[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] client-to-lan routing problem

  • Subject: [Openvpn-users] client-to-lan routing problem
  • From: Ernesto Franchini <ernesto.franchini@xxxxxxxxxxx>
  • Date: Tue, 5 Jun 2007 13:20:30 +0200

hi there. i'm new to the list and i have a problem accessing the
whole lan where the server lies.
the scenario is the following:

CLIENT (Windows) belongs to 192.168.1.x subnet and has the following

dev tun
proto udp

remote my.vpn-server 1195
ca C:\\openvpn\\keys\\ca.crt
cert C:\\openvpn\\keys\\client.crt
key C:\\openvpn\\keys\\client.key
tls-auth C:\\openvpn\\keys\\tls-auth.key 1

cipher DES-EDE3-CBC
verb 4
mute 20

SERVER (linux) belongs to 192.168.200.x (the subnet i want the client to
access to) and has the following conf:

port 1195
proto udp
dev tun

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-auth /etc/openvpn/keys/tls-auth.key 0

ifconfig-pool-persist /etc/openvpn/ipp.txt
;push "redirect-gateway"
push "route"
push "dhcp-option DNS"
keepalive 10 120
max-clients 40
user nobody
group nobody
cipher DES-EDE3-CBC

status /etc/openvpn/log-status.log
log /etc/openvpn/log-openvpn.log
log-append /etc/openvpn/log-openvpn.log
verb 4
mute 20

everything is up and running and client sees the server and
viceversa thru the VPN lan 10.8.0.x.

the problem is that the client doesn't reach the 192.168.200.x
machines on the server lan.
I know it is a routing matter but i ended up with no results when
trying to modify the server's route table.

what are the correct route rules that apply to this case?

thanks for helping ;)

Ernesto Franchini <ernesto.franchini@xxxxxxxxxxx>
Linux System Administrator :: IT Office

Prodigit SRL                                                   _
Via Mecenate 76/9 - 20138 Milano        ASCII ribbon campaign ( )
Tel. 02/509081 - Fax. 02/50908080        - against HTML email  X
www.prodigit.it                                      & vCards / \

"The grabbing hands grab all they can, everything counts in large

Attachment: signature.asc
Description: PGP signature