[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: Re: Routing forever


  • Subject: [Openvpn-users] Re: Re: Routing forever
  • From: Jochen Witte <jwitte@xxxxxxxxxxxxx>
  • Date: Thu, 20 Jan 2005 15:03:46 +0100

Am Thu, 20 Jan 2005 08:45:32 -0500 schrieb Leonard Isham:

> On Thu, 20 Jan 2005 14:24:28 +0100, Jochen Witte <jwitte@xxxxxxxxxxxxx> wrote:
>> Am Thu, 20 Jan 2005 08:20:32 -0500 schrieb Leonard Isham:
>> 
>> > On Thu, 20 Jan 2005 13:28:32 +0100, Jochen Witte <jwitte@xxxxxxxxxxxxx> wrote:
>> >> Hello,
>> >>
>> >> I am a newbie and have problems with routing:
>> >>
>> >> I have a rather simple setup:
>> >> - 2 static, public ip servers (<pip1>, <pip2>)
>> >> - 2 private subnets (10.128.0.0/24, 192.168.0.0/24)
>> >> - OpenVPN network: 10.129.0.1<->10.129.0.2
>> >>
>> >> Here is the picture:
>> >>
>> >> Subnet A                 GW1            GW2           SubnetB
>> >> 10.128.0.0/24<--->10.128.0.1        192.168.0.254<--->192.168.0.0/24
>> >>                        |                 |
>> >>                   10.129.0.1        10.129.0.2
>> >>                    (<pip1>)<-------->(<pip2>)
>> >>                               VPN
>> >>
>> >> So far my plan. OpenVPN works fine in these cases:
>> >>
>> >> 1. GW1 <-> GW2
>> >> 2. GW1 <-> SubnetB
>> >> 3. SubnetA <-> GW2
>> >>
>> >> It works NOT in this case:
>> >>
>> >> 1. SubnetA <-> SubnetB
>> >>
>> >> Obviously this is a routing problem (no firewalling, since all packets are
>> >> logged for debuggung).
>> >>
>> >> GW1 routes:
>> >> 10.129.0.2  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
>> >> <pipnet1>   0.0.0.0         255.255.255.248 U     0      0        0 eth1
>> >> 10.128.0.0  0.0.0.0         255.255.255.0   U     0      0        0 eth0
>> >> 192.168.0.0 10.129.0.2      255.255.255.0   UG    0      0        0 tun0
>> >> 169.254.0.0 0.0.0.0         255.255.0.0     U     0      0        0 eth1
>> >> 0.0.0.0     <default-gw>    0.0.0.0         UG    0      0        0 eth1
>> >>
>> >> GW2 routes:
>> >> <default-gw>    0.0.0.0    255.255.255.255 UH    0      0        0 ppp0
>> >> 10.129.0.1      0.0.0.0    255.255.255.255 UH    0      0        0 tun0
>> >> 10.128.0.0      10.129.0.1 255.255.255.0   UG    0      0        0 tun0
>> >> 192.168.0.0     0.0.0.0    255.255.0.0     U     0      0        0 eth0
>> >> 0.0.0.0         <default-gw>  0.0.0.0      UG    0      0        0 ppp0
>> >>
>> >> What have I missed. Seems to be a rather simple case...
>> >>
>> >
>> > This is a common problem among people new to routing, if my
>> > assumptions are correct.
>> >
>> > 1. The OpenVPM servers are not the default gateway.
>> > 2. The default gateway does not have a route to the OpenVPN server for
>> > the subnet attached to the other OpenVPN server.
>> > 3. The Computers on each subnet do not have a route to the local
>> > OpenVPN server for the subnet attached to the other OpenVPN server.
>> >
>> > If this is true then do either 2 or 3.
>> 
>> Nop, both are default gw. I am not soo new to routing :-)
> 
> OK,  since my assumptions where incorrect let's move up to WAN/VPN
> troubleshooting.
> 
> Now this may sound complicated, but I use it all the time to
> troubleshoot connectivity problems between companies over VPN
> connections.  I have used this to narrow down the troublesome section
> of the communication.
> 
> I suggest running snoop, tcpdump/windump or tethereal to capture the
> packets at the source, Source OpenVPN internal interface, TUN/TAP
> interface, destination Source OpenVPN (internal interface, TUN/TAP
> interface), and destination. Source OpenVPN (internal interface,
> TUN/TAP interface) and destination.  I then use Ethereal and sometimes
>  tcptrace and xplot/jplot to find where the errors are.
> 
> I have successfully used this methodology to track down everything
> from duplex mismatches (dropped packets) to incorrectly configured
> load balancing. (out of sequence tcp packets causing havoc).

Well, not so complicated. ethereal on the gw reports packages on its local
device: 

Capturing on eth0
  0.000000 192.168.0.67 -> 10.128.0.10  ICMP Echo (ping) request
  0.999803 192.168.0.67 -> 10.128.0.10  ICMP Echo (ping) request
  1.999652 192.168.0.67 -> 10.128.0.10  ICMP Echo (ping) request
  2.999458 192.168.0.67 -> 10.128.0.10  ICMP Echo (ping) request

But nothing on any other device (especially tun0) and nothing happens in
OpenVPN with debug 9.




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users