[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] bridging were client local ip is on the same subnet as server

  • Subject: [Openvpn-users] bridging were client local ip is on the same subnet as server
  • From: Mike Williams <mike.williams@xxxxxxxxxx>
  • Date: Mon, 17 Jul 2006 17:29:14 +0100


Appologies if this has been covered somewhere else before, I have looked, 
honest! :)

I've got OpenVPN setup and working correctly, as a bridge. We need it to be a 
bridge so that clients connecting are able to access the other offices, on 
different subnets, over the permenant ipsec VPNs which limit the traffic 
going over them to the subnets connected each end.

OpenVPNs local IP is, behind a firewall at which 
forwards UDP port 1194 to it. The firewall has a real public IP the other 
My tests using a laptop dialed up to a normal ISP worked fine. The client was 
able to access everything exactly as if it were connected to the LAN.
I've had two people connect from home too. One with a 3G datacard, the other 
behind an ADSL router on the subnet (we don't use at all). I'm using redirect-gateway, so all their traffic 
travelled via the office.
Perfect! I thought.
Until, someone else tried it from home, on their laptop, behind their ICS 
gateway (ick!). ICS gives you no option but to use taking for itself.
This lead to his routing getting throughly messed up. I, on the office, could ping him, but he couldn't ping me. He could however 
still get to his own internal network, the internet, and the other offices.
He was left with 2 default routes, both to the gateway (openvpn), 
but one out the TAP interface and one out his physical interface. 2 routes to too, one TAP, one physical.

Obviously seriously messed up.
And this is where I'm stuck, I guess I need to give him a route to 
out the physical interface, a route to the office out the physical interface 
via, and a default route out the TAP interface via OpenVPN.

It's a pain in the ass situation, but something I'm sure someone must have 
come across.
Ideas anyone?


Mike Williams
System Administration Manager - Comodo
Office Tel Europe: +44 (0) 161 8747070
Fax Europe: +44 (0) 161 8771767

OpenVPN mailing lists