[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Mysterious difficulties with dual-homed host

  • Subject: Re: [Openvpn-users] Mysterious difficulties with dual-homed host
  • From: "Paul Hardin" <hill.hobbit@xxxxxxxxx>
  • Date: Fri, 26 Jan 2007 16:23:52 -0800

On 1/26/07, Kevin <lists@xxxxxxxxxxxxx> wrote:
Hi List-

I seem to have OpenVPN 2.0.6 correctly configured for complete LAN-to-LAN
connectivity through an OpenVPN tunnel over the Internet using the section
of the HOWTO entitled: "Expanding the scope of the VPN to include additional
machines on either the client or server subnet."

I'm using tun interfaces, running on various machines (none of them
Windows).  The OpenVPN server version is 2.0.6 running on a dual-homed linux
server with one NIC connecting to LAN A and the other to the Internet.  I'll
refer to this host henceforth as dh1.

I can ping and ssh to any client on LAN A (server LAN) from a client on LAN
B (client LAN), and vice versa while the OpenVPN tunnel is up.

The only exception to that statement is for another dual-homed server (which
I'll refer to as dh2) on LAN A.  dh2 is also connected to both the Internet
and LAN A, and for the Internet-connected NIC, has a separate IP address
from the OpenVPN server (dh1), on the same IP block as the OpenVPN server.
For the LAN-A-connected NIC, there is also a separate IP address for dh2
from dh1, but again, they're on the same LAN and the same IP block with the
same netmask and everything.

For dh2 (also a linux server), I can access it normally in every way from
both the Internet and LAN-A, but I can't access it in any way from LAN-B
even with the OpenVPN tunnel up, and not even from the OpenVPN client
machine that establishes the tunnel with the OpenVPN server machine.

I sense that my problem with dh2 stems from a mis-configured routing table
on dh2, but I'll be darned if I can figure out what it is.  The routing
table now looks like this:

dh2 Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use IF U     0      0        0 eth0   U     0      0        0 eth1       UG    0      0        0 lo         UG    0      0        0 eth0

dh1 (OpenVPN server) Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use IF UH    0      0        0 tun0 U     0      0        0 eth2   UG    0      0        0 tun0    U     0      0        0 eth1   UG    0      0        0 tun0   UG    0      0        0 tun0       U     0      0        0 lo          UG    0      0        0 eth2

I am running iptables, but I've verified that it's not blocking packets from

Does anyone have any idea what's wrong here?  If not, then perhaps
suggestions on increasing the logging details in order to facilitate

I'd be glad to share config file details if anyone thinks it would help, but
because of the fact that every other aspect of this LAN-to-LAN VPN works as
expected, I don't think it's a problem with my OpenVPN configuration.

Thanks in advance for suggestions and replies.



I could be wrong, but I do not see a route on dh2 sending traffic back to the OpenVPN server where it can be sent down the tun0 pipe.

I would expect you to need something like:   gw <IP of dh1>   eth1

I am far from an expert... and can't seem to get my own openvpn installation going right... but I think this might be a step in the right direction.

Paul H.

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
Openvpn-users mailing list