[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] openVPN through Cisco firewall!

  • Subject: Re: [Openvpn-users] openVPN through Cisco firewall!
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Thu, 05 Jul 2007 21:38:58 +0200

Peter Njiiri schrieb:
> Hi
> Thanks for the feedback. I need to bypass the firewall as it's blocking
> the traffic (I think) (as no packets are received on the tun interface
> of the remote server when I ping the from 

You will not see packets on the tun interface with this kind of traffic,
this is _not_ tunneled traffic.

If I
> try to force the internal traffic by adding a route for the internal
> network, i.e through the tunnel, ping doesn't work. Yes the
> tunnel is up with no errors,Initialization Sequence is done. Yes from
>, I can ping successfully to (tun interface of the
> remote server) from and vice versa (when I ping
> from 

Let's see, is the tunnel endpoint on your server, right?

As said, I want to communicate from the
> to the remote server ( without passing through
> NAT (firewall) because the software I'm installing on the remote server
> requires no NAT communication.

In reality you want to communicate with 10.8.0.x , else you won't be
going through the tunnel.

Is there a way that this can be done???
> Which IP should I assign the software so that it communicates through
> the tunnel, the physical nic or the virtual tun one???Maybe it's the
> concept I'm missing??

Let's see, the software you want to access lives on the client. You want
to access it through the tunnel, hence you will have to access it
through a tunnel address, which, in your case, appears to be on the network

If I interprete your situation correctly it is something like

OpenVPN server
ip ..... tunnel address
the big bad cisco protected net we don't care abaout as long as the
tunnel comes up
ip ..... tunnel address (probably)
OpenVPN client

So in this case your traffic fron the server to the client will go to, you just don't care what network you are tunneling through as
long as there is no address conflict. If the tunnel traffic is nated
once or twenty five times it does not affect the tunneled traffic



Openvpn-users mailing list