|
|
I should have been clearer in my wording. The offices are satellite offices i.e. remote offices. NOT actual satellite links. Most are connected to the internet via oc-3 or ds3. -----Original Message----- From: Edson [mailto:4lists@xxxxxxxxx] Sent: Friday, December 08, 2006 5:16 AM To: Ian Anderson; openvpn-users@xxxxxxxxxxxxxxxxxxxxx Subject: RE: [Openvpn-users] routes and iroute question The short-answer: Yes. The long one: You forget that satellite links has many issues. Greater times, optimizations, etc.... to make Your tests over satellite links, first of all, don't use UDP transport, use TCP instead... Recalibrate Your windows size and timers and it will do. For more informations about OpenVPN and satellite links, please search the list history, since a 6~10 mouth ago there where great posts about this stuff... Edson. > -----Original Message----- > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:openvpn-users- > bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ian Anderson > Sent: sexta-feira, 8 de dezembro de 2006 05:57 > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx > Subject: [Openvpn-users] routes and iroute question > > I am attempting to setup an Openvpn server that will connect multiple > satellite servers. I eventually will have quagga running with ripd for > announcing routes from the satellite offices back to the openvpn server. > For the time being I am keeping the setup simple and trying to setup > routes for the client LAN via openvpn. > > To make things simple I am starting with just one satellite office and > the openvpn server. > > I am using Centos 4.4 with the latest build of openvpn 2.1 in "subnet" > mode for the server. The sattelite server is FC3 also loaded with > OpenVPN 2.1 > > LAB - OpenVPN Server has two tagged interfaces > > bond0.9 - 55.44.33.22 > bond0.8 - 10.85.6.100 > tuno0 - 192.168.1.1 > OpenVPN IP range - 192.168.1.0/24 > > LB15 - Satellite Server also has two tagged interfaces > > bond0.10 - 99.88.77.66 > bond0.2 - 10.31.15.1 > > > LAB - My openvpn server config file > > local 55.44.33.22 > topology subnet > push "topology subnet" > port 1194 > proto udp > dev tun > ca /etc/openvpn/easy-rsa/keys/ca.crt > cert /etc/openvpn/easy-rsa/keys/TestServer.crt > key /etc/openvpn/easy-rsa/keys/TestServer.key # This file should be > kept secret > dh /etc/openvpn/easy-rsa/keys/dh1024.pem > server 192.168.1.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > push "route 10.85.6.0 255.255.255.0" > client-config-dir ccd > route 10.31.15.0 255.255.255.0 > keepalive 10 60 > cipher AES-128-CBC # AES > user nobody > group nobody > persist-key > persist tun > status openvpn-status.log > verb 4 > > The server has a CCD file for LB15 which contains > > iroute 10.31.15.0 255.255.255.0 > > > My Client (LB15) OpenVPN Config file > > client > dev tun > proto udp > remote 55.44.33.22 > resolv-retry infinite > nobind > user nobody > group nobody > persist-key > persist-tun > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/client.crt > key /etc/openvpn/keys/client.key > cipher AES-128-CBC # AES > verb 3 > > > The client successfully connects to the server and gets an ip address of > 192.168.1.4/24. I can successfully ping 192.168.1.1 from the client and > can ping 192.168.1.4 from the openvpn server. The problem is I cannot > ping the 10.31.15.0 network which exits in the client's LAN. I have > tried searching through the man pages, google, and various other > websites looking for the answer but I still seem to missing something. > > My routing table on the server > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 55.44.33.21 0.0.0.0 255.255.255.240 U 0 0 0 > bond0.10 > 10.31.15.0 192.168.1.4 255.255.255.0 UG 0 0 0 > tun0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > tun0 > 10.85.6.0 0.0.0.0 255.255.255.0 U 0 0 0 > bond0.2 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > lo > 0.0.0.0 55.44.33.1 0.0.0.0 UG 0 0 0 > bond0.10 > > Routing table of the client > > 99.88.77.65 0.0.0.0 255.255.255.240 U 0 0 0 > bond0.9 > 10.31.15.0 0.0.0.0 255.255.255.0 U 0 0 0 > bond0.8 > 10.31.14.0 10.31.15.29 255.255.255.0 UG 0 0 0 > bond0.8 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > tun0 > 10.85.6.0 192.168.1.1 255.255.255.0 UG 0 0 0 > tun0 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > lo > 0.0.0.0 99.88.77.1 0.0.0.0 UG 0 0 0 > bond0.9 > > I have ip_forwarding enabled on both client and server. I have iptables > rules configured on both the client and server. I have tested with the > rules applied as well as without them and it doesn't make any > difference. > > As I said before after I get this working, I plan on installing quagga > and having ripd handle route announcements for all the satellite > markets, but if I can't get communication working with just openvpn, I > can't see how it would be possible with rip. > > Am I missing something? > > ------------------------------------------------------------------------ - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE V > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00074.html on line 373 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00074.html on line 373 |