[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Access to client-side subnet via routed VPN


  • Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 11 Sep 2007 09:51:54 +0200

Title: Re: [Openvpn-users] Access to client-side subnet via routed VPN
Daniel L. Miller wrote:
> >
> > I can ping the VPN client LAN IP (10.4.1.140) - but not the rest of the
> > remote network.  What step did I miss?
> >  
> Does a source-nat need to be performed on the client to allow this type
> of communication?  If so, how can I do that on Windows?  Or should this
> be handled internally by OpenVPN?
Smart ! ;-)
 
The host on the remote network, like 10.4.1.150, must know where to send replies.
Either the VPN client (.140) masks the packet as coming from him, or .150 has a route added for the
source of the packets coming from your VPN server. That would be 172.27.0.1, I guess.
 
So either add routes to hosts on the client LAN, or use masquerading on the client.
(this is actually supported by Windows : see ICS)
 
Regards,
David