Il giorno Tue, 05 Jun 2007 09:04:33 -0500
Josh Cepek <josh.cepek@xxxxxxx> ha scritto:
> Since you are using a routed VPN, your 192.168.200.0/24 network needs
> to have a route to 10.8.0.0/24 on the default gateway. For example,
> if computers at your the network where the VPN server is use
> 192.168.200.1 as the gateway, that device must have a routing rule to
> send traffic bound for 10.8.0.x to the VPN server's IP address.
> Additionally, IP-forwarding must be enabled on the VPN server,
> otherwise it will not pass packets back and forth between VPN clients
> and hosts on its network. Finally, any firewall rules on the VPN
> server must be configured to allow packets to flow between the two
thanks indeed. my gateway is a appliance firewall, so i set up a route
that "routes" all packets for all services that comes from the internal
lan and are directed to 10.8.0.0/24 subnet to the VPN-SERVER
then i wrote a rule to allow any packet destined to 10.8.0.0/24.
that's ok. that's one step ahead :)
now the vpn client can resolve names contacting the DNS server i
"pushed" (192.168.200.95) but any other communication get dropped.
the only passing packets are those from/to the DNS (i can see in the
firewall log the packets on port 53 being accepted and ping packets
this is DNS lookup
CONNECTED rule:ALLOW_VPN_INT from:192.168.200.95 to:10.8.0.6 UDP 53
this is ping
DROPPED rule:LogOpenFails from:192.168.200.95 to:10.8.0.6
moreover, i get a message on the VPN-SERVER reporting:
MULTI: bad source address from client (192.168.1.204) <--- this is the
client address in its private lan.
i followed the instructions on Openvpn/FAQs about this message
(created ccd with client CN file containing the iroute directive)
but message is showing again...
again, thanks for helping!
Ernesto Franchini <ernesto.franchini@xxxxxxxxxxx>
Linux System Administrator :: IT Office
Prodigit SRL _
Via Mecenate 76/9 - 20138 Milano ASCII ribbon campaign ( )
Tel. 02/509081 - Fax. 02/50908080 - against HTML email X
www.prodigit.it & vCards / \
"The grabbing hands grab all they can, everything counts in large
Description: PGP signature