[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Routing forever


  • Subject: Re: [Openvpn-users] Re: Routing forever
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Thu, 20 Jan 2005 14:26:52 +0100 (CET)

On Thu, 20 Jan 2005, Jochen Witte wrote:

Am Thu, 20 Jan 2005 13:41:49 +0100 schrieb Mathias Sundman:

On Thu, 20 Jan 2005, Jochen Witte wrote:

Hello,

I am a newbie and have problems with routing:

I have a rather simple setup:
- 2 static, public ip servers (<pip1>, <pip2>)
- 2 private subnets (10.128.0.0/24, 192.168.0.0/24)
- OpenVPN network: 10.129.0.1<->10.129.0.2

Here is the picture:

Subnet A                 GW1            GW2           SubnetB
10.128.0.0/24<--->10.128.0.1        192.168.0.254<--->192.168.0.0/24
                      |                 |
                 10.129.0.1        10.129.0.2
                  (<pip1>)<-------->(<pip2>)
                             VPN


So far my plan. OpenVPN works fine in these cases:

1. GW1 <-> GW2
2. GW1 <-> SubnetB
3. SubnetA <-> GW2

It works NOT in this case:

1. SubnetA <-> SubnetB


Obviously this is a routing problem (no firewalling, since all packets are logged for debuggung).

GW1 routes:
10.129.0.2  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
<pipnet1>   0.0.0.0         255.255.255.248 U     0      0        0 eth1
10.128.0.0  0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0 10.129.0.2      255.255.255.0   UG    0      0        0 tun0
169.254.0.0 0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0     <default-gw>    0.0.0.0         UG    0      0        0 eth1

GW2 routes:
<default-gw>    0.0.0.0    255.255.255.255 UH    0      0        0 ppp0
10.129.0.1      0.0.0.0    255.255.255.255 UH    0      0        0 tun0
10.128.0.0      10.129.0.1 255.255.255.0   UG    0      0        0 tun0
192.168.0.0     0.0.0.0    255.255.0.0     U     0      0        0 eth0
0.0.0.0         <default-gw>  0.0.0.0      UG    0      0        0 ppp0


What have I missed. Seems to be a rather simple case...

I agree it must be something simple. The routing looks correct to me.

Use tcpdump or some other packet sniffer to watch how far your packets
get.


The packets get stuck immediately in the gateway. (GW1 for packets from 10.128.0.0 and GW2 for 192.168.0.0).

Can you see it both on the ethX device and on tun0?

Can you see an encrypted OpenVPN packet generated for each packet you try to send?

Can you see the encrypted packet arrive on the remote OpenVPN server?

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users