[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] routing problem!


  • Subject: [Openvpn-users] routing problem!
  • From: <ghosty_b@xxxxxxxxx>
  • Date: Sun, 18 Jul 2004 06:15:00 -0700 (PDT)

As for the servers configurations:
-both are freebsd servers 5.2.1
-both have open vpn v2 beta installed
-both are acting as a gateway to their networks
-both have two NICs , one connected to the internal network and the other to the internet.
-both are controlling the NAT for their internal networks.

-both are working fine , when i installed openvpn,i initialized open vpn from the command prompt to be able to check any
errors.
server in network(A) :
10.10.10.0/24 |--|10.10.10.1-(server)-xx.xx.xx.xx|---|internet|
openvpn --remote xx.xx.xx.xx --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --verb 9 --ping 15
route add -net 10.0.0.0/24 10.4.0.2

server in network(B) :
|
10.0.0.0/24 |---|10.0.0.100-(server)-xx.xx.xx.xx|---|internet|
openvpn --remtote xx.xx.xx.xx --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --verb 9 --ping 15
route add -net 10.10.10.0/24 10.4.0.1
------firewall on network (A) is configured as follows:
00001 deny ip from any to 10.10.10.44
00002 deny ip from 10.10.10.44 to any
00100 allow ip from any to any via lo0
00110 deny ip from any to 127.0.0.0/8
00111 allow ip from any to me dst-port 5000
00112 allow ip from any to any via tun1
00112 allow ip from any to any via tun1
00113 allow udp from any to any via tun1
00114 allow udp from any to me dst-port 5000
00120 deny ip from any to any not verrevpath in
00301 deny ip from 10.0.0.0/8 to any in via xl0
00302 deny ip from 172.16.0.0/12 to any in via xl0
00303 deny ip from 192.168.0.0/16 to any in via xl0
01000 divert 8668 ip from any to me in via xl0
01001 check-state
03010 allow tcp from 10.10.10.0/24 to 10.0.0.100 dst-port 139 via vr0
03020 allow udp from 10.10.10.0/24 to 10.0.0.100 dst-port 137 via vr0
03030 allow udp from 10.10.10.0/24 to 10.0.0.100 dst-port 138 via vr0
04000 allow tcp from 10.10.10.0/24 to me dst-port 27 in via vr0 setup keep-state
04001 allow icmp from 10.10.10.0/24 to me in via vr0
04002 allow tcp from 10.10.10.0/24 to me dst-port 123 in via vr0 setup keep-state
04003 allow udp from 10.10.10.0/24 to me dst-port 123 in via vr0 keep-state
04006 allow udp from 10.10.10.0/24 to me dst-port 53 in via vr0
04007 allow ip from 10.10.10.0/24 to 10.0.0.100 dst-port 445 via vr0
04100 allow ip from any to me dst-port 27 via xl0 setup keep-state
04109 skipto 61000 ip from 10.10.10.0/24 to any in via vr0 keep-state
05010 allow ip from me to any out keep-state
59998 deny icmp from any to me
59999 deny ip from any to me dst-port 135,137-139,445,4665
60000 deny log tcp from any to any established
60000 deny log ip from any to any
61000 divert 8668 ip from 10.10.10.0/24 to any out via xl0
61001 allow ip from any to any
65535 deny ip from any to any

------firewall on network (B) is configured as follows:
the same as server (A).
now,from server (A) i can ping the vpn point of server (B) and vise versa
i can ping the internal NICs for both servers from both servers.
problem,i can't reach clients in network (B) from network (A) or clients in  network (A) from network (B)
 
 
 

 
 
 


Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!