I've set up an openVPNserver and client server with openVPN. The client server (10.3.7.100) can ping the openVPN server's internal IP address (192.168.1.2) successfully. The ping from the openVPN server to the client server is successful (even without running the VPN). All client traffic is routed to the server. My goal is to enable all traffic to go through the VPN especially from the openVPN server (192.168.1.2) to the client server (10.30.7.100). I've added a route to enforce the 192.168.1.0 network to go through the tun interface (10.8.0.0) on the openVPN server but pinging is unsuccessful. The external interface that the client server is accessing is on a switch in the internal interface. Routes cannot be added to the PIX.
openVPNserver machine <----> gw (Cisco PIX firewall) <<<--------------------------------->>>>gw (Router) <--------------------> client server
int=192.168.1.2 int=192.168.1.254 ext=10.30.1.2 WAN ext=10.30.2.110 int=10.30.7.254 int=10.30.7.100
key:int=internal IP interface
ext = external IP interface
The application to be installed on the client server (10.30.7.9) requires that no NAT-ing be done thus need the tunnel to work to prevent any NAT by the PIX. Is there a route I can add to bypass the firewall. Can an alternative route or iptables rule be added to force all data from 192.168.1.2 to 10.30.7.100??Is there something I've missed??Feedback will be appreciated. Thanks