[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] ***SPAM*** Re: OpenVPN and Samba over Tun.


  • Subject: Re: [Openvpn-users] ***SPAM*** Re: OpenVPN and Samba over Tun.
  • From: Luke Kearney <lkearney@xxxxxxxxxxxxx>
  • Date: Mon, 19 Nov 2007 23:06:19 +0900

Hi Dave,

Jan's suggestion is spot on. A third option and perhaps quick is to put
a static route on your default gw pointing to the VPN server for the
subnet(s) available on VPN - this has given me considerable value in the
past - ymmv :-)

HTH

LukeK

Jan Just Keijser wrote:
> Dave,
>
> when you ping a host on the server's subnet, does that machine on the 
> server's subnet know where to send stuff back to (i.e. the VPN server 
> instead of the default GW) ?
>
> if your VPN server has address 192.168.0.4 then try adding a route
>   route add -net 10.0.0.0/8 gw 192.168.0.4
> to a machine on the server subnet.
> Alternatively, try an iptables masquerading rule for all traffic coming 
> from the client and leaving the VPN server, e.g.
>   iptables -t nat -D POSTROUTING -j MASQUERADE
> (for linux based hosts).
>
> HTH,
>
> JJK
>
> Dave wrote:
>   
>> Hello,
>>     Yes, the vpn machine is configured to route between the two networks. 
>> The external client has no difficulty pinging the vpn server itself either 
>> via the 10.x or it's 192.x address, but can't ping any other machines on 
>> it's subnet.
>> Dave.
>>
>> ----- Original Message ----- 
>> From: "Luke Kearney" <lkearney@xxxxxxxxxxxxx>
>> To: "Dave" <dmehler26@xxxxxxxxxx>
>> Cc: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>; 
>> <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
>> Sent: Monday, November 19, 2007 2:02 AM
>> Subject: Re: [Openvpn-users] OpenVPN and Samba over Tun.
>>
>>
>>   
>>     
>>> Hi Dave,
>>>
>>> Just a quick stab in the dark but is routing enabled on the VPN gateway?
>>> ie is it permitted to pass traffic between the LAN segment and the VPN
>>> segment(s)?
>>>
>>> HTH
>>>
>>> Luke
>>>
>>> Dave wrote:
>>>     
>>>       
>>>> Hello,
>>>>     Thanks. On my gateway i added manually:
>>>> route add 10.8.0.0/24 192.168.0.4
>>>> but this didn't enable to ping other boxes say 192.168.0.3 and samba 
>>>> still
>>>> can't find the network shares. Should i think about going bridge?
>>>>     Suggestions welcome.
>>>> Thanks.
>>>> Dave.
>>>>
>>>> ----- Original Message ----- 
>>>> From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
>>>> To: "Dave" <dmehler26@xxxxxxxxxx>; <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
>>>> Sent: Sunday, November 18, 2007 7:47 AM
>>>> Subject: RE: [Openvpn-users] OpenVPN and Samba over Tun.
>>>>
>>>>
>>>> You need a route from the LAN machines to the VPN client.
>>>> Either set up a
>>>> route 10.8.0.0/24 192.168.0.4
>>>> on each LAN host that needs to comunicate with VPN client(s)
>>>> or do that on the gateway.
>>>>
>>>> David
>>>> PS: Did anyone notice, that 80% of questions are about routing ? ;)
>>>>
>>>> ________________________________
>>>>
>>>> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Dave
>>>> Sent: Sun 18-Nov-07 04:29
>>>> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>>> Subject: [Openvpn-users] OpenVPN and Samba over Tun.
>>>>
>>>>
>>>>
>>>> Hello,
>>>>  I'm trying to get OpenVPN working with samba. My goal is to have a 
>>>> remote
>>>> client for now though possibly expanding to more, initiate an openvpn
>>>> connection and be able to use samba shares as if it was on the local
>>>> network. The openvpn machine is on 192.168.0.4, samba server is 
>>>> 192.168.0.3,
>>>> and the openvpn hands out IP's in the 10.8.0.0/24 net as in the server
>>>> howto. The remote client in this example is on 192.168.2.0/24 network.
>>>>  I'm following http://openvpn.net/howto.html and have established a basic
>>>> tunnel with tls authentication. From the client machine on the
>>>> 192.168.2.0/24 network I can ping 10.8.0.1, and 192.168.0.4 which is the
>>>> openvpn server so i have basic point to point connectivity. I'm now
>>>> expanding the scope of the connection to include other machines 
>>>> particularly
>>>> the samba server at 192.168.0.3. I added:
>>>> push "route 192.168.0.0 255.255.255.0"
>>>> on the serverside and restarted. I am confused about the next part of the
>>>> docs. Http://openvpn.net/howto.html#scope says:
>>>>
>>>> "Next, you must set up a route on the server-side LAN gateway to route 
>>>> the
>>>> VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only
>>>> necessary
>>>> if the OpenVPN server and the LAN gateway are different machines).
>>>>
>>>> Make sure that you've enabled
>>>> IP
>>>> and
>>>> TUN/TAP
>>>> forwarding on the OpenVPN server machine."
>>>>
>>>> The Openvpn server and the lan gateway are not on the same machine, the 
>>>> lan
>>>> gateway is running FreeBSD the openvpn server is running Linux. If anyone
>>>> can clarify this point i'd appreciate it.
>>>> The final objective was to add the hosts allow directive to the smb.conf 
>>>> on
>>>> 192.168.0.3, so i added hosts allow 10.8.0.0/24 to the existing hosts.
>>>>  Aside from the routing did i miss a step? As i said my goal connect up, 
>>>> and
>>>> access drives either by mapped drive letter, unc drive convention, or
>>>> network neighborhood. Is this doable?
>>>> Thanks.
>>>> Dave.
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.net email is sponsored by: Microsoft
>>>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>> _______________________________________________
>>>> Openvpn-users mailing list
>>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.net email is sponsored by: Microsoft
>>>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>> _______________________________________________
>>>> Openvpn-users mailing list
>>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>>
>>>>       
>>>>         
>>> -- 
>>> Luke Kearney
>>> ____________________
>>> Infrastructure Manager
>>> K.K WebSoftTT Japan
>>> http://www.websofttt.com
>>> Tel: + 81-90-2427-3671
>>>
>>> NOTICE:  This communication may contain privileged or other confidential 
>>> information.  If you are not the intended recipient, or believe that you 
>>> have received this communication in error, please do not print, copy, 
>>> retransmit, disseminate, or otherwise use the information. Also, please 
>>> indicate to the sender that you have received this communication in error, 
>>> and delete the copy you received. 
>>>     
>>>       
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> Openvpn-users mailing list
>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>   
>>     
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   


-- 
Luke Kearney
____________________
Infrastructure Manager 
K.K WebSoftTT Japan
http://www.websofttt.com
Tel: + 81-90-2427-3671

NOTICE:  This communication may contain privileged or other confidential information.  If you are not the intended recipient, or believe that you have received this communication in error, please do not print, copy, retransmit, disseminate, or otherwise use the information. Also, please indicate to the sender that you have received this communication in error, and delete the copy you received.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users