[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Access to client-side subnet via routed VPN


  • Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN
  • From: Luke Kearney <lkearney@xxxxxxxxxxxxx>
  • Date: Tue, 11 Sep 2007 15:51:13 +0900

Luke Kearney wrote:
> Daniel L. Miller wrote:
>   
>> Erich Titl wrote:
>>   
>>     
>>> Daniel
>>>
>>> Daniel L. Miller wrote:
>>>   
>>>     
>>>       
>>>> It seems I've gotten my server-side network down - now I need some help 
>>>> getting the client-side working.
>>>>
>>>> I have a routed VPN, and I'm trying to access the client's LAN from the 
>>>> server.  The VPN client is NOT a router or gateway for the LAN - just a 
>>>> Windows XP workstation.
>>>>
>>>> The remote network is 10.4.1.0/24, the remote IP is 10.4.1.140.
>>>>
>>>> I have created a client-config-dir entry for the remote client, and added:
>>>> iroute 10.4.1.0 255.255.255.0
>>>>
>>>> In the server config, I have:
>>>> route 10.4.1.0 255.255.255.0
>>>>
>>>> I can ping the VPN client LAN IP (10.4.1.140) - but not the rest of the 
>>>> remote network.  What step did I miss?
>>>>     
>>>>       
>>>>         
>>> If the remote IP is the OpenVPN Tunnel endpoint, then you have an
>>> address conflict, else give us more details, ascii art helps.
>>>   
>>>     
>>>       
>> The VPN uses the 172.27.0.0/16 network.  The VPN server, on tun0, is 
>> 172.27.0.1.  The VPN client is 172.27.0.14.
>> The VPN server exists on its LAN 192.168.0.0/24 as 192.168.0.71.
>> The remote client has a remote LAN address of 10.4.1.140.  I'm trying to 
>> reach 10.4.1.150 through the VPN.
>>   
>>     
>>> Use tcpdump to follow the packet trail.
>>>   
>>>     
>>>       
>> I have tcpdump - but I don't know how to use it.  Do I run it on the 
>> server ('cuz if I need to run on the client - I need something Windoze 
>> compatible).
>>
>> Daniel
>>     
> Ok, you need to tell the VPN server that the subnet 10.4.1.140/?? exists
> at this point in time you appear to have a Client Server VPN tunnel
> established but no site to site. Assuming your remote network is
> 10.4.1.0/24 add something like this to your server configuration
>
> route 10.4.1.0 255.255.255.0
>
> And restart - Failing any firewalling done on your remote client at
> 10.4.1.140 you should now be able to ping hosts on that subnet via the
> VPN tunnel.
>
> HTH
>
> Luke
>   
ahh and you'll need a push statement if you want other clients to be
able to connect with resources on 10.4.1/24 something like

push "route 10.4.1.0 255.255.255.0"


Should do it nicely.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users