[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] openVPN through Cisco firewall!


  • Subject: Re: [Openvpn-users] openVPN through Cisco firewall!
  • From: "Peter Njiiri" <pnjiiri@xxxxxxxxx>
  • Date: Thu, 05 Jul 2007 17:35:21 +0400

Hi everyone
I've set up an openVPNserver and client server with openVPN. The client server (10.3.7.100) can ping the openVPN server's internal IP address (192.168.1.2) successfully. The ping from the openVPN server to the client server is successful (even without running the VPN). All client traffic is routed to the server. My goal is to enable all traffic to go through the VPN especially from the openVPN server (192.168.1.2) to the client server (10.30.7.100). I've added a route to enforce the 192.168.1.0 network to go through the tun interface (10.8.0.0) on the openVPN server but pinging is unsuccessful. The external interface that the client server is accessing is on a switch in the internal interface. Routes cannot be added to the PIX.
 
openVPNserver machine <----> gw (Cisco PIX firewall) <<<--------------------------------->>>>gw (Router)  <--------------------> client server
int=192.168.1.2                  int=192.168.1.254        ext=10.30.1.2       WAN                 ext=10.30.2.110  int=10.30.7.254      int=10.30.7.100
 
key:int=internal IP interface
      ext = external IP interface
 
 
The application to be installed on the client server (10.30.7.9) requires that no NAT-ing be done thus need the tunnel to work to prevent any NAT by the PIX. Is there a route I can add to bypass the firewall. Can an alternative route or iptables rule be added to force all data from 192.168.1.2 to 10.30.7.100??Is there something I've missed??Feedback will be appreciated. Thanks
 
Kind Regards