But I'll see what can be done.

>
> You should have enabled IP forwarding on the OpenVPN server hosts. And
> you have to take care about the firewall rules. The routing & forwarding
> between both OpenVPN processes is done by the operating system.

It is already enabled. Both machines serve as firewalls and routers
for their networks.

>
> Best regards,
>
>    Klaus
>

Cheers
Sunny

-- 
--
Svetoslav Milenov (Sunny)

Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit
operating system originally coded for a 4-bit microprocessor by a
2-bit company that can't stand 1 bit of competition.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-08/msg00043.html on line 249

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-08/msg00043.html on line 249