[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] openVPN through Cisco firewall!


  • Subject: Re: [Openvpn-users] openVPN through Cisco firewall!
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Thu, 05 Jul 2007 21:38:58 +0200

Peter Njiiri schrieb:
> Hi
> Thanks for the feedback. I need to bypass the firewall as it's blocking
> the traffic (I think) (as no packets are received on the tun interface
> of the remote server when I ping the 10.30.7.100 from 192.168.1.2). 

You will not see packets on the tun interface with this kind of traffic,
this is _not_ tunneled traffic.

If I
> try to force the internal traffic by adding a route for the internal
> network, i.e 192.168.1.0 through the tunnel, ping doesn't work. Yes the
> tunnel is up with no errors,Initialization Sequence is done. Yes from
> 192.168.1.2, I can ping successfully to 10.8.0.6 (tun interface of the
> remote server) from 192.168.1.2 and vice versa (when I ping 10.8.0.1
> from 10.30.7.100). 

Let's see, 10.8.0.1 is the tunnel endpoint on your server, right?

As said, I want to communicate from the
> 192.168.1.2 to the remote server (10.30.7.100) without passing through
> NAT (firewall) because the software I'm installing on the remote server
> requires no NAT communication.

In reality you want to communicate with 10.8.0.x , else you won't be
going through the tunnel.

Is there a way that this can be done???
> Which IP should I assign the software so that it communicates through
> the tunnel, the physical nic or the virtual tun one???Maybe it's the
> concept I'm missing??

Let's see, the software you want to access lives on the client. You want
to access it through the tunnel, hence you will have to access it
through a tunnel address, which, in your case, appears to be on the
10.8.0.0 network

If I interprete your situation correctly it is something like


OpenVPN server
ip 192.168.1.2 ..... tunnel address 10.8.0.1
------------------
|
|
------------------
the big bad cisco protected net we don't care abaout as long as the
tunnel comes up
------------------
|
|
------------------
ip 10.30.7.100 ..... tunnel address (probably) 10.8.0.5
OpenVPN client

So in this case your traffic fron the server to the client will go to
10.8.0.5, you just don't care what network you are tunneling through as
long as there is no address conflict. If the tunnel traffic is nated
once or twenty five times it does not affect the tunneled traffic

cheers

Erich



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users