[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] site-to-site vpn question


  • Subject: Re: [Openvpn-users] site-to-site vpn question
  • From: "Prasanna Krishnamoorthy" <prasanna79@xxxxxxxxx>
  • Date: Tue, 14 Aug 2007 12:10:23 +0530

The client router may not be doing NAT.

While in the case of the laptop, since the traffic is generated on the
laptop, it'll take the address of the virtual interface.

Prasanna.

On 8/14/07, Iad Scoot <iad.scoot@xxxxxxxxx> wrote:
>
> Hi, having some problems posting to the forum - trying again...
>
>
> Bumping this because I think I mucked up the previous thread. I have
> successfully (I think) setup a site-to-site VPN in this config:
>
> client laptops --> OpenVPN "client" router (CentOS 4.5 / OVPN 2.0.9) -->
> Internet --> corp office firewall --> OpenVPN "server" router (CentOS 4.5 /
> OVPN 2.0.9) --> servers.
>
> I can access resources in either direction so I believe that I have the ccd
> / iroute / static routes, etc configured correctly. My question - when
> sniffing on a resource (corp office server, remote site laptop, etc), I am
> seeing the private IP addresses of these resources and not the IP's of the
> VPN routers. In contrast, when I connect in in road warrior mode (laptop w/
> vpn client), I see the IP of my virtual adapter in the sniffing session. I'm
> guessing that this is normal as the sniffer is simply seeing the traffic
> after it has been decrypted by the vpn boxes but wanted to be sure. A
> traceroute from a client laptop to a corp office resource shows the traffic
> like this:
>
> IP of firewall (LAN interface) --> IP of vpn client box --> virtual IP of
> vpn client box --> corp firewall DMZ interface --> IP of end resource
>
> Traceroutes from the corp office side follow a similar path back to the
> remote site. I'm reasonably certain that I have this configured correctly -
> anyone see any problems?
>
>
> Thanks....
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users