[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Access to client-side subnet via routed VPN


  • Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN
  • From: Luke Kearney <lkearney@xxxxxxxxxxxxx>
  • Date: Tue, 11 Sep 2007 15:48:49 +0900

Daniel L. Miller wrote:
> Erich Titl wrote:
>   
>> Daniel
>>
>> Daniel L. Miller wrote:
>>   
>>     
>>> It seems I've gotten my server-side network down - now I need some help 
>>> getting the client-side working.
>>>
>>> I have a routed VPN, and I'm trying to access the client's LAN from the 
>>> server.  The VPN client is NOT a router or gateway for the LAN - just a 
>>> Windows XP workstation.
>>>
>>> The remote network is 10.4.1.0/24, the remote IP is 10.4.1.140.
>>>
>>> I have created a client-config-dir entry for the remote client, and added:
>>> iroute 10.4.1.0 255.255.255.0
>>>
>>> In the server config, I have:
>>> route 10.4.1.0 255.255.255.0
>>>
>>> I can ping the VPN client LAN IP (10.4.1.140) - but not the rest of the 
>>> remote network.  What step did I miss?
>>>     
>>>       
>> If the remote IP is the OpenVPN Tunnel endpoint, then you have an
>> address conflict, else give us more details, ascii art helps.
>>   
>>     
> The VPN uses the 172.27.0.0/16 network.  The VPN server, on tun0, is 
> 172.27.0.1.  The VPN client is 172.27.0.14.
> The VPN server exists on its LAN 192.168.0.0/24 as 192.168.0.71.
> The remote client has a remote LAN address of 10.4.1.140.  I'm trying to 
> reach 10.4.1.150 through the VPN.
>   
>> Use tcpdump to follow the packet trail.
>>   
>>     
> I have tcpdump - but I don't know how to use it.  Do I run it on the 
> server ('cuz if I need to run on the client - I need something Windoze 
> compatible).
>
> Daniel
Ok, you need to tell the VPN server that the subnet 10.4.1.140/?? exists
at this point in time you appear to have a Client Server VPN tunnel
established but no site to site. Assuming your remote network is
10.4.1.0/24 add something like this to your server configuration

route 10.4.1.0 255.255.255.0

And restart - Failing any firewalling done on your remote client at
10.4.1.140 you should now be able to ping hosts on that subnet via the
VPN tunnel.

HTH

Luke

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users