|
|
Got it, finally... I needed to add client-config-dir ccd route 192.168.23.0 255.255.255.0 to /etc/openvpn/mytunnel.conf and echo 'iroute 192.168.23.0 255.255.255.0' > ccd/aga I also pushed the 10.55.0.0 (virtual). Everything is fine now. regards, Karol On Fri, Oct 13, 2006 at 06:26:46PM +0200, Karol Krenski wrote: > Thanks for the first answers guys, but I need to go on with the issue. > > On Thu, Oct 12, 2006 at 08:47:09PM +0200, Christoph Haas wrote: > > Hi, Karol... > > > > On Thursday 12 October 2006 18:36, Karol Krenski wrote: > > > I am a newbie to VPN. Luckly I managed to configure OpenVPN server. > > > > Server? You are probably the OpenVPN "client". > Nope, I mean server and clients > > > > In > > > our school there are a few LANs (protected with firewalls and NAT) and I > > > can access all LANs from outside via school's OpenVPN server. > > > > > > The configuration > > > 10.55.0.2 - OpenVPN server tun0 > > > 10.55.0.14 - home tun0 > > > 192.168.23.1 - home eth0 > > > 195.188.79.4 - home gets natted into this > > > > > > My home machine is 192.168.23.1. Then there's router+NAT which I don't > > > administer - the traffic to the school from home comes from 195.188.79.4 > > > via that - someone's router. > > > > > > Now, how should I access home from school? When logged to the OpenVPN > > > server I can ping 10.55.0.14. Should I use 10.55.0.14 or > > > 192.168.23.1(+magic) when pinging home? > > > > Unless the OpenVPN server at school knows that your network is > > 192.168.23.?/? you can only reach 10.55.0.14. > Right, this is the problem, I want to teach OpenVPN server about > 192.168.23.? - home network. So I added > push "route 192.168.23.0 255.255.255.0" > to /etc/openvpn/mytunnel.conf > > This is my school host (192.168.50.15/10.55.0.18) connected to the tunnel: > > [user@g15 ~]$ sudo route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > 10.55.0.1 10.55.0.17 255.255.255.255 UGH 0 0 0 tun0 > 10.55.0.17 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 192.168.23.0 10.55.0.17 255.255.255.0 UG 0 0 0 tun0 > 0.0.0.0 192.168.50.100 0.0.0.0 UG 0 0 0 eth0 > > As you can see the 192.168.23.0 network was "imported" > > ---------------------------- > 192.168.23.1 home > 191.64.17.45 OpenVPN server > > [user@g15 ~]$ sudo ping 192.168.23.1 > > tcpdump on the OpenVPN server: > 17:08:29.558237 IP 10.55.0.18 > 192.168.23.1: icmp 44: echo request seq 35840 > 17:08:29.558272 IP 191.64.17.45 > 192.168.23.1: icmp 44: echo request seq 35840 > 17:08:29.686058 IP 10.55.0.18 > 192.168.23.1: icmp 44: echo request seq 36096 > 17:08:29.686092 IP 191.64.17.45 > 192.168.23.1: icmp 44: echo request seq 36096 > 17:08:29.814057 IP 10.55.0.18 > 192.168.23.1: icmp 44: echo request seq 36352 > 17:08:29.814092 IP 191.64.17.45 > 192.168.23.1: icmp 44: echo request seq 36352 > > Ping goes to right gate, but VPN server can't forward it. How can > 191.64.17.45 ever reach 192.168.23.1? There is no route to 192.168.23.0 > on the OpenVPN server. There is nothing about 192.168.23.0 in /etc > (except push parameter). > > As I said in my first post, 192.168.23.0 gets nated into 195.187.79.4 > and I can see it in vpn log (aga is home machine): > [user@vpnserver ~] cat /etc/openvpn/openvpn-status.log > > OpenVPN CLIENT LIST > g15,192.168.50.15:1040,93724,41186,Fri Oct 13 16:42:33 2006 > aga,195.188.79.4:1330,4006,4428,Fri Oct 13 17:34:57 2006 > > ROUTING TABLE > Virtual Address,Common Name,Real Address,Last Ref > 10.55.0.14,aga,195.188.79.4:1330,Fri Oct 13 17:35:00 2006 > 10.55.0.18,g15,192.168.50.15:1040,Fri Oct 13 17:09:44 2006 > > The question is "shouldn't I rather reach home via 10.55.0.14?" which > doesn't work either, but I concentrated on 192.168.23.0. > > I can draw a picture if that would help. I would appreciate any help. > > regards, > Karol ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |