[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] client-to-lan routing problem


  • Subject: Re: [Openvpn-users] client-to-lan routing problem
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Tue, 05 Jun 2007 09:04:33 -0500
  • Z-usanet-msgid: XID801LFeoeM0183X29

Ernesto Franchini wrote:
> hi there. i'm new to the list and i have a problem accessing the
> whole lan where the server lies.
> the scenario is the following:
>
> CLIENT (Windows) belongs to 192.168.1.x subnet and has the following
> conf:
>
> client
> dev tun
> proto udp
>   
<snip>
> SERVER (linux) belongs to 192.168.200.x (the subnet i want the client to
> access to) and has the following conf:
>
> ;local 192.168.200.111
> port 1195
> proto udp
> dev tun
>   
<snip>
> ifconfig-pool-persist /etc/openvpn/ipp.txt
> ;push "redirect-gateway"
> push "route 192.168.200.0 255.255.255.0"
> push "dhcp-option DNS 192.168.200.95"
> client-to-client
> server 10.8.0.0 255.255.255.0
>   
<snip>
> everything is up and running and client sees the server and
> viceversa thru the VPN lan 10.8.0.x.
>
> the problem is that the client doesn't reach the 192.168.200.x
> machines on the server lan.
> I know it is a routing matter but i ended up with no results when
> trying to modify the server's route table.
>
> what are the correct route rules that apply to this case?
>   

Since you are using a routed VPN, your 192.168.200.0/24 network needs to
have a route to 10.8.0.0/24 on the default gateway.  For example, if
computers at your the network where the VPN server is use 192.168.200.1
as the gateway, that device must have a routing rule to send traffic
bound for 10.8.0.x to the VPN server's IP address.  Additionally,
IP-forwarding must be enabled on the VPN server, otherwise it will not
pass packets back and forth between VPN clients and hosts on its
network.  Finally, any firewall rules on the VPN server must be
configured to allow packets to flow between the two networks.

-- 
Josh


Attachment: signature.asc
Description: OpenPGP digital signature