[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Newbie question on Routing


  • Subject: Re: [Openvpn-users] Newbie question on Routing
  • From: Srini <srini.listmail@xxxxxxxxx>
  • Date: Mon, 27 Aug 2007 17:02:05 +0530

Hi David

Route print output on client machine (directly connected to internet)

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    124.125.228.1  124.125.228.77       20
      10.111.37.1  255.255.255.255      10.111.37.5     10.111.37.6       1
      10.111.37.4  255.255.255.252      10.111.37.6      10.111.37.6       30
      10.111.37.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255      10.111.37.6     10.111.37.6       30
    124.125.228.0    255.255.254.0   124.125.228.77  124.125.228.77        20
   124.125.228.77  255.255.255.255        127.0.0.1       127.0.0.1       20
  124.255.255.255  255.255.255.255   124.125.228.77  124.125.228.77       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.98.0    255.255.255.0      10.111.37.5     10.111.37.6       1
        224.0.0.0         240.0.0.0      10.111.37.6     10.111.37.6       30
        224.0.0.0        240.0.0.0   124.125.228.77  124.125.228.77       20
  255.255.255.255  255.255.255.255       10.111.37.6     10.111.37.6       1
  255.255.255.255  255.255.255.255    124.125.228.77  124.125.228.77       1
  255.255.255.255  255.255.255.255    124.125.228.77               3       1
Default Gateway:     124.125.228.1
===========================================================================
Persistent Routes:

Server (Centos 5) Route output

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.111.37.2     *               255.255.255.255 UH    0      0        0 tun0
10.111.37.0     10.111.37.2     255.255.255.0    UG    0      0        0 tun0
192.168.98.0    *               255.255.255.0   U     0      0        0 eth0
169.254.0.0      *               255.255.0.0     U     0      0        0 eth0
default         192.168.98.1    0.0.0.0         UG    0      0        0 eth0

Server - iptables output

[root@intranet openvpn]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     

tcpdump on tun0 output (with comments)

[root@intranet openvpn]# tcpdump -i tun0
tcpdump: WARNING: arptype 65534 not supported by libpcap - falling back to cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

<<<< When ping on 192.168.98.5 the openvpn server >>>>>
16:53:11.615260 IP 10.111.37.6 > intranet: ICMP echo request, id 1024, seq 23552, length 40
16:53:11.615303 IP intranet > 10.111.37.6: ICMP echo reply, id 1024, seq 23552, length 40
16:53:12.606184 IP 10.111.37.6 > intranet: ICMP echo request, id 1024, seq 23808, length 40
16:53:12.606219 IP intranet > 10.111.37.6: ICMP echo reply, id 1024, seq 23808, length 40
16:53:13.613893 IP 10.111.37.6 > intranet: ICMP echo request, id 1024, seq 24064, length 40
16:53:13.613930 IP intranet > 10.111.37.6: ICMP echo reply, id 1024, seq 24064, length 40
16:53:14.615206 IP 10.111.37.6 > intranet: ICMP echo request, id 1024, seq 24320, length 40
16:53:14.615240 IP intranet > 10.111.37.6: ICMP echo reply, id 1024, seq 24320, length 40

<<<< When ping on 192.168.98.7 a machine on the n/w behind the openvpn server >>>>>
16:54:35.211254 IP 10.111.37.6 > 192.168.98.7: ICMP echo request, id 1024, seq 24576, length 40
16:54:40.256409 IP 10.111.37.6 > 192.168.98.7: ICMP echo request, id 1024, seq 24832, length 40
    
<<<< When tracert on 192.168.98.7 >>>>>
16:55:12.675833 IP 10.111.37.6 > 192.168.98.7: ICMP echo request, id 1024, seq 25600, length 72
16:55:12.888724 IP 10.111.37.1 > 10.111.37.6: ICMP time exceeded in-transit, length 100
16:55:12.787242 IP 10.111.37.6 > 192.168.98.7 : ICMP echo request, id 1024, seq 25856, length 72
16:55:12.787260 IP 10.111.37.1 > 10.111.37.6: ICMP time exceeded in-transit, length 100
16:55: 12.906510 IP 10.111.37.6 > 192.168.98.7: ICMP echo request, id 1024, seq 26112, length 72
16:55:12.906532 IP 10.111.37.1 > 10.111.37.6: ICMP time exceeded in-transit, length 100
16:55:14.144475 IP 10.111.37.6 > 192.168.98.7: ICMP echo request, id 1024, seq 26368, length 72
16:55:18.244478 IP 10.111.37.6 > 192.168.98.7: ICMP echo request, id 1024, seq 26624, length 72


Any help is appreciated

Regards
Srini


On 8/27/07, David Balazic <David.Balazic@xxxxxxxxxxxxxxxxxx> wrote:
What is the routing table on the machines on the 192.168.98.x network ?
The client machine ?
The server ?
Additionally , all iptables setup would be helpful.
 
Did you trace the packets ?
 
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Srini
Sent: Mon 27-Aug-07 09:17
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] Newbie question on Routing

Hello

We have a OpenVPN server running on (for eg) : 192.168.98.5
The server configuration entries are:

dev tun
proto udp
tun-mtu 1500
port 1194
tls-server
server 10.111.37.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.98.0 255.255.255.0"

...

The client is staright forward :

tls-client
client
pull
dev tun
proto udp
tun-mtu 1500
remote <<ip>> 1194

After connection my client gets the ip address 10.111.37.6 and I can ping 192.168.98.5 (the openvpn machine).  However I am unable to access  other machines on the 192.168.98.xxx network.

I have tried various iptables commands that I found on the forums etc but to no avail.

Can someone please help me  ?

Regards
Srini

PS:  I dont want to go the road of bridging just for this sake