[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: Problem: Two tunnels, one firewall


  • Subject: [Openvpn-users] Re: Problem: Two tunnels, one firewall
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 13:48:02 -0600

For clarity's sake, you might want to hardcode one tunnel to tun0 and
another to tun1, by using "dev tun0" and "dev tun1" rather than simply
"dev tun" on both ends.

I'm not sure you're using the route directive correctly. Remember, the
primary argument is not a gateway but a network address; secondary
arguments, per the man page are netmask, gateway and metric. You want to
use the route directive to tell the system what network ranges to access
via the tunnel -- so if winxp is on 172.16.0.1 and homefw is on
192.168.0.1, you'd have something like "route 192.168.0.0 255.255.255.0"
in winxp's openvpn.conf to tell it to look for homevpn on the other side
of the tunnel. If officefw were using 10.0.0.0/16, and homefw's internal
IP is 192.168.0.2, you could additionally add (to winxp's openvpn.conf)
"route 10.0.0.0 255.255.0.0 192.168.0.2" to tell it to try to contact
10.0.0.0/16 via 192.168.0.2. Similar rules apply to other hosts.

Clear? (If not, please forgive me -- I've been at the office for 20 hours
now).

You'll also want to have an internal address for winxp to use on its tun
interface that homefw knows how to get to (specified with an ifconfig
directive); and you'll need similar routing rules for the other hosts
involved (such that homefw knows to talk to winxp's and officefw via their
appropriate tunnels, likewise for officefw knowing how to contact homefw
and winxp).


Perhaps googling up an introductory text on IP routing would be helpful?


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users