[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Routed behind Actiontec Verizon FIOS?


  • Subject: [Openvpn-users] Routed behind Actiontec Verizon FIOS?
  • From: "Cory Crooks" <thatnerdyguy@xxxxxxxxx>
  • Date: Sat, 9 Feb 2008 14:47:28 -0500

Anyone had luck with a routed setup sitting behind an Actiontec router (the one's Verizon FIOS uses)?

My internal LAN is on 10.74.65.0/24, my VPN is using 10.8.0.0/24, I added a routing rule to the router to send all 10.8.0.0 (netmask 255.255.255.0) traffic to 10.74.65.13 (the machine running OpenVPN), but it doesn't seem to fully work.

If I connect to the VPN with a machine (and get address 10.8.0.6), I can then ping 10.8.0.6 from any of the LAN machines (on 10.74.65.0/24), but if I try to ping from 10.8.0.6 to any of the LAN machines, it fails.

I did a couple tcpdump trials and it really looks like the ping requests is getting to the pinged machine (say 10.64.75.11), but the ack for the ping is then not funneling back through the VPN machine, so for some reason it seems the acks aren't routing correctly, but if a request a ping it is.

If I add a specific route to one of the machines on the LAN (like 10.64.75.11) using "route add -net 10.8.0.0 NETMASK 255.255.255.0 GW 10.74.65.13" (or whatever the correct incantation is), then if I ping that machine from 10.8.0.6 the acks come through. I guess this is the workaround I will use if necessary, but I'd rather have it just work.

So, I am really thinking this is some wackiness with the router itself. But I have no idea why some traffic (ping requests from inside the LAN) are routing correctly, but others (ping acks from the LAN) are not.

Thanks.