[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Question [WAS: site-to-site VPN - routing issues]


  • Subject: [Openvpn-users] Question [WAS: site-to-site VPN - routing issues]
  • From: "Iad Scoot" <iad.scoot@xxxxxxxxx>
  • Date: Mon, 13 Aug 2007 09:26:27 -0400

Hi,
 
Bumping this because I think I mucked up the previous thread. I have successfully (I think) setup a site-to-site VPN in this config:
 
client laptops --> OpenVPN "client" router (CentOS 4.5 / OVPN 2.0.9) --> Internet --> corp office firewall --> OpenVPN "server" router (CentOS 4.5 / OVPN 2.0.9) --> servers.
 
I can access resources in either direction so I believe that I have the ccd / iroute / static routes, etc configured correctly. My question - when sniffing on a resource (corp office server, remote site laptop, etc), I am seeing the private IP addresses of these resources and not the IP's of the VPN routers. In contrast, when I connect in in road warrior mode (laptop w/ vpn client), I see the IP of my virtual adapter in the sniffing session. I'm guessing that this is normal as the sniffer is simply seeing the traffic after it has been decrypted by the vpn boxes but wanted to be sure. A traceroute from a client laptop to a corp office resource shows the traffic like this:
 
IP of firewall (LAN interface) --> IP of vpn client box --> virtual IP of vpn client box --> corp firewall DMZ interface --> IP of end resource
 
Traceroutes from the corp office side follow a similar path back to the remote site. I'm reasonably certain that I have this configured correctly - anyone see any problems?
 
 
Thanks....