[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Newbie question on Routing


  • Subject: Re: [Openvpn-users] Newbie question on Routing
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Mon, 27 Aug 2007 19:01:00 +0200

Am Montag 27 August 2007 18:41:13 schrieb Markus Feilner:
> Am Montag 27 August 2007 13:32:05 schrieb Srini:
> > Hi David
> >
> > Route print output on client machine (directly connected to internet)
> >
> > =========================================================================
> >==
> >
> > > PS:  I dont want to go the road of bridging just for this sake
>
> (...)
> Thank you, great detail, really!
> I guess... :
>
> Can you check the output of:
> "cat /proc/sys/net/ipv4/ip_forward" ?
> If this is set to "0", the server does not forward the packages.
> If you set it to "1" temporarily with:
> "echo "1" > /proc/sys/net/ipv4/ip_forward"
> your server will forward the packages.
> (I just checked, this is the path on suse and ubuntu.)
>
> But if your server is in the internet, you will need a firewall config on
> it, for security reasons!
> If you're not firm with firewalls, I suggest you have a look at shorewall
> or - on suse: SuSEfirewall (there is a yast module)
> Let me know if that worked...
>
> :-)

And, if that ip_tables file setting alone didn't do the trick, make sure you 
have the correct routes on the other server and hosts:

Let's say your left local subnet is 1.1.1.0, and your right subnet is 2.2.2.0.
Let's further assume your openvpn server is IP 1.1.1.1, then every host in the 
subnet 1.1.1.0 must either have 1.1.1.1 as default gateway or a route 
pointing to 2.2.2.0 via the gateway 1.1.1.1. The same vice versa for the left 
subnet (if you have one).
Otherwise you will notice the following behaviour (which looks like the data 
you sent):

1.1.1.2 sends a ping request to 2.2.2.2. The router 1.1.1.1 (as the default 
gateway of the 1.1.1.0 subnet) sends it through the tunnel. the other VPN 
host (say 2.2.2.1) sends the request to the localnet. the target host 
receives the request, but if it has no route for the 1.1.1.0 subnet, or a 
different default gateway (than 2.2.2.1), cannot send the correct ping reply.

Could i make myself clear?

P.S.: I noticed sometimes, that even though i had my vpn server as default 
router, I had to add a explicit route for the other subnet  via the default 
gateway's IP. I never found out why, but it just worked.
:-)

-- 

Best Regards - Mit freundlichen Gruessen
Markus Feilner
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users