|
|
Dave, when you ping a host on the server's subnet, does that machine on the server's subnet know where to send stuff back to (i.e. the VPN server instead of the default GW) ? if your VPN server has address 192.168.0.4 then try adding a route route add -net 10.0.0.0/8 gw 192.168.0.4 to a machine on the server subnet. Alternatively, try an iptables masquerading rule for all traffic coming from the client and leaving the VPN server, e.g. iptables -t nat -D POSTROUTING -j MASQUERADE (for linux based hosts). HTH, JJK Dave wrote: > Hello, > Yes, the vpn machine is configured to route between the two networks. > The external client has no difficulty pinging the vpn server itself either > via the 10.x or it's 192.x address, but can't ping any other machines on > it's subnet. > Dave. > > ----- Original Message ----- > From: "Luke Kearney" <lkearney@xxxxxxxxxxxxx> > To: "Dave" <dmehler26@xxxxxxxxxx> > Cc: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>; > <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> > Sent: Monday, November 19, 2007 2:02 AM > Subject: Re: [Openvpn-users] OpenVPN and Samba over Tun. > > > >> Hi Dave, >> >> Just a quick stab in the dark but is routing enabled on the VPN gateway? >> ie is it permitted to pass traffic between the LAN segment and the VPN >> segment(s)? >> >> HTH >> >> Luke >> >> Dave wrote: >> >>> Hello, >>> Thanks. On my gateway i added manually: >>> route add 10.8.0.0/24 192.168.0.4 >>> but this didn't enable to ping other boxes say 192.168.0.3 and samba >>> still >>> can't find the network shares. Should i think about going bridge? >>> Suggestions welcome. >>> Thanks. >>> Dave. >>> >>> ----- Original Message ----- >>> From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx> >>> To: "Dave" <dmehler26@xxxxxxxxxx>; <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> >>> Sent: Sunday, November 18, 2007 7:47 AM >>> Subject: RE: [Openvpn-users] OpenVPN and Samba over Tun. >>> >>> >>> You need a route from the LAN machines to the VPN client. >>> Either set up a >>> route 10.8.0.0/24 192.168.0.4 >>> on each LAN host that needs to comunicate with VPN client(s) >>> or do that on the gateway. >>> >>> David >>> PS: Did anyone notice, that 80% of questions are about routing ? ;) >>> >>> ________________________________ >>> >>> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Dave >>> Sent: Sun 18-Nov-07 04:29 >>> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >>> Subject: [Openvpn-users] OpenVPN and Samba over Tun. >>> >>> >>> >>> Hello, >>> I'm trying to get OpenVPN working with samba. My goal is to have a >>> remote >>> client for now though possibly expanding to more, initiate an openvpn >>> connection and be able to use samba shares as if it was on the local >>> network. The openvpn machine is on 192.168.0.4, samba server is >>> 192.168.0.3, >>> and the openvpn hands out IP's in the 10.8.0.0/24 net as in the server >>> howto. The remote client in this example is on 192.168.2.0/24 network. >>> I'm following http://openvpn.net/howto.html and have established a basic >>> tunnel with tls authentication. From the client machine on the >>> 192.168.2.0/24 network I can ping 10.8.0.1, and 192.168.0.4 which is the >>> openvpn server so i have basic point to point connectivity. I'm now >>> expanding the scope of the connection to include other machines >>> particularly >>> the samba server at 192.168.0.3. I added: >>> push "route 192.168.0.0 255.255.255.0" >>> on the serverside and restarted. I am confused about the next part of the >>> docs. Http://openvpn.net/howto.html#scope says: >>> >>> "Next, you must set up a route on the server-side LAN gateway to route >>> the >>> VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only >>> necessary >>> if the OpenVPN server and the LAN gateway are different machines). >>> >>> Make sure that you've enabled >>> IP >>> and >>> TUN/TAP >>> forwarding on the OpenVPN server machine." >>> >>> The Openvpn server and the lan gateway are not on the same machine, the >>> lan >>> gateway is running FreeBSD the openvpn server is running Linux. If anyone >>> can clarify this point i'd appreciate it. >>> The final objective was to add the hosts allow directive to the smb.conf >>> on >>> 192.168.0.3, so i added hosts allow 10.8.0.0/24 to the existing hosts. >>> Aside from the routing did i miss a step? As i said my goal connect up, >>> and >>> access drives either by mapped drive letter, unc drive convention, or >>> network neighborhood. Is this doable? >>> Thanks. >>> Dave. >>> >>> >>> ------------------------------------------------------------------------- >>> This SF.net email is sponsored by: Microsoft >>> Defy all challenges. Microsoft(R) Visual Studio 2005. >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>> _______________________________________________ >>> Openvpn-users mailing list >>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx >>> https://lists.sourceforge.net/lists/listinfo/openvpn-users >>> >>> >>> >>> >>> ------------------------------------------------------------------------- >>> This SF.net email is sponsored by: Microsoft >>> Defy all challenges. Microsoft(R) Visual Studio 2005. >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>> _______________________________________________ >>> Openvpn-users mailing list >>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx >>> https://lists.sourceforge.net/lists/listinfo/openvpn-users >>> >>> >> -- >> Luke Kearney >> ____________________ >> Infrastructure Manager >> K.K WebSoftTT Japan >> http://www.websofttt.com >> Tel: + 81-90-2427-3671 >> >> NOTICE: This communication may contain privileged or other confidential >> information. If you are not the intended recipient, or believe that you >> have received this communication in error, please do not print, copy, >> retransmit, disseminate, or otherwise use the information. Also, please >> indicate to the sender that you have received this communication in error, >> and delete the copy you received. >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |