|
|
I am attempting to setup an Openvpn server that will connect multiple satellite servers. I eventually will have quagga running with ripd for announcing routes from the satellite offices back to the openvpn server. For the time being I am keeping the setup simple and trying to setup routes for the client LAN via openvpn. To make things simple I am starting with just one satellite office and the openvpn server. I am using Centos 4.4 with the latest build of openvpn 2.1 in "subnet" mode for the server. The sattelite server is FC3 also loaded with OpenVPN 2.1 LAB - OpenVPN Server has two tagged interfaces bond0.9 - 55.44.33.22 bond0.8 - 10.85.6.100 tuno0 - 192.168.1.1 OpenVPN IP range - 192.168.1.0/24 LB15 - Satellite Server also has two tagged interfaces bond0.10 - 99.88.77.66 bond0.2 - 10.31.15.1 LAB - My openvpn server config file local 55.44.33.22 topology subnet push "topology subnet" port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/TestServer.crt key /etc/openvpn/easy-rsa/keys/TestServer.key # This file should be kept secret dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 192.168.1.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.85.6.0 255.255.255.0" client-config-dir ccd route 10.31.15.0 255.255.255.0 keepalive 10 60 cipher AES-128-CBC # AES user nobody group nobody persist-key persist tun status openvpn-status.log verb 4 The server has a CCD file for LB15 which contains iroute 10.31.15.0 255.255.255.0 My Client (LB15) OpenVPN Config file client dev tun proto udp remote 55.44.33.22 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client.crt key /etc/openvpn/keys/client.key cipher AES-128-CBC # AES verb 3 The client successfully connects to the server and gets an ip address of 192.168.1.4/24. I can successfully ping 192.168.1.1 from the client and can ping 192.168.1.4 from the openvpn server. The problem is I cannot ping the 10.31.15.0 network which exits in the client's LAN. I have tried searching through the man pages, google, and various other websites looking for the answer but I still seem to missing something. My routing table on the server Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 55.44.33.21 0.0.0.0 255.255.255.240 U 0 0 0 bond0.10 10.31.15.0 192.168.1.4 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.85.6.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0.2 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 lo 0.0.0.0 55.44.33.1 0.0.0.0 UG 0 0 0 bond0.10 Routing table of the client 99.88.77.65 0.0.0.0 255.255.255.240 U 0 0 0 bond0.9 10.31.15.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0.8 10.31.14.0 10.31.15.29 255.255.255.0 UG 0 0 0 bond0.8 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.85.6.0 192.168.1.1 255.255.255.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 lo 0.0.0.0 99.88.77.1 0.0.0.0 UG 0 0 0 bond0.9 I have ip_forwarding enabled on both client and server. I have iptables rules configured on both the client and server. I have tested with the rules applied as well as without them and it doesn't make any difference. As I said before after I get this working, I plan on installing quagga and having ripd handle route announcements for all the satellite markets, but if I can't get communication working with just openvpn, I can't see how it would be possible with rip. Am I missing something? ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00072.html on line 302 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00072.html on line 302 |