|
|
you can enable routing on a linux machine on the fly by typing echo 1 > /proc/sys/net/ipv4/ip_forward this is effective immediately, no need to restart network adapters. To make it survive a reboot, also modify /etc/sysctl.conf and set net.ipv4.ip_forward = 1 after that, make sure the firewall on the linux box is not too restrictive; during testing I'd simply turn *off* iptables but you could also do something like iptables -I FORWARD -i tun+ -j ACCEPT iptables -I FORWARD -o tun+ -j ACCEPT (this allows *ANY* traffic coming to and going from the tun+ adapters - again, you might want something more restrictive). Finally, does the client 172.22.0.3 know where to send packets back to ? does it already know that packets with source address 192.168.100.0/24 should go back to the OpenVPN client (172.22.0.2) ? alternatively, an iptables hack might help you again iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE all this does not have much to do with openvpn but much more with routing subnets (which seems to be the topic for 80+% of all questions on this mailing list) HTH, JJK Francis Joanis wrote: > Hi, > > Thanks for your reply. > > Here are more details about how far I got it working. > > My server.conf essentially looks like: > > ----- > port 1194 > proto udp > dev tun > > server 11.8.0.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > > push "route 192.168.100.0 255.255.255.0" > > client-config-dir ccd > route 172.22.0.0 255.255.255.0 > > client-to-client > keepalive 10 120 > ----- > > Here's the ccd file matching my client: > ----- > iroute 172.22.0.0 255.255.255.0 > ----- > > Once my client, having an ip of 172.22.0.2 (for example), connects I > can ping it from the server (i.e. ping 172.22.0.2 works). Also, I can > ping the server's ip address from the client (i.e. ping > 192.168.100.2). > > However, when I try to ping (from the server) another PC on the > client's subnet (for example, 172.22.0.3), it doesn't work. > > I used wireshark to listen on the tun0 adaptor of the client and I was > able to see the ICMP ping requests coming in for 172.22.0.3, but they > didn't seem to be "forwarded/sent" through eth0 and onto the client's > LAN. > > I'm starting to think that it is not an openvpn issue per-say, but > that it could be a configuration issue on the client's box. > > I tried to setup ip forwarding on the client (it's running linux), but > I haven't gotten it to work yet (I was doing it over ssh and I don't > know if the setting required the network interfaces to be restarted). > > Please let me know if it makes sense. > > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |