[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Re: Routing forever


  • Subject: Re: [Openvpn-users] Re: Re: Routing forever
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Thu, 20 Jan 2005 15:17:22 +0100 (CET)

On Thu, 20 Jan 2005, Jochen Witte wrote:

I have a rather simple setup:
- 2 static, public ip servers (<pip1>, <pip2>)
- 2 private subnets (10.128.0.0/24, 192.168.0.0/24)
- OpenVPN network: 10.129.0.1<->10.129.0.2

Here is the picture:

Subnet A                 GW1            GW2           SubnetB
10.128.0.0/24<--->10.128.0.1        192.168.0.254<--->192.168.0.0/24
                      |                 |
                 10.129.0.1        10.129.0.2
                  (<pip1>)<-------->(<pip2>)
                             VPN

Obviously this is a routing problem (no firewalling, since all packets are
logged for debuggung).

GW1 routes:
10.129.0.2  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
<pipnet1>   0.0.0.0         255.255.255.248 U     0      0        0 eth1
10.128.0.0  0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0 10.129.0.2      255.255.255.0   UG    0      0        0 tun0
169.254.0.0 0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0     <default-gw>    0.0.0.0         UG    0      0        0 eth1

GW2 routes:
<default-gw>    0.0.0.0    255.255.255.255 UH    0      0        0 ppp0
10.129.0.1      0.0.0.0    255.255.255.255 UH    0      0        0 tun0
10.128.0.0      10.129.0.1 255.255.255.0   UG    0      0        0 tun0
192.168.0.0     0.0.0.0    255.255.0.0     U     0      0        0 eth0
0.0.0.0         <default-gw>  0.0.0.0      UG    0      0        0 ppp0

The packets get stuck immediately in the gateway. (GW1 for packets from 10.128.0.0 and GW2 for 192.168.0.0).

Can you see it both on the ethX device and on tun0?

No, I just see it on my internal ethx and then it is gone. I even can't
see it on the external device (e.g. ppp0)

Then I'd bet on a firewall problem after all. If routing is enabled, but you still can't see the packet traverse from ethX to tun0, then it's most likly blocked by netfilter.


If you would have seen it on some other interface, like ppp0, then it would have been a routing problem.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users