[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] how to add route to openvpn internal routing table

  • Subject: Re: [Openvpn-users] how to add route to openvpn internal routing table
  • From: /dev/rob0 <rob0@xxxxxxxxx>
  • Date: Wed, 5 Oct 2005 01:00:31 -0500

On Tuesday 2005-October-04 09:02, Konrad Karl wrote:
> ---- --- eth0 ----
>                     | Machine A  |
>                     |
>                     | tun0       |
>                     | |
> 		    -------------
>                     -------------
>                     | Machine M  |
>                     -------------
>                     -------------
>                     | |
>                     | tun        |
>                     | Machine B  |                           
>                     | -------------------------
> 		     ----eth0 ---- ROUTER -- |
> Machine D| -------------------------
> Machines A and B are behind some NATting firewalls, Machine M has got
> an official IP address and is only being used to establish
> connectivity between A and B. (this connectivity is working OK)

Then it looks like openvpn is not a factor here.

> Machine A wants to access machine D via NAT/MASQUERADE on machine B.

Why NAT?

> B's default route is pointing to the left side of "ROUTER" and B can
> connect to machine D.

So B goes through ROUTER to establish the tunnel to M?

> A has got a route table entry to route dest 172.16.x.y via dev tun0,
> but now on M the packets should get forwarded to machine B.
> Question:
> How to add an entry to the internal routing table of the openvpn2
> instance running on M

Why the internal openvpn routing table? Why is M involved? Can't you 
just use a route like this on A:
ip route add via

> so packets with destination 172.16.x.y are 
> getting routed via machine B and then NAT'ed via "ROUTER" to machine
> D ?

You can reach D but also want to reach other machines on that subnet?  
If so this is a FAQ, or perhaps it should be. Routing has to be set up 
on both ends. Machines on D's subnet have to know to use D as their 
gateway to reach A.

> (on M client-to-client is enabled)

Client-to-client is a --mode server feature. I am confused. A and B are 
each clients of server M and not directly tunnelled? Probably doesn't 
matter, unless D is also a client of M's server.

> I have already tried to add a static route on M like this:
> route add -net gw but this did not work - B
> was not connected while I tried though.  (SIOCADDRT: Network is
> unreachable)

Does M have a route to Apparently not.

> Thanks for any help,

I really don't understand what you are trying to do here.
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

Openvpn-users mailing list