[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] ***SPAM*** Re: OpenVPN and Samba over Tun.


  • Subject: Re: [Openvpn-users] ***SPAM*** Re: OpenVPN and Samba over Tun.
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Mon, 19 Nov 2007 15:01:24 +0100

Dave,

when you ping a host on the server's subnet, does that machine on the 
server's subnet know where to send stuff back to (i.e. the VPN server 
instead of the default GW) ?

if your VPN server has address 192.168.0.4 then try adding a route
  route add -net 10.0.0.0/8 gw 192.168.0.4
to a machine on the server subnet.
Alternatively, try an iptables masquerading rule for all traffic coming 
from the client and leaving the VPN server, e.g.
  iptables -t nat -D POSTROUTING -j MASQUERADE
(for linux based hosts).

HTH,

JJK

Dave wrote:
> Hello,
>     Yes, the vpn machine is configured to route between the two networks. 
> The external client has no difficulty pinging the vpn server itself either 
> via the 10.x or it's 192.x address, but can't ping any other machines on 
> it's subnet.
> Dave.
>
> ----- Original Message ----- 
> From: "Luke Kearney" <lkearney@xxxxxxxxxxxxx>
> To: "Dave" <dmehler26@xxxxxxxxxx>
> Cc: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>; 
> <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Monday, November 19, 2007 2:02 AM
> Subject: Re: [Openvpn-users] OpenVPN and Samba over Tun.
>
>
>   
>> Hi Dave,
>>
>> Just a quick stab in the dark but is routing enabled on the VPN gateway?
>> ie is it permitted to pass traffic between the LAN segment and the VPN
>> segment(s)?
>>
>> HTH
>>
>> Luke
>>
>> Dave wrote:
>>     
>>> Hello,
>>>     Thanks. On my gateway i added manually:
>>> route add 10.8.0.0/24 192.168.0.4
>>> but this didn't enable to ping other boxes say 192.168.0.3 and samba 
>>> still
>>> can't find the network shares. Should i think about going bridge?
>>>     Suggestions welcome.
>>> Thanks.
>>> Dave.
>>>
>>> ----- Original Message ----- 
>>> From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
>>> To: "Dave" <dmehler26@xxxxxxxxxx>; <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
>>> Sent: Sunday, November 18, 2007 7:47 AM
>>> Subject: RE: [Openvpn-users] OpenVPN and Samba over Tun.
>>>
>>>
>>> You need a route from the LAN machines to the VPN client.
>>> Either set up a
>>> route 10.8.0.0/24 192.168.0.4
>>> on each LAN host that needs to comunicate with VPN client(s)
>>> or do that on the gateway.
>>>
>>> David
>>> PS: Did anyone notice, that 80% of questions are about routing ? ;)
>>>
>>> ________________________________
>>>
>>> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Dave
>>> Sent: Sun 18-Nov-07 04:29
>>> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>> Subject: [Openvpn-users] OpenVPN and Samba over Tun.
>>>
>>>
>>>
>>> Hello,
>>>  I'm trying to get OpenVPN working with samba. My goal is to have a 
>>> remote
>>> client for now though possibly expanding to more, initiate an openvpn
>>> connection and be able to use samba shares as if it was on the local
>>> network. The openvpn machine is on 192.168.0.4, samba server is 
>>> 192.168.0.3,
>>> and the openvpn hands out IP's in the 10.8.0.0/24 net as in the server
>>> howto. The remote client in this example is on 192.168.2.0/24 network.
>>>  I'm following http://openvpn.net/howto.html and have established a basic
>>> tunnel with tls authentication. From the client machine on the
>>> 192.168.2.0/24 network I can ping 10.8.0.1, and 192.168.0.4 which is the
>>> openvpn server so i have basic point to point connectivity. I'm now
>>> expanding the scope of the connection to include other machines 
>>> particularly
>>> the samba server at 192.168.0.3. I added:
>>> push "route 192.168.0.0 255.255.255.0"
>>> on the serverside and restarted. I am confused about the next part of the
>>> docs. Http://openvpn.net/howto.html#scope says:
>>>
>>> "Next, you must set up a route on the server-side LAN gateway to route 
>>> the
>>> VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only
>>> necessary
>>> if the OpenVPN server and the LAN gateway are different machines).
>>>
>>> Make sure that you've enabled
>>> IP
>>> and
>>> TUN/TAP
>>> forwarding on the OpenVPN server machine."
>>>
>>> The Openvpn server and the lan gateway are not on the same machine, the 
>>> lan
>>> gateway is running FreeBSD the openvpn server is running Linux. If anyone
>>> can clarify this point i'd appreciate it.
>>> The final objective was to add the hosts allow directive to the smb.conf 
>>> on
>>> 192.168.0.3, so i added hosts allow 10.8.0.0/24 to the existing hosts.
>>>  Aside from the routing did i miss a step? As i said my goal connect up, 
>>> and
>>> access drives either by mapped drive letter, unc drive convention, or
>>> network neighborhood. Is this doable?
>>> Thanks.
>>> Dave.
>>>
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>
>>>       
>> -- 
>> Luke Kearney
>> ____________________
>> Infrastructure Manager
>> K.K WebSoftTT Japan
>> http://www.websofttt.com
>> Tel: + 81-90-2427-3671
>>
>> NOTICE:  This communication may contain privileged or other confidential 
>> information.  If you are not the intended recipient, or believe that you 
>> have received this communication in error, please do not print, copy, 
>> retransmit, disseminate, or otherwise use the information. Also, please 
>> indicate to the sender that you have received this communication in error, 
>> and delete the copy you received. 
>>     
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users