[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] routes and iroute question

  • Subject: Re: [Openvpn-users] routes and iroute question
  • From: "Edson" <4lists@xxxxxxxxx>
  • Date: Fri, 8 Dec 2006 14:03:52 -0200
Ok... 

Then, forget _MY_ words... ;)

Edson.

> -----Original Message-----
> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:openvpn-users-
> bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ian Anderson
> Sent: sexta-feira, 8 de dezembro de 2006 11:36
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] routes and iroute question
> 
> I should have been clearer in my wording.  The offices are satellite
> offices i.e. remote offices. NOT actual satellite links. Most are
> connected to the internet via oc-3 or ds3.
> 
> -----Original Message-----
> From: Edson [mailto:4lists@xxxxxxxxx]
> Sent: Friday, December 08, 2006 5:16 AM
> To: Ian Anderson; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: RE: [Openvpn-users] routes and iroute question
> 
> The short-answer: Yes.
> 
> The long one: You forget that satellite links has many issues. Greater
> times, optimizations, etc.... to make Your tests over satellite links,
> first
> of all, don't use UDP transport, use TCP instead... Recalibrate Your
> windows
> size and timers and it will do.
> 
> For more informations about OpenVPN and satellite links, please search
> the
> list history, since a 6~10 mouth ago there where great posts about this
> stuff...
> 
> Edson.
> 
> > -----Original Message-----
> > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> [mailto:openvpn-users-
> > bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ian Anderson
> > Sent: sexta-feira, 8 de dezembro de 2006 05:57
> > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > Subject: [Openvpn-users] routes and iroute question
> >
> > I am attempting to setup an Openvpn server that will connect multiple
> > satellite servers.  I eventually will have quagga running with ripd
> for
> > announcing routes from the satellite offices back to the openvpn
> server.
> > For the time being I am keeping the setup simple and trying to setup
> > routes for the client LAN via openvpn.
> >
> > To make things simple I am starting with just one satellite office and
> > the openvpn server.
> >
> > I am using Centos 4.4 with the latest build of openvpn 2.1 in "subnet"
> > mode for the server. The sattelite server is FC3 also loaded with
> > OpenVPN 2.1
> >
> > LAB - OpenVPN Server has two tagged interfaces
> >
> > bond0.9 - 55.44.33.22
> > bond0.8 - 10.85.6.100
> > tuno0 - 192.168.1.1
> > OpenVPN IP range - 192.168.1.0/24
> >
> > LB15 - Satellite Server also has two tagged interfaces
> >
> > bond0.10 - 99.88.77.66
> > bond0.2 - 10.31.15.1
> >
> >
> > LAB - My openvpn server config file
> >
> > local 55.44.33.22
> > topology subnet
> > push "topology subnet"
> > port 1194
> > proto udp
> > dev tun
> > ca /etc/openvpn/easy-rsa/keys/ca.crt
> > cert /etc/openvpn/easy-rsa/keys/TestServer.crt
> > key /etc/openvpn/easy-rsa/keys/TestServer.key  # This file should be
> > kept secret
> > dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> > server 192.168.1.0 255.255.255.0
> > ifconfig-pool-persist ipp.txt
> > push "route 10.85.6.0 255.255.255.0"
> > client-config-dir ccd
> > route 10.31.15.0 255.255.255.0
> > keepalive 10 60
> > cipher AES-128-CBC   # AES
> > user nobody
> > group nobody
> > persist-key
> > persist tun
> > status openvpn-status.log
> > verb 4
> >
> > The server has a CCD file for LB15 which contains
> >
> > iroute 10.31.15.0 255.255.255.0
> >
> >
> > My Client (LB15) OpenVPN Config file
> >
> > client
> > dev tun
> > proto udp
> > remote 55.44.33.22
> > resolv-retry infinite
> > nobind
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > ca /etc/openvpn/keys/ca.crt
> > cert /etc/openvpn/keys/client.crt
> > key /etc/openvpn/keys/client.key
> > cipher AES-128-CBC   # AES
> > verb 3
> >
> >
> > The client successfully connects to the server and gets an ip address
> of
> > 192.168.1.4/24. I can successfully ping 192.168.1.1 from the client
> and
> > can ping 192.168.1.4 from the openvpn server. The problem is I cannot
> > ping the 10.31.15.0 network which exits in the client's LAN.  I have
> > tried searching through the man pages, google, and various other
> > websites looking for the answer but I still seem to missing something.
> >
> > My routing table on the server
> >
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref
> Use
> > Iface
> > 55.44.33.21     0.0.0.0         255.255.255.240 U     0      0
> 0
> > bond0.10
> > 10.31.15.0      192.168.1.4     255.255.255.0   UG    0      0
> 0
> > tun0
> > 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0
> 0
> > tun0
> > 10.85.6.0       0.0.0.0         255.255.255.0   U     0      0
> 0
> > bond0.2
> > 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0
> 0
> > lo
> > 0.0.0.0         55.44.33.1      0.0.0.0         UG    0      0
> 0
> > bond0.10
> >
> > Routing table of the client
> >
> > 99.88.77.65     0.0.0.0         255.255.255.240 U     0      0
> 0
> > bond0.9
> > 10.31.15.0      0.0.0.0         255.255.255.0   U     0      0
> 0
> > bond0.8
> > 10.31.14.0      10.31.15.29     255.255.255.0   UG    0      0
> 0
> > bond0.8
> > 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0
> 0
> > tun0
> > 10.85.6.0       192.168.1.1     255.255.255.0   UG    0      0
> 0
> > tun0
> > 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0
> 0
> > lo
> > 0.0.0.0         99.88.77.1      0.0.0.0         UG    0      0
> 0
> > bond0.9
> >
> > I have ip_forwarding enabled on both client and server.  I have
> iptables
> > rules configured on both the client and server. I have tested with the
> > rules applied as well as without them and it doesn't make any
> > difference.
> >
> > As I said before after I get this working, I plan on installing quagga
> > and having ripd handle route announcements for all the satellite
> > markets, but if  I can't get communication working with just openvpn,
> I
> > can't see how it would be possible with rip.
> >
> > Am I missing something?
> >
> >
> ------------------------------------------------------------------------
> -
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to
> share
> > your
> > opinions on IT & business topics through brief surveys - and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
> V
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00075.html on line 399

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00075.html on line 399