[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] One tunnel up, one tunnel down (was Problem: Two tunnels, one firewall)


  • Subject: [Openvpn-users] One tunnel up, one tunnel down (was Problem: Two tunnels, one firewall)
  • From: "Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 22:32:21 -0500

Dear list. I have the following arrangement, running two instances of
openvpn on "home fw"  I want to protect my WLAN in back of the home fw
and that works fine.  I can see "Peer connection initiated with
192.168.1.3:5000" in daemon.log on homefw.   Nothing gets initiated with
officefw, nor can I ping the other end of the tunnel at officefw.  I was
hoping to be able to get from "subnet to subnet" i.e. be able to ping
from 192.168.1.3 to a machine like 192.168.10.13, but not possible
either.


home subnet                                     office subnet
192.168.1.0/24                                 192.168.10.0/24
  winxp -- WLAN -- homefw -- Internet -------------- officefw
     <--- tun 1 -----> <------------------ tun0 ---------->
10.1.1.2      10.1.1.1  10.1.10.1                     10.1.10.2
       route 216.x.y.z  route 192.168.10.0/24        route
192.168.1.0/24

Why does nothing work for tun0?
TIA
Rick

On homefw, the route table becomes
# ip route sho
10.1.10.2 dev tun0  proto kernel  scope link  src 10.1.10.1 
216.x.y.z via 10.1.1.2 dev tun1 
10.1.1.2 dev tun1  proto kernel  scope link  src 10.1.1.1 
216.12.22.64/26 dev eth0  proto kernel  scope link  src 216.12.22.89 
216.12.22.64/26 dev ipsec0  proto kernel  scope link  src 216.12.22.89 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
192.168.10.0/24 via 10.1.10.2 dev tun0 
default via 216.12.22.65 dev eth0

and the tunnel conf on homefw (to the office fw) is
dev tun
disable-occ
port 50001
local 216.x.y.z    < ... public IP anonymized...>
# Our remote peer (office subnet)
remote 137.p.q.r   < ... public IP anonymized...>
ifconfig 10.1.10.1 10.1.10.2
route 192.168.10.0 255.255.255.0
# Our pre-shared static key
secret static.key

The officefw conf is similar, except these things reversed
port 50001
local 137.p.q.r
remote  216.x.y.z
ifconfig 10.1.10.2 10.1.10.1


The config for the WLAN tunnel is
dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
disable-occ
local 192.168.1.254
float
ifconfig 10.1.1.1 10.1.1.2
# only this route directive will work, all else fails.
route 216.x.y.z
# Our pre-shared static key
secret static.key


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users