[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Possible routing problem


  • Subject: Re: [Openvpn-users] Possible routing problem
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Mon, 10 Sep 2007 23:58:07 +0200

Hi

Daniel L. Miller schrieb:
> Daniel L. Miller wrote:
>> This may be part of the answer.  I DON'T want the VPN clients to see a 
>> route to the server LAN - I only want select members of my server LAN to 
>> be able to reach the clients.  But I don't see why remote clients need 
>> to know my internal LAN routing - that's the whole idea of the router, 
>> to hide that!
>>   
> After asking on the lartc list, I've gone back to a source NAT on the 
> server, directing all traffic intended for the VPN that originates on my 
> LAN to appear to be from the server.  At least at the moment, it appears 
> to be working.
> 
> As long as that stays stable, I just need to figure out how to access 
> the client's network via the VPN - not just the client workstation.  
> Haven't had any luck yet.

Not a question of luck, just a question of looking the docs up. You need
a route to your client's lan on your server lan unless it is the default
gateway, on the server you need a route to the lan published, typically
this is done with iroute

http://openvpn.net/howto.html#scope

and on top a little iptables magic to wipe your traces from the servers lan.

And if everything fails a small dose of tcpdump to see where the packets
actually go and how they look like.

HTH

Erich

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users