|
|
Hi Jeremy, so you have an openvpn server in bridged mode on your local LAN. The openvpn server IP address is 10.0.0.0/24 address and it is handing out 10.0.0.0/24 addresses to clients. Right? Or is your openvpn subnet something different again (which would defeat the purpose of bridging, I guess) ? IF your openvpn server is handing out 10.0.0.0/24 addresses to clients then how would the watchguard know which packets need to be encapsulated by openvpn and which packets can go through without any problems? Also, this is one of my recurring questions in posts here, why do you need bridging? If you'd chosen a routed vpn setup this problem should not have occurred (but you get other nice routing issues to deal with ;-)). I agree with Erich that posting a config file (client+server) would certainly help. HTH, JJK Jeremy Cheng wrote: > Hi Erich, > > Thanks for your reply. Here's a shot at what I think might be "relevant": > > say 10.0.0.0/24 is our local lan behind the watchguard where the openvpn > server sits. The watchguard builds an ipsec tunnel with unknown cisco > device at our colo managed by a different entity where the local subnet > is 10.0.1.0/24. The watchguard some how automagically knows to route > traffic coming from 10.0.0.0/24 to 10.0.1.0/24 through the IPSEC tunnel > for everything but OpenVPN clients. The servers at colo also have > persistent routes setup to know where the return path gateway is for > 10.0.0.0/24. > > I don't think it's a firewall issue because why would all other nodes work? > > Any other info I can provide? Other ideas? > > Thanks, > > -J > > Erich Titl wrote: > >> Jeremy >> >> Jeremy Cheng schrieb: >> >>> Hi all, >>> >>> I have a watchguard firebox at work connected to our colo's cisco by >>> IPSEC and an openvpn server running in bridge mode behind the >>> watchguard. Everything works perfectly except for the watchguard >>> doesn't seem to want to route openvpn client traffic to our colo. >>> Anyone have any ideas why that is? >>> >> Firewall rules? >> >> The thing that puzzles me is how openvpn assigned >> >>> IPs are any different from manually set static IPs inside the >>> network... cause traffic from static IP's are being routed properly. >>> >> It might help if you gave a detailed description of the relevant parts >> of your network. >> >> ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-02/msg00091.html on line 247 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-02/msg00091.html on line 247 |